US-CERT

  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
Syndicate content
Updated: 20 hours 53 min ago

Drupal Releases Security Updates

Fri, 10/19/2018 - 06:00
Original release date: October 18, 2018

Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Thu, 10/18/2018 - 02:53
Original release date: October 17, 2018

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Article on Defending Against Payroll Phishing Scams

Wed, 10/17/2018 - 07:14
Original release date: October 16, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details.

NCCIC encourages users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Wed, 10/17/2018 - 05:08
Original release date: October 16, 2018

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

Wed, 10/17/2018 - 04:44
Original release date: October 16, 2018

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases October 2018 Security Bulletin

Wed, 10/17/2018 - 04:30
Original release date: October 16, 2018

Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle October 2018 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


National Cybersecurity Awareness Month: Workplace Cybersecurity

Tue, 10/16/2018 - 23:52
Original release date: October 16, 2018

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources, including standards, guidelines, and best practices, to help organizations of all sizes to strengthen their cyber resilience.

NCCIC encourages organizations and employees to review the following resources:

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-288: Vulnerability Summary for the Week of October 8, 2018

Mon, 10/15/2018 - 18:36
Original release date: October 15, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12860
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12841
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12842
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12836
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12873
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12835
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12876
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12874
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12875
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12859
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12855
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12856
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12857
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12858
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12844
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12843
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12832
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12833
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12834
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12872
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12831
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12878
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12862
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12869
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12866
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12865
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12769
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12861
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12759
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12837
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15934
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12867
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12879
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12871
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12880
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12881
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12877
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12863
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12868
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12853
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12864
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12870
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15936
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12839
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15926
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15925
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15922
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15927
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15940
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15952
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15953
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15941
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15937
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15928
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12838
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15938
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15935
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15933
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15939
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15932
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15930
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15931
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12852
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15951
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15924
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15923
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15946
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15954
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15942
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15947
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15948
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15920
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12847
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12851
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15929
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15945
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-12845
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15968
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15955
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15956
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15943
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.2018-10-12not yet calculatedCVE-2018-15966
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-15944
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15949
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-10-12not yet calculatedCVE-2018-15950
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2018-10-12not yet calculatedCVE-2018-12846
BID
SECTRACK
CONFIRMapache -- activemqAn instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.2018-10-10not yet calculatedCVE-2018-8006
CONFIRM
BIDapache -- pdfboxIn Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.2018-10-05not yet calculatedCVE-2018-11797
MLIST
MLISTapache -- tikaIn Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.2018-10-09not yet calculatedCVE-2018-11796
CONFIRMauto-maskin -- dcu_210eThe Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.2018-10-08not yet calculatedCVE-2018-5399
CERT-VNauto-maskin -- multiple_productsThe Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.2018-10-08not yet calculatedCVE-2018-5402
CERT-VNauto-maskin -- multiple_productsThe Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.2018-10-08not yet calculatedCVE-2018-5400
CERT-VNauto-maskin -- multiple_productsThe Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.2018-10-08not yet calculatedCVE-2018-5401
CERT-VNbagesoft -- bagecmsAn issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.2018-10-11not yet calculatedCVE-2018-18257
MISCbagesoft -- bagecmsAn issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.2018-10-11not yet calculatedCVE-2018-18258
MISCblackberry -- unified_endpoint_managerAn information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.2018-10-12not yet calculatedCVE-2018-8890
CONFIRMblueimp -- blueimpUnauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.02018-10-11not yet calculatedCVE-2018-9206
MISCbytom -- bytomIn the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash.2018-10-10not yet calculatedCVE-2018-18206
MISCcairo -- cairocairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).2018-10-08not yet calculatedCVE-2018-18064
MISCcisco -- asa_software_and_firepower_threat_defense_softwareA vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.2018-10-05not yet calculatedCVE-2018-15397
SECTRACK
CISCOcisco -- asa_software_and_firepower_threat_defense_softwareA vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.2018-10-05not yet calculatedCVE-2018-15383
SECTRACK
CISCOcisco -- asa_software_and_firepower_threat_defense_softwareA vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL.2018-10-05not yet calculatedCVE-2018-15398
BID
SECTRACK
CISCOcisco -- asa_software_and_firepower_threat_defense_softwareA vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.2018-10-05not yet calculatedCVE-2018-15399
SECTRACK
CISCOcisco -- catalyst_6800_series_switchesA vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.2018-10-05not yet calculatedCVE-2018-15370
BID
CISCOcisco -- cloud_services_platform_2100A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface.2018-10-05not yet calculatedCVE-2018-0454
SECTRACK
CISCOcisco -- data_center_network_managerA vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user.2018-10-05not yet calculatedCVE-2018-0440
SECTRACK
CISCOcisco -- data_center_network_managerA vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.2018-10-05not yet calculatedCVE-2018-0462
BID
CISCOcisco -- data_center_network_managerA vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-10-05not yet calculatedCVE-2018-0450
BID
CISCO
cisco -- digital_network_architecture_centerA vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.2018-10-05not yet calculatedCVE-2018-15386
BID
CISCOcisco -- digital_network_architecture_centerA vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.2018-10-05not yet calculatedCVE-2018-0448
BID
CISCOcisco -- email_security_applianceA vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. If successful, an exploit could allow the attacker to bypass the URL filters that are configured for the affected device, which could allow malicious URLs to pass through the device.2018-10-05not yet calculatedCVE-2018-0447
BID
SECTRACK
CISCOcisco -- enterprise_nfv_intrastructure_softwareA vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system.2018-10-05not yet calculatedCVE-2018-0460
BID
CISCOcisco -- enterprise_nfv_intrastructure_softwareA vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system.2018-10-05not yet calculatedCVE-2018-0459
BID
CISCOcisco -- expressway_series_and_telepresense_video_communication_serverA vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.2018-10-05not yet calculatedCVE-2018-15430
SECTRACK
CISCOcisco -- firepower_threat_defense_softwareA vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition.2018-10-05not yet calculatedCVE-2018-15390
BID
CISCOcisco -- hyperflex_softwareA vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.2018-10-05not yet calculatedCVE-2018-15382
BID
CISCOcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.2018-10-05not yet calculatedCVE-2018-15425
SECTRACK
CISCOcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.2018-10-05not yet calculatedCVE-2018-15424
SECTRACK
CISCOcisco -- integrated_management_controllerA vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.2018-10-05not yet calculatedCVE-2018-0431
SECTRACK
CISCOcisco -- integrated_management_controllerA vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.2018-10-05not yet calculatedCVE-2018-0430
SECTRACK
CISCOcisco -- integrated_management_controller_supervisor_and_ucs_directorA vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks.2018-10-05not yet calculatedCVE-2018-15405
SECTRACK
CISCOcisco -- iosA vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.2018-10-05not yet calculatedCVE-2018-0472
BID
SECTRACK
SECTRACK
CISCOcisco -- ios_and_ios_xeA vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-15369
BID
CISCOcisco -- ios_and_ios_xeA vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability.2018-10-05not yet calculatedCVE-2018-0197
BID
CISCOcisco -- ios_and_ios_xeA vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-15373
BID
CISCOcisco -- ios_and_ios_xeA vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.2018-10-05not yet calculatedCVE-2018-0473
BID
SECTRACK
CISCOcisco -- ios_and_ios_xeA vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition.2018-10-05not yet calculatedCVE-2018-0466
BID
SECTRACK
CISCOcisco -- ios_and_ios_xeA vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.2018-10-05not yet calculatedCVE-2018-0464
BID
SECTRACK
CISCO
MISCcisco -- ios_xeA vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.2018-10-05not yet calculatedCVE-2018-0481
SECTRACK
CISCOcisco -- ios_xeA vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.2018-10-05not yet calculatedCVE-2018-0467
SECTRACK
CISCOcisco -- ios_xeA vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-0470
BID
SECTRACK
CISCOcisco -- ios_xeA vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.2018-10-05not yet calculatedCVE-2018-15374
BID
CISCOcisco -- ios_xeA vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.2018-10-05not yet calculatedCVE-2018-0477
SECTRACK
CISCOcisco -- ios_xeA vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2018-10-05not yet calculatedCVE-2018-0476
BID
SECTRACK
SECTRACK
CISCOcisco -- ios_xeA vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.2018-10-05not yet calculatedCVE-2018-0475
BID
SECTRACK
CISCOcisco -- ios_xeA vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.2018-10-05not yet calculatedCVE-2018-15372
BID
CISCOcisco -- ios_xeA vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.2018-10-05not yet calculatedCVE-2018-0469
BID
SECTRACK
CISCOcisco -- ios_xeA vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.2018-10-05not yet calculatedCVE-2018-0480
BID
SECTRACK
CISCOcisco -- ios_xe_and_asa_5500-x_seriesA vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.2018-10-05not yet calculatedCVE-2018-0471
BID
SECTRACK
CISCOcisco -- ios_xrA vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.2018-10-05not yet calculatedCVE-2018-15428
SECTRACK
CISCOcisco -- isr_g2_and_isr4451-x_routersA vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device.2018-10-05not yet calculatedCVE-2018-0485
BID
SECTRACK
SECTRACK
CISCOcisco -- meeting_serverA vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.2018-10-05not yet calculatedCVE-2018-0439
BID
SECTRACK
CISCOcisco -- multiple_productsA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.2018-10-05not yet calculatedCVE-2018-0424
SECTRACK
CISCOcisco -- multiple_productsA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.2018-10-05not yet calculatedCVE-2018-0423
BID
SECTRACK
CISCOcisco -- multiple_productsA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.2018-10-05not yet calculatedCVE-2018-0425
SECTRACK
CISCOcisco -- multiple_productsA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.2018-10-05not yet calculatedCVE-2018-0426
SECTRACK
CISCOcisco -- multiple_productsA vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15436
BID
SECTRACK
SECTRACK
CISCOcisco -- multiple_productsA vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.2018-10-05not yet calculatedCVE-2018-15403
SECTRACK
SECTRACK
CISCOcisco -- prime_access_registrarA vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.2018-10-05not yet calculatedCVE-2018-0421
BID
SECTRACK
CISCOcisco -- prime_collaboration_assuranceA vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-10-05not yet calculatedCVE-2018-0458
BID
SECTRACK
CISCOcisco -- prime_infrastructureA vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.2018-10-05not yet calculatedCVE-2018-15379
BID
SECTRACK
CISCO
EXPLOIT-DBcisco -- sd-wan_solutionA vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.2018-10-05not yet calculatedCVE-2018-0433
BID
CISCOcisco -- sd-wan_solutionA vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.2018-10-05not yet calculatedCVE-2018-0432
BID
CISCOcisco -- sd-wan_solutionA vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.2018-10-05not yet calculatedCVE-2018-0434
BID
CISCOcisco -- sd-wan_solutionA vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.2018-10-05not yet calculatedCVE-2018-15387
BID
CISCOcisco -- secure_access_control_serverA vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.2018-10-05not yet calculatedCVE-2018-0414
BID
SECTRACK
CISCOcisco -- tetration_analyticsA vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.2018-10-05not yet calculatedCVE-2018-0451
BID
CISCOcisco -- tetration_analyticsA vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-10-05not yet calculatedCVE-2018-0452
BID
CISCOcisco -- ucs_directorA vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15406
SECTRACK
CISCOcisco -- umbrellaA vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.2018-10-05not yet calculatedCVE-2018-0437
BID
CISCO
EXPLOIT-DBcisco -- umbrellaA vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.2018-10-05not yet calculatedCVE-2018-0438
BID
CISCO
EXPLOIT-DBcisco -- umbrellaA vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.2018-10-05not yet calculatedCVE-2018-0435
BID
CISCOcisco -- unified_ip_phone_7900_seriesA vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15434
SECTRACK
CISCOcisco -- unity_connectionA vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.2018-10-05not yet calculatedCVE-2018-15396
SECTRACK
CISCOcisco -- unity_connectionA vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15426
SECTRACK
CISCOcisco -- video_surveillance_manger_softwareA vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.2018-10-05not yet calculatedCVE-2018-15427
BID
SECTRACK
CISCOcisco -- webex_meetingsA vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.2018-10-05not yet calculatedCVE-2018-0422
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15418
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15419
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15420
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15410
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15416
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15415
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15421
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15412
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15417
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15413
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15414
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15411
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15422
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15409
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15431
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15408
BID
SECTRACK
CISCOcisco -- webex_playerA vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory.2018-10-05not yet calculatedCVE-2018-0457
BID
SECTRACK
CISCOcisco -- webex_teamsA vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.2018-10-05not yet calculatedCVE-2018-0436
BID
CISCOclaromentis -- claromentisThe Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context.2018-10-08not yet calculatedCVE-2018-15903
FULLDISCcloud_foundry -- cloud_foundry_networking_releaseCloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.2018-10-12not yet calculatedCVE-2018-15755
CONFIRMcms_made_simple -- cms_made_simpleXSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.2018-10-12not yet calculatedCVE-2018-18270
MISCcms_made_simple -- cms_made_simpleXSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.2018-10-12not yet calculatedCVE-2018-18271
MISCcontiki-ng -- contiki-ngcontiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).2018-10-08not yet calculatedCVE-2018-1000804
CONFIRM
CONFIRMcorsair -- utility_engineThe CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service.2018-10-11not yet calculatedCVE-2018-12441
MISCd-link -- central_wi-fi_managerAn issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.2018-10-08not yet calculatedCVE-2018-17443
FULLDISC
CONFIRM
MISC
EXPLOIT-DBd-link -- central_wi-fi_managerAn issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.2018-10-08not yet calculatedCVE-2018-17442
FULLDISC
CONFIRM
MISC
EXPLOIT-DBd-link -- central_wi-fi_managerAn issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.2018-10-08not yet calculatedCVE-2018-17441
FULLDISC
CONFIRM
MISC
EXPLOIT-DBd-link -- central_wi-fi_managerAn issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.2018-10-08not yet calculatedCVE-2018-17440
FULLDISC
CONFIRM
MISC
EXPLOIT-DBd-link -- multiple_productsAn issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.2018-10-09not yet calculatedCVE-2018-14081
MISCd-link -- multiple_productsAn issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.2018-10-09not yet calculatedCVE-2018-14080
MISCdaimler_mercedes -- comandAn issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.)2018-10-09not yet calculatedCVE-2018-18070
MISCdaimler_mercedes -- mercedes_me_application_for_iosAn issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.2018-10-09not yet calculatedCVE-2018-18071
MISC
MISCdell -- encryption_and_endpoint_security_suite_enterpriseOn install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified.2018-10-11not yet calculatedCVE-2018-15766
CONFIRMdell_emc -- unity_oe_and_unityvsa_oeDell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.2018-10-05not yet calculatedCVE-2018-11064
BID
FULLDISCdelta_electronics -- delta_industrial_automation_tpeditorIn Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.2018-10-11not yet calculatedCVE-2018-17929
MISCdelta_industrial_automation -- tpeditorIn Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution.2018-10-11not yet calculatedCVE-2018-17927
MISCdescor -- infocad.fmAn issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.2018-10-10not yet calculatedCVE-2018-13789
MISCdilicms -- dilicmsXSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.2018-10-10not yet calculatedCVE-2018-18210
MISCdilicms -- dilicmsXSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.2018-10-10not yet calculatedCVE-2018-18209
MISCduomi_cms -- duomi_cmsAn issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.2018-10-09not yet calculatedCVE-2018-18084
MISC
MISCduomi_cms -- duomi_cmsAn issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.2018-10-09not yet calculatedCVE-2018-18083
MISC
MISCeclipse -- vert.xIn version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.2018-10-10not yet calculatedCVE-2018-12541
CONFIRM
CONFIRMeclipse -- vert.xIn version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.2018-10-10not yet calculatedCVE-2018-12544
CONFIRM
CONFIRMeclipse -- vert.xIn version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.2018-10-10not yet calculatedCVE-2018-12542
CONFIRM
CONFIRMempirecms -- empirecmsEmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.2018-10-09not yet calculatedCVE-2018-18086
MISCepicentro -- epicentro_eBuffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL.2018-10-09not yet calculatedCVE-2018-7632
MISCepicentro -- epicentro_eCode injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request.2018-10-09not yet calculatedCVE-2018-7633
MISCepicentro -- epicentro_eBuffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication.2018-10-09not yet calculatedCVE-2018-7631
MISCepiserver -- ektron_cmsEpiserver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).2018-10-10not yet calculatedCVE-2018-12596
FULLDISC
MISC
MISC
EXPLOIT-DBextplorer -- extplorerext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.2018-10-07not yet calculatedCVE-2012-6710
MISC
MISC
BIDf5 -- big-ipUnder some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.2018-10-08not yet calculatedCVE-2016-7475
CONFIRMf5 -- big-ipWhen F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.2018-10-10not yet calculatedCVE-2018-15311
CONFIRMfinecms -- finecmsCross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password.2018-10-09not yet calculatedCVE-2018-18191
MISCforeman -- foremanA flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.2018-10-12not yet calculatedCVE-2018-14664
CONFIRM
CONFIRMfoxit -- foxit_pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-3992
SECTRACK
MISCfoxit -- foxit_pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.2018-10-08not yet calculatedCVE-2018-3945
SECTRACK
MISCfoxit -- foxit_pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-3997
SECTRACK
MISCfoxit -- foxit_pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-3996
SECTRACK
MISCfoxit -- foxit_pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.2018-10-08not yet calculatedCVE-2018-3942
SECTRACK
MISCfoxit -- foxit_pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.2018-10-08not yet calculatedCVE-2018-3941
SECTRACK
MISCfoxit -- foxit_pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.2018-10-08not yet calculatedCVE-2018-3940
SECTRACK
MISCfoxit -- reader_and_phantompdfAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-16296
SECTRACK
CONFIRMfoxit -- reader_and_phantompdfAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-16292
SECTRACK
CONFIRMfoxit -- reader_and_phantompdfAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-16294
SECTRACK
CONFIRMfoxit -- reader_and_phantompdfAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-16297
SECTRACK
CONFIRMfoxit -- reader_and_phantompdfAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-16295
SECTRACK
CONFIRMfoxit -- reader_and_phantompdfAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-16291
SECTRACK
CONFIRMfoxit -- reader_and_phantompdfAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-08not yet calculatedCVE-2018-16293
SECTRACK
CONFIRMgigasoft -- ge_ifixMultiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted.2018-10-10not yet calculatedCVE-2018-17925
BID
MISCgit -- gitGit before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.2018-10-06not yet calculatedCVE-2018-17456
BID
SECTRACK
MISC
MISC
MISC
UBUNTU
DEBIAN
EXPLOIT-DB
MISCgitea -- giteaGitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.2018-10-08not yet calculatedCVE-2018-1000803
CONFIRM
CONFIRMgopro -- goproAn issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_ScaledData in GPMF_parser.c.2018-10-09not yet calculatedCVE-2018-18190
MISC
MISChangzhou_xiongmai_technology -- xmeye_p2p_cloud_serverAll versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.2018-10-10not yet calculatedCVE-2018-17915
MISChangzhou_xiongmai_technology -- xmeye_p2p_cloud_serverAll versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.2018-10-10not yet calculatedCVE-2018-17917
MISChangzhou_xiongmai_technology -- xmeye_p2p_cloud_serverAll versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.2018-10-10not yet calculatedCVE-2018-17919
MISChuawei -- smartphonesThere is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.2018-10-09not yet calculatedCVE-2018-7928
CONFIRMibm -- bigfixIBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.2018-10-12not yet calculatedCVE-2017-1231
XF
CONFIRMibm -- bladecenterThe QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password.2018-10-09not yet calculatedCVE-2018-18202
MISCibm -- cloudIBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.2018-10-12not yet calculatedCVE-2018-1838
XF
CONFIRMibm -- filenet_content_managerIBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.2018-10-12not yet calculatedCVE-2018-1844
XF
CONFIRMibm -- rational_publishing_engineIBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142431.2018-10-12not yet calculatedCVE-2018-1533
CONFIRM
XFibm -- rational_publishing_engineIBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432.2018-10-12not yet calculatedCVE-2018-1534
CONFIRM
XFibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.2018-10-08not yet calculatedCVE-2018-1750
CONFIRM
XFibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.2018-10-11not yet calculatedCVE-2018-1745
BID
XF
CONFIRMibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.2018-10-11not yet calculatedCVE-2018-1738
CONFIRM
XFibm -- spectrum_lsfIBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to obtain highly sensitive information or escalate their privileges to root due to improper file permission settings. IBM X-Force ID: 147439.2018-10-11not yet calculatedCVE-2018-1724
XF
CONFIRMibm -- spectrum_scaleIBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.2018-10-05not yet calculatedCVE-2018-1723
XF
CONFIRMibm -- spectrum_symphonyIBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.2018-10-11not yet calculatedCVE-2018-1708
XF
CONFIRMibm -- spectrum_symphonyIBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341.2018-10-11not yet calculatedCVE-2018-1706
CONFIRM
XFibm -- tivoli_key_lifecycle_managerIBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422.2018-10-08not yet calculatedCVE-2018-1743
CONFIRM
XFibm -- tivoli_key_lifecycle_managerIBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514.2018-10-08not yet calculatedCVE-2018-1753
CONFIRM
XFibm -- tivoli_key_lifecycle_managerIBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. IBM X-Force ID: 148420.2018-10-08not yet calculatedCVE-2018-1741
CONFIRM
XFibm -- tivoli_key_lifecycle_managerIBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.2018-10-08not yet calculatedCVE-2018-1749
CONFIRM
XFibm -- tivoli_key_lifecycle_managerIBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421.2018-10-08not yet calculatedCVE-2018-1742
CONFIRM
XFibm -- web_sphere_portalIBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.2018-10-12not yet calculatedCVE-2018-1673
SECTRACK
XF
CONFIRMibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.2018-10-12not yet calculatedCVE-2018-1770
XF
CONFIRM
MISCimagemagick -- imagemagickIn ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.2018-10-07not yet calculatedCVE-2018-18024
MISCimagemagick -- imagemagickIn ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.2018-10-07not yet calculatedCVE-2018-18025
MISCimagemagick -- imagemagickIn ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.2018-10-07not yet calculatedCVE-2018-18023
MISCintel -- graphics_driversDenial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.2018-10-10not yet calculatedCVE-2018-12153
CONFIRMintel -- graphics_driversPointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.2018-10-10not yet calculatedCVE-2018-12152
CONFIRMintel -- multiple_productsInsufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.2018-10-10not yet calculatedCVE-2018-12173
CONFIRMintel -- nuc_fw_kitsInsufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.2018-10-10not yet calculatedCVE-2018-12158
CONFIRMintel -- nvmePermissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.2018-10-10not yet calculatedCVE-2018-12131
CONFIRMintel -- quickassist_technology_for_linuxInsufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access.2018-10-10not yet calculatedCVE-2018-12193
CONFIRMintel -- rapid_web_server_3Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access.2018-10-10not yet calculatedCVE-2018-12161
CONFIRMintel -- server_boardImproper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access.2018-10-10not yet calculatedCVE-2018-12172
CONFIRMintelbras -- nplug_1.0.0.14_devicesIntelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.2018-10-10not yet calculatedCVE-2018-17337
FULLDISCintelbras -- nplug_1.0.0.14_wireless_repeaterIntelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.2018-10-10not yet calculatedCVE-2018-12456
FULLDISCintelbras -- nplug_1.0.0.14_wireless_repeaterIntelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.2018-10-10not yet calculatedCVE-2018-12455
FULLDISCjoomla! -- joomla!An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.2018-10-09not yet calculatedCVE-2018-17857
BID
CONFIRMjoomla! -- joomla!An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.2018-10-09not yet calculatedCVE-2018-17859
BID
CONFIRMjoomla! -- joomla!An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.2018-10-09not yet calculatedCVE-2018-17858
BID
CONFIRMjoomla! -- joomla!An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.2018-10-09not yet calculatedCVE-2018-17856
BID
CONFIRMjoomla! -- joomla!An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.2018-10-09not yet calculatedCVE-2018-17855
BID
CONFIRMjuniper -- extension_toolkitA vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3;2018-10-10not yet calculatedCVE-2018-0048
SECTRACK
CONFIRMjuniper -- junos_osReceipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Independent Multicast (PIM) protocol within the VPN. This issue can only be exploited from the PE device within the MPLS domain which is capable of forwarding IP multicast traffic in core. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. No other Juniper Networks products or platforms are affected by this issue.2018-10-10not yet calculatedCVE-2018-0045
SECTRACK
CONFIRMjuniper -- junos_osA vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existing entries cannot be cleared, leading to a sustained denial of service (DoS) condition. An indicator of compromise for this issue is the report of the following error message: %KERN-4: Nexthop index allocation failed: private index space exhausted This issue only affects the management interface, and does not impact regular transit traffic through the FPCs. This issue also only affects Junos OS 17.3R3. No prior versions of Junos OS are affected by this issue. Affected releases are Juniper Networks Junos OS: 17.3R3.2018-10-10not yet calculatedCVE-2018-0063
SECTRACK
CONFIRMjuniper -- junos_osAn improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2 ; 16.1 versions prior to 15.1R7-S2 16.1R4-S12, 16.1R6-S5, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9; 17.2 versions prior to 17.2R1-S7, 17.2R2-S4; 17.3 versions prior to 17.3R2-S4, 17.3R3.2018-10-10not yet calculatedCVE-2018-0060
SECTRACK
CONFIRMjuniper -- junos_osA Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue.2018-10-10not yet calculatedCVE-2018-0062
SECTRACK
CONFIRMjuniper -- junos_osOn MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.2018-10-10not yet calculatedCVE-2018-0057
CONFIRMjuniper -- junos_osReceipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded to an extended denial of service condition. This issue only affects Junos OS 15.1 and later. Earlier releases are unaffected by this issue. Devices are only vulnerable to the specially crafted DHCPv6 message if DHCP services are configured. Devices not configured to act as a DHCP server are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495; 16.1 versions prior to 16.1R4-S11, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9; 17.2 versions prior to 17.2R2-S6; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R1-S5; 18.1 versions prior to 18.1R2-S3; 18.2 versions prior to 18.2R1-S2; 18.2X75 versions prior to 18.2X75-D20.2018-10-10not yet calculatedCVE-2018-0055
SECTRACK
CONFIRMjuniper -- junos_osReceipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8 on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to 16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to 17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4 versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2 versions prior to 18.2R1-S1, 18.2R2 on MX Series.2018-10-10not yet calculatedCVE-2018-0058
CONFIRM
MISCjuniper -- junos_osA denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81 on SRX Series; 12.3 versions prior to 12.3R12-S11; 12.3X48 versions prior to 12.3X48-D80 on SRX Series; 15.1 versions prior to 15.1R7; 15.1X49 versions prior to 15.1X49-D150, 15.1X49-D160 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.2X75 versions prior to 18.2X75-D5.2018-10-10not yet calculatedCVE-2018-0061
SECTRACK
CONFIRMjuniper -- junos_osIf RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. This issue is not exploitable on platforms where Junos release is based on FreeBSD 10+. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S9, 16.1R4-S9, 16.1R5-S4, 16.1R6-S4, 16.1R7; 16.2 versions prior to 16.2R2-S5; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D110, 17.2X75-D91; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.2X75 versions prior to 18.2X75-D5.2018-10-10not yet calculatedCVE-2018-0052
SECTRACK
CONFIRMjuniper -- junos_osAn error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic.2018-10-10not yet calculatedCVE-2018-0050
SECTRACK
CONFIRMjuniper -- junos_osAn authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX.2018-10-10not yet calculatedCVE-2018-0053
SECTRACK
CONFIRMjuniper -- junos_osReceipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 14.1X53 versions prior to 14.1X53-D130 on QFabric Series; 15.1F6 versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S8 16.1R4-S8 16.1R5-S4 16.1R6-S4 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R1-S6 16.2R3; 17.1 versions prior to 17.1R1-S7 17.1R2-S6 17.1R3; 17.2 versions prior to 17.2R1-S6 17.2R2-S3 17.2R3; 17.2X75 versions prior to 17.2X75-D100 17.2X75-D42 17.2X75-D91; 17.3 versions prior to 17.3R1-S4 17.3R2-S2 17.3R3; 17.4 versions prior to 17.4R1-S3 17.4R2 . No other Juniper Networks products or platforms are affected by this issue.2018-10-10not yet calculatedCVE-2018-0043
SECTRACK
CONFIRMjuniper -- junos_osA Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by executing the command: show security alg status Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D70; 15.1X49 versions prior to 15.1X49-D140; 15.1 versions prior to 15.1R4-S9, 15.1R7-S1; 15.1F6; 16.1 versions prior to 16.1R4-S9, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S5, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R2. No other Juniper Networks products or platforms are affected by this issue.2018-10-10not yet calculatedCVE-2018-0051
SECTRACK
CONFIRMjuniper -- junos_osA NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20.2018-10-10not yet calculatedCVE-2018-0049
SECTRACK
CONFIRM
MISCjuniper -- junos_osIf a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC address when the particular entry is not found in the internal MAC address table. This issue only occurs on MX Series devices with l2-backhaul VPN configured. No other products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S1 on MX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6 on MX Series; 16.2 versions prior to 16.2R2-S7 on MX Series; 17.1 versions prior to 17.1R2-S9 on MX Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S1 on MX Series; 17.4 versions prior to 17.4R1-S5 on MX Series; 18.1 versions prior to 18.1R2 on MX Series.2018-10-10not yet calculatedCVE-2018-0056
SECTRACK
CONFIRMjuniper -- junos_spaceA persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.2018-10-10not yet calculatedCVE-2018-0047
SECTRACK
CONFIRMjuniper -- junos_spaceA reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.2018-10-10not yet calculatedCVE-2018-0046
SECTRACK
CONFIRM
CONFIRMjuniper -- nfx_series_devicesAn insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series.2018-10-10not yet calculatedCVE-2018-0044
CONFIRMjuniper -- qfs5000_series_and_ex4600_switchesOn QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600.2018-10-10not yet calculatedCVE-2018-0054
SECTRACK
CONFIRMjuniper -- screenosA persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.2018-10-10not yet calculatedCVE-2018-0059
CONFIRMlibgig -- libgigAn issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.2018-10-09not yet calculatedCVE-2018-18197
MISClibgig -- libgigAn issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.2018-10-09not yet calculatedCVE-2018-18196
MISClibgig -- libgigAn issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.2018-10-09not yet calculatedCVE-2018-18194
MISClibgig -- libgigAn issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.2018-10-09not yet calculatedCVE-2018-18192
MISClibgig -- libgigAn issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.2018-10-09not yet calculatedCVE-2018-18193
MISClibgig -- libgigAn issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.2018-10-09not yet calculatedCVE-2018-18195
MISClinux -- linux_kernelA missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.2018-10-08not yet calculatedCVE-2018-14656
SECTRACK
MISC
CONFIRM
CONFIRM
MISC
MISClinux -- linux_kernelarch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.2018-10-07not yet calculatedCVE-2018-18021
MISC
MISC
BID
MISC
MISC
MISC
DEBIAN
MISClinux -- linux_kernelThe Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.2018-10-08not yet calculatedCVE-2018-17977
BID
MLISTmicro_focus -- enterprise_developer_and_enterprise_serverIncorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.2018-10-12not yet calculatedCVE-2018-12469
CONFIRMmicrosoft -- chakracoreA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore.2018-10-10not yet calculatedCVE-2018-8500
BID
CONFIRMmicrosoft -- edgeA security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.2018-10-10not yet calculatedCVE-2018-8512
BID
SECTRACK
CONFIRMmicrosoft -- edgeA security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.2018-10-10not yet calculatedCVE-2018-8530
BID
SECTRACK
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473.2018-10-10not yet calculatedCVE-2018-8509
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.2018-10-10not yet calculatedCVE-2018-8503
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513.2018-10-10not yet calculatedCVE-2018-8511
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513.2018-10-10not yet calculatedCVE-2018-8510
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511.2018-10-10not yet calculatedCVE-2018-8513
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509.2018-10-10not yet calculatedCVE-2018-8473
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.2018-10-10not yet calculatedCVE-2018-8505
BID
SECTRACK
CONFIRMmicrosoft -- exchange_serverAn elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.2018-10-10not yet calculatedCVE-2018-8448
BID
SECTRACK
CONFIRMmicrosoft -- exchange_serverA remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.2018-10-10not yet calculatedCVE-2018-8265
BID
SECTRACK
CONFIRMmicrosoft -- hub_device_client_sdk_and_azure_iot_edgeA remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.2018-10-10not yet calculatedCVE-2018-8531
BID
CONFIRMmicrosoft -- internet_explorerA remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491.2018-10-10not yet calculatedCVE-2018-8460
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorerA remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460.2018-10-10not yet calculatedCVE-2018-8491
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490.2018-10-10not yet calculatedCVE-2018-8489
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482.2018-10-10not yet calculatedCVE-2018-8481
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2018-8489.2018-10-10not yet calculatedCVE-2018-8490
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8486
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481.2018-10-10not yet calculatedCVE-2018-8482
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.2018-10-10not yet calculatedCVE-2018-8502
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.2018-10-10not yet calculatedCVE-2018-8506
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8494
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint.2018-10-10not yet calculatedCVE-2018-8501
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8493
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8453
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.2018-10-10not yet calculatedCVE-2018-8427
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.2018-10-10not yet calculatedCVE-2018-8432
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8472
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8330
BID
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8423
SECTRACK
MISC
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8413
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8484
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8495
BID
CONFIRMmicrosoft -- multiple_productsAn information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.2018-10-10not yet calculatedCVE-2018-8292
BID
REDHAT
CONFIRMmicrosoft -- multiple_productsA security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8320
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.2018-10-10not yet calculatedCVE-2018-8504
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8492
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8497
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8333
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsAn elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8411
BID
SECTRACK
CONFIRMmicrosoft -- sharepointAn elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498.2018-10-10not yet calculatedCVE-2018-8518
BID
SECTRACK
CONFIRMmicrosoft -- sharepointAn elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518.2018-10-10not yet calculatedCVE-2018-8480
BID
SECTRACK
CONFIRMmicrosoft -- sharepointAn elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518.2018-10-10not yet calculatedCVE-2018-8498
BID
SECTRACK
CONFIRMmicrosoft -- sharepointAn elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518.2018-10-10not yet calculatedCVE-2018-8488
BID
SECTRACK
CONFIRMmicrosoft -- sql_server_management_studioAn information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.2018-10-10not yet calculatedCVE-2018-8532
BID
SECTRACK
CONFIRM
EXPLOIT-DBmicrosoft -- sql_server_management_studioAn information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.2018-10-10not yet calculatedCVE-2018-8527
BID
SECTRACK
CONFIRM
EXPLOIT-DBmicrosoft -- sql_server_management_studioAn information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.2018-10-10not yet calculatedCVE-2018-8533
BID
SECTRACK
CONFIRM
EXPLOIT-DBmicrosoft -- windows_10_and_windows_10_serversAn Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.2018-10-10not yet calculatedCVE-2018-8329
BID
CONFIRMnaver -- whaleThe Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.2018-10-11not yet calculatedCVE-2018-12449
CONFIRMnaviwebs -- navigate_cmsNavigate CMS has Stored XSS via the navigate.php Title field in an edit action.2018-10-09not yet calculatedCVE-2018-18029
CONFIRM
CONFIRMnet-snmp -- net-snmp_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.2018-10-08not yet calculatedCVE-2018-18065
MISC
MISC
DEBIAN
EXPLOIT-DBnet-snmp -- net-snmpsnmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.2018-10-08not yet calculatedCVE-2018-18066
MISC
MISC
MISCnuuo -- nuuo_cmsNUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.2018-10-12not yet calculatedCVE-2018-17890
MISCnuuo -- nuuo_cmsNUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.2018-10-12not yet calculatedCVE-2018-17894
MISCnuuo -- nuuo_cmsNUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.2018-10-12not yet calculatedCVE-2018-17892
MISCnuuo -- nuuo_cmsNUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.2018-10-12not yet calculatedCVE-2018-17888
MISCopenjpeg -- openjpegOpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c2018-10-09not yet calculatedCVE-2018-18088
MISCopensuse -- open_build_serviceA Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.2018-10-09not yet calculatedCVE-2018-12479
CONFIRMopensuse -- open_build_serviceA Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.2018-10-09not yet calculatedCVE-2018-12478
CONFIRMopensuse -- open_build_serviceImproper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.2018-10-09not yet calculatedCVE-2018-12474
CONFIRM
CONFIRMopensuse -- open_build_serviceA Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.2018-10-09not yet calculatedCVE-2018-12477
CONFIRMpagekit -- pagekitThe Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}.2018-10-09not yet calculatedCVE-2018-18087
MISCpalo_alto -- pan-osGlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.2018-10-12not yet calculatedCVE-2018-10141
CONFIRMparamiko -- paramikoParamiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.2018-10-08not yet calculatedCVE-2018-1000805
CONFIRMpbootcms -- pbootcmsPbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.2018-10-10not yet calculatedCVE-2018-18211
MISCpdfalto -- pdfaltoA issue was found in pdfalto 0.2. There is a heap-based buffer overflow in the TextPage::addAttributsNode function in XmlAltoOutputDev.cc.2018-10-12not yet calculatedCVE-2018-18274
MISC
MISCpippo -- pippoPippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.2018-10-11not yet calculatedCVE-2018-18240
MISCprivacyidea -- privacyideaprivacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.2018-10-08not yet calculatedCVE-2018-1000809
CONFIRM
CONFIRMprogress_software -- telerik_extensions_for_asp.net_mvcTelerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013.2018-10-08not yet calculatedCVE-2018-17060
CONFIRMpyopenssl -- pyopensslPython Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.2018-10-08not yet calculatedCVE-2018-1000808
CONFIRMpyopenssl -- pyopensslPython Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.2018-10-08not yet calculatedCVE-2018-1000807
CONFIRMpython -- pythonThe Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.2018-10-09not yet calculatedCVE-2018-18074
MISC
MISC
MISC
MISCqemu -- qemuQemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.2018-10-09not yet calculatedCVE-2018-17958
MLIST
BID
MLISTqemu -- qemuqemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.2018-10-09not yet calculatedCVE-2018-17963
MLIST
MLISTqemu -- qemuQemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.2018-10-09not yet calculatedCVE-2018-17962
MLIST
MLISTqibosoft -- qibosoftqibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.2018-10-09not yet calculatedCVE-2018-18201
MISCred_hat -- ceph_storage_2_and_3It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.2018-10-09not yet calculatedCVE-2018-14649
BID
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRMrust -- rustThe Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.2018-10-08not yet calculatedCVE-2018-1000810
CONFIRM
CONFIRMsap -- abapIn SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2018-10-09not yet calculatedCVE-2018-2470
BID
MISC
CONFIRMsap -- adaptive_server_enterpriseUnder certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.2018-10-09not yet calculatedCVE-2018-2468
BID
MISC
CONFIRMsap -- adaptive_server_enterpriseUnder certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.2018-10-09not yet calculatedCVE-2018-2469
BID
MISC
CONFIRMsap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2018-10-09not yet calculatedCVE-2018-2472
BID
MISC
CONFIRMsap -- businessobjects_business_intelligence_platformUnder certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.2018-10-09not yet calculatedCVE-2018-2471
BID
MISC
CONFIRMsap -- businessobjects_business_intelligence_platform_serversIn the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.2018-10-09not yet calculatedCVE-2018-2467
BID
MISC
CONFIRMsap -- data_servicesIn Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.2018-10-09not yet calculatedCVE-2018-2466
BID
MISC
CONFIRMsap -- erp_hcmSAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.2018-10-09not yet calculatedCVE-2018-2474
BID
MISC
CONFIRMsap -- gardenerFollowing the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.2.2018-10-09not yet calculatedCVE-2018-2475
CONFIRM
MISC
CONFIRMseqrite -- endpoint_securitySeqrite Endpoint Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.2018-10-08not yet calculatedCVE-2018-17775
MISC
EXPLOIT-DBsiemans -- multiple_productsA vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity.2018-10-10not yet calculatedCVE-2018-13805
CONFIRMsiemans -- rox_iiA vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.2018-10-10not yet calculatedCVE-2018-13801
BID
CONFIRM
MISCsiemans -- rox_iiA vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device.2018-10-10not yet calculatedCVE-2018-13802
BID
CONFIRM
MISCsiemans -- simatic_s7-1200_cpuA vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.2018-10-10not yet calculatedCVE-2018-13800
BID
CONFIRMsugarcrm -- sugarcrm_community_editionMultiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.2018-10-10not yet calculatedCVE-2018-17784
MISC
EXPLOIT-DBtecrail -- responsive_filemanagerAn issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.2018-10-10not yet calculatedCVE-2018-18062
BUGTRAQtecrail -- responsive_filemanagerAn issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.2018-10-10not yet calculatedCVE-2018-18061
BUGTRAQtibco -- spotfire_statistics_servicesThe web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.2018-10-10not yet calculatedCVE-2018-12410
BID
CONFIRMtinc -- tinctinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.2018-10-10not yet calculatedCVE-2018-16737
CONFIRM
CONFIRMtinc -- tinctinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.2018-10-10not yet calculatedCVE-2018-16738
CONFIRM
CONFIRM
DEBIANtinc -- tincMissing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.2018-10-10not yet calculatedCVE-2018-16758
CONFIRM
CONFIRM
DEBIANvirtualmin -- virtualminVirtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter.2018-10-10not yet calculatedCVE-2018-18207
MISCvirtualmin  -- virtualmin Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI.2018-10-10not yet calculatedCVE-2018-18208
MISCvmware -- multiple_productsVMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.2018-10-09not yet calculatedCVE-2018-6977
BID
SECTRACK
SECTRACK
CONFIRMvmware -- workspace_one_unified_endpoint_manager_consoleThe VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.2018-10-05not yet calculatedCVE-2018-6979
SECTRACK
CONFIRMwago -- 750-881_ethernet_controller_devicesWAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.2018-10-12not yet calculatedCVE-2018-16210
EXPLOIT-DBwaimai_super_cms -- waimai_super_cmsXSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI.2018-10-09not yet calculatedCVE-2018-18082
MISCwecon -- levistudiouAn out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files.2018-10-09not yet calculatedCVE-2018-10610
MISCwecon -- levistudiouAn XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.2018-10-09not yet calculatedCVE-2018-10614
MISCwecon -- pi_studio_hmiWECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.2018-10-08not yet calculatedCVE-2018-14818
MISCwecon -- pi_studio_hmiWECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator.2018-10-08not yet calculatedCVE-2018-14810
MISCwecon -- pi_studio_hmi_and_pi_studioIn WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.2018-10-08not yet calculatedCVE-2018-17889
MISCwikidforum -- wikidforumWikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.2018-10-09not yet calculatedCVE-2018-18075
MISC
EXPLOIT-DBwireshark -- wiresharkIn Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.2018-10-12not yet calculatedCVE-2018-18226
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.2018-10-12not yet calculatedCVE-2018-18225
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.2018-10-12not yet calculatedCVE-2018-18227
MISC
MISC
MISCwordpress -- wordpressprocess_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.2018-10-08not yet calculatedCVE-2018-18069
MISCwordpress -- wordpressMultiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.2018-10-09not yet calculatedCVE-2018-17866
MISC
CONFIRMwordpress -- wordpressThe wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.2018-10-07not yet calculatedCVE-2015-9273
MISC
MISC
MISCyakamara_media -- redaxoThere is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.2018-10-09not yet calculatedCVE-2018-18200
MISCyakamara_media -- redaxoMediamanager in REDAXO before 5.6.4 has XSS.2018-10-09not yet calculatedCVE-2018-18199
MISCyakamara_media -- redaxoThe $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request.2018-10-09not yet calculatedCVE-2018-18198
MISC
MISCyokogawa -- stardom_controllersYokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.2018-10-12not yet calculatedCVE-2018-17900
MISC
CONFIRMyokogawa -- stardom_controllersYokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.2018-10-12not yet calculatedCVE-2018-17898
MISC
CONFIRMyokogawa -- stardom_controllersYokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.2018-10-12not yet calculatedCVE-2018-17902
MISC
CONFIRMyokogawa -- stardom_controllersYokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.2018-10-12not yet calculatedCVE-2018-17896
MISC
CONFIRMyouke365 -- youke365youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.2018-10-11not yet calculatedCVE-2018-18242
MISCyouke365 -- youke365In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.2018-10-11not yet calculatedCVE-2018-18215
MISCzeit -- next.jsNext.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.2018-10-12not yet calculatedCVE-2018-18282
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


MS-ISAC Releases Advisory on PHP Vulnerabilities

Sat, 10/13/2018 - 06:37
Original release date: October 12, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

Fri, 10/12/2018 - 01:23
Original release date: October 11, 2018

NCCIC, in collaboration with the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre, has released a joint Activity Alert that highlights five publicly available tools frequently observed in cyber incidents worldwide. The Activity Alert provides an overview of each tool, its capabilities, and recommended best practices network defenders can use to protect their networks against these tools.

NCCIC encourages users and administrators to review the joint Activity Alert AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide for more information.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.


AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

Thu, 10/11/2018 - 23:19
Original release date: October 11, 2018
Summary

This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]

In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:

  1. Remote Access Trojan: JBiFrost
  2. Webshell: China Chopper
  3. Credential Stealer: Mimikatz
  4. Lateral Movement Framework: PowerShell Empire
  5. C2 Obfuscation and Exfiltration: HUC Packet Transmitter

To aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.

The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.

Tools and techniques for exploiting networks and the data they hold are by no means the preserve of nation states or criminals on the dark web. Today, malicious tools with a variety of functions are widely and freely available for use by everyone from skilled penetration testers, hostile state actors and organized criminals, to amateur cyber criminals.

The tools in this Activity Alert have been used to compromise information across a wide range of critical sectors, including health, finance, government, and defense. Their widespread availability presents a challenge for network defense and threat-actor attribution.

Experience from all our countries makes it clear that, while cyber threat actors continue to develop their capabilities, they still make use of established tools and techniques. Even the most sophisticated threat actor groups use common, publicly available tools to achieve their objectives.

Whatever these objectives may be, initial compromises of victim systems are often established through exploitation of common security weaknesses. Abuse of unpatched software vulnerabilities or poorly configured systems are common ways for a threat actor to gain access. The tools detailed in this Activity Alert come into play once a compromise has been achieved, enabling attackers to further their objectives within the victim’s systems.

How to Use This Report

The tools detailed in this Activity Alert fall into five categories: Remote Access Trojans (RATs), webshells, credential stealers, lateral movement frameworks, and command and control (C2) obfuscators.

This Activity Alert provides an overview of the threat posed by each tool, along with insight into where and when it has been deployed by threat actors. Measures to aid detection and limit the effectiveness of each tool are also described.

The Activity Alert concludes with general advice for improving network defense practices.

Technical Details Remote Access Trojan: JBiFrost 

First observed in May 2015, the JBiFrost RAT is a variant of the Adwind RAT, with roots stretching back to the Frutas RAT from 2012.

A RAT is a program that, once installed on a victim’s machine, allows remote administrative control. In a malicious context, it can—among many other functions—be used to install backdoors and key loggers, take screen shots, and exfiltrate data.

Malicious RATs can be difficult to detect because they are normally designed not to appear in lists of running programs and can mimic the behavior of legitimate applications.

To prevent forensic analysis, RATs have been known to disable security measures (e.g., Task Manager) and network analysis tools (e.g., Wireshark) on the victim’s system.

In Use

JBiFrost RAT is typically employed by cyber criminals and low-skilled threat actors, but its capabilities could easily be adapted for use by state-sponsored threat actors.

Other RATs are widely used by Advanced Persistent Threat (APT) actor groups, such as Adwind RAT, against the aerospace and defense sector; or Quasar RAT, by APT10, against a broad range of sectors.

Threat actors have repeatedly compromised servers in our countries with the purpose of delivering malicious RATs to victims, either to gain remote access for further exploitation, or to steal valuable information such as banking credentials, intellectual property, or PII.

Capabilities

JBiFrost RAT is Java-based, cross-platform, and multifunctional. It poses a threat to several different operating systems, including Windows, Linux, MAC OS X, and Android.

JBiFrost RAT allows threat actors to pivot and move laterally across a network or install additional malicious software. It is primarily delivered through emails as an attachment, usually an invoice notice, request for quotation, remittance notice, shipment notification, payment notice, or with a link to a file hosting service.

Past infections have exfiltrated intellectual property, banking credentials, and personally identifiable information (PII). Machines infected with JBiFrost RAT can also be used in botnets to carry out distributed denial-of-service attacks.

Examples

Since early 2018, we have observed an increase in JBiFrost RAT being used in targeted attacks against critical national infrastructure owners and their supply chain operators. There has also been an increase in the RAT’s hosting on infrastructure located in our countries.

In early 2017, Adwind RAT was deployed via spoofed emails designed to look as if they originated from Society for Worldwide Interbank Financial Telecommunication, or SWIFT, network services.

Many other publicly available RATs, including variations of Gh0st RAT, have also been observed in use against a range of victims worldwide.

Detection and Protection

Some possible indications of a JBiFrost RAT infection can include, but are not limited to:

  • Inability to restart the computer in safe mode,
  • Inability to open the Windows Registry Editor or Task Manager,
  • Significant increase in disk activity and/or network traffic,
  • Connection attempts to known malicious Internet Protocol (IP) addresses, and
  • Creation of new files and directories with obfuscated or random names.

Protection is best afforded by ensuring systems and installed applications are all fully patched and updated. The use of a modern antivirus program with automatic definition updates and regular system scans will also help ensure that most of the latest variants are stopped in their tracks. You should ensure that your organization is able to collect antivirus detections centrally across its estate and investigate RAT detections efficiently.

Strict application whitelisting is recommended to prevent infections from occurring.

The initial infection mechanism for RATs, including JBiFrost RAT, can be via phishing emails. You can help prevent JBiFrost RAT infections by stopping these phishing emails from reaching your users, helping users to identify and report phishing emails, and implementing security controls so that the malicious email does not compromise your device. The United Kingdom National Cyber Security Centre (UK NCSC) has published phishing guidance.

Webshell: China Chopper 

China Chopper is a publicly available, well-documented webshell that has been in widespread use since 2012.

Webshells are malicious scripts that are uploaded to a target host after an initial compromise and grant a threat actor remote administrative capability.

Once this access is established, webshells can also be used to pivot to additional hosts within a network.

In Use

China Chopper is extensively used by threat actors to remotely access compromised web servers, where it provides file and directory management, along with access to a virtual terminal on the compromised device.

As China Chopper is just 4 KB in size and has an easily modifiable payload, detection and mitigation are difficult for network defenders.

Capabilities

China Chopper has two main components: the China Chopper client-side, which is run by the attacker, and the China Chopper server, which is installed on the victim web server but is also attacker-controlled.

The webshell client can issue terminal commands and manage files on the victim server. Its MD5 hash is publicly available (originally posted on hxxp://www.maicaidao.com).

The MD5 hash of the web client is shown in table 1 below.

Table 1: China Chopper webshell client MD5 hash

Webshell ClientMD5 Hashcaidao.exe5001ef50c7e869253a7c152a638eab8a

The webshell server is uploaded in plain text and can easily be changed by the attacker. This makes it harder to define a specific hash that can identify adversary activity. In summer 2018, threat actors were observed targeting public-facing web servers that were vulnerable to CVE-2017-3066. The activity was related to a vulnerability in the web application development platform Adobe ColdFusion, which enabled remote code execution.

China Chopper was intended as the second-stage payload, delivered once servers had been compromised, allowing the threat actor remote access to the victim host. After successful exploitation of a vulnerability on the victim machine, the text-based China Chopper is placed on the victim web server. Once uploaded, the webshell server can be accessed by the threat actor at any time using the client application. Once successfully connected, the threat actor proceeds to manipulate files and data on the web server.

China Chopper’s capabilities include uploading and downloading files to and from the victim using the file-retrieval tool wget to download files from the internet to the target; and editing, deleting, copying, renaming, and even changing the timestamp, of existing files.

Detection and protection

The most powerful defense against a webshell is to avoid the web server being compromised in the first place. Ensure that all the software running on public-facing web servers is up-to-date with security patches applied. Audit custom applications for common web vulnerabilities.[6]

One attribute of China Chopper is that every action generates a hypertext transfer protocol (HTTP) POST. This can be noisy and is easily spotted if investigated by a network defender.

While the China Chopper webshell server upload is plain text, commands issued by the client are Base64 encoded, although this is easily decodable.

The adoption of Transport Layer Security (TLS) by web servers has resulted in web server traffic becoming encrypted, making detection of China Chopper activity using network-based tools more challenging.

The most effective way to detect and mitigate China Chopper is on the host itself—specifically on public-facing web servers. There are simple ways to search for the presence of the web-shell using the command line on both Linux and Windows based operating systems.[7]

To detect webshells more broadly, network defenders should focus on spotting either suspicious process execution on web servers (e.g., Hypertext Preprocessor [PHP] binaries spawning processes) and out-of-pattern outbound network connections from web servers. Typically, web servers make predictable connections to an internal network. Changes in those patterns may indicate the presence of a web shell. You can manage network permissions to prevent web-server processes from writing to directories where PHP can be executed, or from modifying existing files.

We also recommend that you use web access logs as a source of monitoring, such as through traffic analytics. Unexpected pages or changes in traffic patterns can be early indicators.

Credential Stealer: Mimikatz 

Developed in 2007, Mimikatz is mainly used by attackers to collect the credentials of other users, who are logged into a targeted Windows machine. It does this by accessing the credentials in memory within a Windows process called Local Security Authority Subsystem Service (LSASS).

These credentials, either in plain text, or in hashed form, can be reused to give access to other machines on a network.

Although it was not originally intended as a hacking tool, in recent years Mimikatz has been used by multiple actors for malicious purposes. Its use in compromises around the world has prompted organizations globally to re-evaluate their network defenses.

Mimikatz is typically used by threat actors once access has been gained to a host and the threat actor wishes to move throughout the internal network. Its use can significantly undermine poorly configured network security.

In Use

Mimikatz source code is publicly available, which means anyone can compile their own versions of the new tool and potentially develop new Mimikatz custom plug-ins and additional functionality.

Our cyber authorities have observed widespread use of Mimikatz among threat actors, including organized crime and state-sponsored groups.

Once a threat actor has gained local administrator privileges on a host, Mimikatz provides the ability to obtain the hashes and clear-text credentials of other users, enabling the threat actor to escalate privileges within a domain and perform many other post-exploitation and lateral movement tasks.

For this reason, Mimikatz has been bundled into other penetration testing and exploitation suites, such as PowerShell Empire and Metasploit.

Capabilities

Mimikatz is best known for its ability to retrieve clear text credentials and hashes from memory, but its full suite of capabilities is extensive.

The tool can obtain Local Area Network Manager and NT LAN Manager hashes, certificates, and long-term keys on Windows XP (2003) through Windows 8.1 (2012r2). In addition, it can perform pass-the-hash or pass-the-ticket tasks and build Kerberos “golden tickets.”

Many features of Mimikatz can be automated with scripts, such as PowerShell, allowing a threat actor to rapidly exploit and traverse a compromised network. Furthermore, when operating in memory through the freely available “Invoke-Mimikatz” PowerShell script, Mimikatz activity is very difficult to isolate and identify.

Examples

Mimikatz has been used across multiple incidents by a broad range of threat actors for several years. In 2011, it was used by unknown threat actors to obtain administrator credentials from the Dutch certificate authority, DigiNotar. The rapid loss of trust in DigiNotar led to the company filing for bankruptcy within a month of this compromise.

More recently, Mimikatz was used in conjunction with other malicious tools—in the NotPetya and BadRabbit ransomware attacks in 2017 to extract administrator credentials held on thousands of computers. These credentials were used to facilitate lateral movement and enabled the ransomware to propagate throughout networks, encrypting the hard drives of numerous systems where these credentials were valid.

In addition, a Microsoft research team identified use of Mimikatz during a sophisticated cyberattack targeting several high-profile technology and financial organizations. In combination with several other tools and exploited vulnerabilities, Mimikatz was used to dump and likely reuse system hashes.

Detection and Protection

Updating Windows will help reduce the information available to a threat actor from the Mimikatz tool, as Microsoft seeks to improve the protection offered in each new Windows version.

To prevent Mimikatz credential retrieval, network defenders should disable the storage of clear text passwords in LSASS memory. This is default behavior for Windows 8.1/Server 2012 R2 and later, but can be specified on older systems which have the relevant security patches installed.[8] Windows 10 and Windows Server 2016 systems can be protected by using newer security features, such as Credential Guard.

Credential Guard will be enabled by default if:

  • The hardware meets Microsoft’s Windows Hardware Compatibility Program Specifications and Policies for Windows Server 2016 and Windows Server Semi-Annual Branch; and
  • The server is not acting as a Domain Controller.

You should verify that your physical and virtualized servers meet Microsoft’s minimum requirements for each release of Windows 10 and Windows Server.

Password reuse across accounts, particularly administrator accounts, makes pass-the-hash attacks far simpler. You should set user policies within your organization that discourage password reuse, even across common level accounts on a network. The freely available Local Administrator Password Solution from Microsoft can allow easy management of local administrator passwords, preventing the need to set and store passwords manually.

Network administrators should monitor and respond to unusual or unauthorized account creation or authentication to prevent Kerberos ticket exploitation, or network persistence and lateral movement. For Windows, tools such as Microsoft Advanced Threat Analytics and Azure Advanced Threat Protection can help with this.

Network administrators should ensure that systems are patched and up-to-date. Numerous Mimikatz features are mitigated or significantly restricted by the latest system versions and updates. But no update is a perfect fix, as Mimikatz is continually evolving and new third-party modules are often developed.

Most up-to-date antivirus tools will detect and isolate non-customized Mimikatz use and should therefore be used to detect these instances. But threat actors can sometimes circumvent antivirus systems by running Mimikatz in memory, or by slightly modifying the original code of the tool. Wherever Mimikatz is detected, you should perform a rigorous investigation, as it almost certainly indicates a threat actor is actively present in the network, rather than an automated process at work.

Several of Mimikatz’s features rely on exploitation of administrator accounts. Therefore, you should ensure that administrator accounts are issued on an as-required basis only. Where administrative access is required, you should apply privileged access management principles.

Since Mimikatz can only capture the accounts of those users logged into a compromised machine, privileged users (e.g., domain administrators) should avoid logging into machines with their privileged credentials. Detailed information on securing Active Directory is available from Microsoft.[9]

Network defenders should audit the use of scripts, particularly PowerShell, and inspect logs to identify anomalies. This will aid in identifying Mimikatz or pass-the-hash abuse, as well as in providing some mitigation against attempts to bypass detection software.

Lateral Movement Framework: PowerShell Empire 

PowerShell Empire is an example of a post-exploitation or lateral movement tool. It is designed to allow an attacker (or penetration tester) to move around a network after gaining initial access. Other examples of these tools include Cobalt Strike and Metasploit. PowerShell Empire can also be used to generate malicious documents and executables for social engineering access to networks.

The PowerShell Empire framework was designed as a legitimate penetration testing tool in 2015. PowerShell Empire acts as a framework for continued exploitation once a threat actor has gained access to a system.

The tool provides a threat actor with the ability to escalate privileges, harvest credentials, exfiltrate information, and move laterally across a network. These capabilities make it a powerful exploitation tool. Because it is built on a common legitimate application (PowerShell) and can operate almost entirely in memory, PowerShell Empire can be difficult to detect on a network using traditional antivirus tools.

In Use

PowerShell Empire has become increasingly popular among hostile state actors and organized criminals. In recent years we have seen it used in cyber incidents globally across a wide range of sectors.

Initial exploitation methods vary between compromises, and threat actors can configure the PowerShell Empire uniquely for each scenario and target. This, in combination with the wide range of skill and intent within the PowerShell Empire user community, means that the ease of detection will vary. Nonetheless, having a greater understanding and awareness of this tool is a step forward in defending against its use by threat actors.

Capabilities

PowerShell Empire enables a threat actor to carry out a range of actions on a victim’s machine and implements the ability to run PowerShell scripts without needing powershell.exe to be present on the system Its communications are encrypted and its architecture is flexible.

PowerShell Empire uses "modules" to perform more specific malicious actions. These modules provide the threat actor with a customizable range of options to pursue their goals on the victim’s systems. These goals include escalation of privileges, credential harvesting, host enumeration, keylogging, and the ability to move laterally across a network.

PowerShell Empire’s ease of use, flexible configuration, and ability to evade detection make it a popular choice for threat actors of varying abilities.

Examples

During an incident in February 2018, a UK energy sector company was compromised by an unknown threat actor. This compromise was detected through PowerShell Empire beaconing activity using the tool’s default profile settings. Weak credentials on one of the victim’s administrator accounts are believed to have provided the threat actor with initial access to the network.

In early 2018, an unknown threat actor used Winter Olympics-themed socially engineered emails and malicious attachments in a spear-phishing campaign targeting several South Korean organizations. This attack had an additional layer of sophistication, making use of Invoke-PSImage, a stenographic tool that will encode any PowerShell script into an image.

In December 2017, APT19 targeted a multinational law firm with a phishing campaign. APT19 used obfuscated PowerShell macros embedded within Microsoft Word documents generated by PowerShell Empire.

Our cybersecurity authorities are also aware of PowerShell Empire being used to target academia. In one reported instance, a threat actor attempted to use PowerShell Empire to gain persistence using a Windows Management Instrumentation event consumer. However, in this instance, the PowerShell Empire agent was unsuccessful in establishing network connections due to the HTTP connections being blocked by a local security appliance.

Detection and Protection

Identifying malicious PowerShell activity can be difficult due to the prevalence of legitimate PowerShell activity on hosts and the increased use of PowerShell in maintaining a corporate environment.

To identify potentially malicious scripts, PowerShell activity should be comprehensively logged. This should include script block logging and PowerShell transcripts.

Older versions of PowerShell should be removed from environments to ensure that they cannot be used to circumvent additional logging and controls added in more recent versions of PowerShell. This page provides a good summary of PowerShell security practices.[10]

The code integrity features in recent versions of Windows can be used to limit the functionality of PowerShell, preventing or hampering malicious PowerShell in the event of a successful intrusion.

A combination of script code signing, application whitelisting, and constrained language mode will prevent or limit the effect of malicious PowerShell in the event of a successful intrusion. These controls will also impact legitimate PowerShell scripts and it is strongly advised that they be thoroughly tested before deployment.

When organizations profile their PowerShell usage, they often find it is only used legitimately by a small number of technical staff. Establishing the extent of this legitimate activity will make it easier to monitor and investigate suspicious or unexpected PowerShell usage elsewhere on the network.

C2 Obfuscation and Exfiltration: HUC Packet Transmitter 

Attackers will often want to disguise their location when compromising a target. To do this, they may use generic privacy tools (e.g., Tor) or more specific tools to obfuscate their location.

HUC Packet Transmitter (HTran) is a proxy tool used to intercept and redirect Transmission Control Protocol (TCP) connections from the local host to a remote host. This makes it possible to obfuscate an attacker’s communications with victim networks. The tool has been freely available on the internet since at least 2009.

HTran facilitates TCP connections between the victim and a hop point controlled by a threat actor. Malicious threat actors can use this technique to redirect their packets through multiple compromised hosts running HTran to gain greater access to hosts in a network.

In Use

The use of HTran has been regularly observed in compromises of both government and industry targets.

A broad range of threat actors have been observed using HTran and other connection proxy tools to

  • Evade intrusion and detection systems on a network,
  • Blend in with common traffic or leverage domain trust relationships to bypass security controls,
  • Obfuscate or hide C2 infrastructure or communications, and
  • Create peer-to-peer or meshed C2 infrastructure to evade detection and provide resilient connections to infrastructure.
Capabilities

HTran can run in several modes, each of which forwards traffic across a network by bridging two TCP sockets. They differ in terms of where the TCP sockets are initiated from, either locally or remotely. The three modes are

  • Server (listen) – Both TCP sockets initiated remotely;
  • Client (slave) – Both TCP sockets initiated locally; and
  • Proxy (tran) – One TCP socket initiated remotely, the other initiated locally, upon receipt of traffic from the first connection.

HTran can inject itself into running processes and install a rootkit to hide network connections from the host operating system. Using these features also creates Windows registry entries to ensure that HTran maintains persistent access to the victim network.

Examples

Recent investigations by our cybersecurity authorities have identified the use of HTran to maintain and obfuscate remote access to targeted environments.

In one incident, the threat actor compromised externally-facing web servers running outdated and vulnerable web applications. This access enabled the upload of webshells, which were then used to deploy other tools, including HTran.

HTran was installed into the ProgramData directory and other deployed tools were used to reconfigure the server to accept Remote Desktop Protocol (RDP) communications.

The threat actor issued a command to start HTran as a client, initiating a connection to a server located on the internet over port 80, which forwards RDP traffic from the local interface.

In this case, HTTP was chosen to blend in with other traffic that was expected to be seen originating from a web server to the internet. Other well-known ports used included:

  • Port 53 – Domain Name System
  • Port 443 - HTTP over TLS/Secure Sockets Layer
  • Port 3306 - MySQL
  • By using HTran in this way, the threat actor was able to use RDP for several months without being detected.
Detection and Protection

Attackers need access to a machine to install and run HTran, so network defenders should apply security patches and use good access control to prevent attackers from installing malicious applications.

Network monitoring and firewalls can help prevent and detect unauthorized connections from tools such as HTran.

In some of the samples analyzed, the rootkit component of HTran only hides connection details when the proxy mode is used. When client mode is used, defenders can view details about the TCP connections being made.

HTran also includes a debugging condition that is useful for network defenders. In the event that a destination becomes unavailable, HTran generates an error message using the following format:

sprint(buffer, “[SERVER]connection to %s:%d error\r\n”, host, port2);

This error message is relayed to the connecting client in the clear. Network defenders can monitor for this error message to potentially detect HTran instances active in their environments.

 

Mitigations

There are several measures that will improve the overall cybersecurity of your organization and help protect it against the types of tools highlighted in this report. Network defenders are advised to seek further information using the links below.

Further information: invest in preventing malware-based attacks across various scenarios. See UK NCSC Guidance: https://www.ncsc.gov.uk/guidance/mitigating-malware.

Additional Resources from International Partners Contact Information

NCCIC encourages recipients of this report to contribute any additional information that they may have related to this threat. For any questions related to this report, please contact NCCIC at

NCCIC encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on the NCCIC/US-CERT homepage at http://www.us-cert.gov/.

Feedback

NCCIC strives to make this report a valuable tool for our partners and welcomes feedback on how this publication could be improved. You can help by answering a few short questions about this report at the following URL: https://www.us-cert.gov/forms/feedback.

References Revisions
  • October, 11 2018: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


Juniper Networks Releases Security Updates

Thu, 10/11/2018 - 07:09
Original release date: October 10, 2018

Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Juniper Security Advisories website and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Advisory

Wed, 10/10/2018 - 05:39
Original release date: October 09, 2018

VMware has released a security advisory to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0025 and apply the necessary workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases October 2018 Security Updates

Wed, 10/10/2018 - 04:35
Original release date: October 09, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft’s October 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Wed, 10/10/2018 - 00:13
Original release date: October 09, 2018

Adobe has released security updates to address vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite. An attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-27, APSB18-37, and APSB18-38 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


National Cybersecurity Awareness Month: Careers in Cybersecurity

Tue, 10/09/2018 - 19:06
Original release date: October 09, 2018

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. The month’s themes educate students and professionals about cybersecurity attack methods, best practices, and preventive measures and are geared toward informing the next generation of cybersecurity professionals. It is critical that today’s students graduate ready to enter the workforce and are open to learning more about the growing field of cybersecurity.

NCCIC encourages interested candidates to review the following resources for information on cybersecurity employment opportunities:

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Updates for iCloud, iOS

Tue, 10/09/2018 - 03:20
Original release date: October 08, 2018

Apple has released security updates to address vulnerabilities in iCloud for Windows and iOS. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Apple security pages for iCloud for Windows 7.7 and iOS 12.0.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-281: Vulnerability Summary for the Week of October 1, 2018

Mon, 10/08/2018 - 13:43
Original release date: October 08, 2018 | Last revised: October 09, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadplug -- adplug
 An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.2018-10-01not yet calculatedCVE-2018-17825
MISCairities -- airties_devices
 AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.2018-10-02not yet calculatedCVE-2018-17589
MISCairties -- airties_devices
 AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.2018-10-02not yet calculatedCVE-2018-17588
MISC
EXPLOIT-DBairties -- airties_devices
 AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.2018-10-02not yet calculatedCVE-2018-17594
MISCairties -- airties_devices
 AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.2018-10-02not yet calculatedCVE-2018-17587
MISC
EXPLOIT-DBairties -- airties_devices
 AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.2018-10-02not yet calculatedCVE-2018-17590
MISC
EXPLOIT-DBairties -- airties_devices
 AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.2018-10-02not yet calculatedCVE-2018-17593
MISC
EXPLOIT-DBairties -- airties_devices
 AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.2018-10-02not yet calculatedCVE-2018-17591
MISC
EXPLOIT-DBapache -- pdfbox
 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.2018-10-05not yet calculatedCVE-2018-11797
MLISTapache -- pony_mail
 The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.2018-10-04not yet calculatedCVE-2017-5658
MLISTapache -- tomcat
 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.2018-10-04not yet calculatedCVE-2018-11784
MLISTapache --  ranger
 UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.02018-10-05not yet calculatedCVE-2018-11778
CONFIRM
MLISTatlantis -- word_processor
 An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-3981
MISCatlantis -- word_processor
 An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.2018-10-01not yet calculatedCVE-2018-3975
MISCatlantis -- word_processor
 An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-3998
MISCatlantis -- word_processor
 An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later dereferenced and then written to allow for controlled heap corruption, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-4001
MISCatlantis -- word_processor
 An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-3978
MISCatlantis -- word_processor
 An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-4000
MISCatlantis -- word_processor
 An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-3984
MISCatlantis -- word_processor
 An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-3999
MISCblynk -- blynk
 In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.2018-09-30not yet calculatedCVE-2018-17785
CONFIRM
CONFIRMbtiteam -- xbtit
 An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.2018-10-01not yet calculatedCVE-2018-17870
MISCcarestream -- vue_ris
 Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.2018-10-04not yet calculatedCVE-2018-17891
MISCcisco -- adaptive_security_appliance_and_firepower_threat_defense_software
 A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.2018-10-05not yet calculatedCVE-2018-15397
SECTRACK
CISCOcisco -- adaptive_security_appliance_and_firepower_threat_defense_software
 A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.2018-10-05not yet calculatedCVE-2018-15399
SECTRACK
CISCOcisco -- adaptive_security_appliance_and_firepower_threat_defense_software
 A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL.2018-10-05not yet calculatedCVE-2018-15398
BID
SECTRACK
CISCOcisco -- adaptive_security_appliance_and_firepower_threat_defense_software
 A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.2018-10-05not yet calculatedCVE-2018-15383
SECTRACK
CISCOcisco -- asyncos_software_for_the_cisco_email_security_appliance
 A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. If successful, an exploit could allow the attacker to bypass the URL filters that are configured for the affected device, which could allow malicious URLs to pass through the device.2018-10-05not yet calculatedCVE-2018-0447
BID
SECTRACK
CISCOcisco -- cloud_services_platform
 A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15400
CISCOcisco -- cloud_services_platform
 A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface.2018-10-05not yet calculatedCVE-2018-0454
SECTRACK
CISCOcisco -- data_center_network_manager
 A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-10-05not yet calculatedCVE-2018-0450
BID
CISCOcisco -- data_center_network_manager
 A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.2018-10-05not yet calculatedCVE-2018-0464
BID
SECTRACK
CISCO
MISCcisco -- data_center_network_manager
 A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user.2018-10-05not yet calculatedCVE-2018-0440
SECTRACK
CISCOcisco -- digital_network_architecture_center
 A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.2018-10-05not yet calculatedCVE-2018-15386
BID
CISCOcisco -- digital_network_architecture_center
 A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.2018-10-05not yet calculatedCVE-2018-0448
BID
CISCOcisco -- enterprise_nfv_infrastrcuture_software
 A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system.2018-10-05not yet calculatedCVE-2018-0460
BID
CISCOcisco -- enterprise_nfv_infrastructure_software
 A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system.2018-10-05not yet calculatedCVE-2018-0459
BID
CISCOcisco -- enterprise_nfv_infrastructure_software
 A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.2018-10-05not yet calculatedCVE-2018-0462
BID
CISCOcisco -- expressway_series_and_telepresence_video_communication_server
 A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.2018-10-05not yet calculatedCVE-2018-15430
SECTRACK
CISCOcisco -- firepower_threat_defense_sensorsA vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. To send the commands, the attacker must have root privileges for at least one affected sensor or the Cisco FMC. The vulnerability exists because the affected software performs insufficient checks for certain CLI commands, if the commands are executed via a Sourcefire tunnel connection. An attacker could exploit this vulnerability by authenticating with root privileges to a Firepower sensor or Cisco FMC, and then sending specific CLI commands to the Cisco FMC or through the Cisco FMC to another Firepower sensor via the Sourcefire tunnel connection. A successful exploit could allow the attacker to modify device configurations or delete files on the device that is running Cisco FMC Software or on any Firepower device that is managed by Cisco FMC.2018-10-05not yet calculatedCVE-2018-0453
CISCOcisco -- firepower_threat_defense_software
 A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition.2018-10-05not yet calculatedCVE-2018-15390
BID
CISCOcisco -- hosted_collaboration_mediation_fulfillment
 A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user.2018-10-05not yet calculatedCVE-2018-15401
CISCOcisco -- hyperflex_hx_data_platform_software
 A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data.2018-10-05not yet calculatedCVE-2018-15429
CISCOcisco -- hyperflex_software
 A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.2018-10-05not yet calculatedCVE-2018-15382
BID
CISCOcisco -- hyperflex_software
 A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.2018-10-05not yet calculatedCVE-2018-15423
CISCOcisco -- hyperflex_software
 A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.2018-10-05not yet calculatedCVE-2018-15407
CISCOcisco -- identity_services_engine
 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.2018-10-05not yet calculatedCVE-2018-15424
SECTRACK
CISCOcisco -- identity_services_engine
 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.2018-10-05not yet calculatedCVE-2018-15425
SECTRACK
CISCOcisco -- industrial_network_director
 A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.2018-10-05not yet calculatedCVE-2018-0446
CISCOcisco -- industrial_network_director
 A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-15392
CISCOcisco -- integrated_management_controller_software
 A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.2018-10-05not yet calculatedCVE-2018-0431
SECTRACK
CISCOcisco -- integrated_management_controller_software
 A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.2018-10-05not yet calculatedCVE-2018-0430
SECTRACK
CISCOcisco -- integrated_management_controller_supervisor_and_ucs_director
 A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-15404
CISCO

cisco -- integrated_management_controller_supervisor_and_ucs_director

 

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks.2018-10-05not yet calculatedCVE-2018-15405
SECTRACK
CISCOcisco -- ios_and_ios_xe_software
 A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.2018-10-05not yet calculatedCVE-2018-0467
SECTRACK
CISCOcisco -- ios_and_ios_xe_software
 A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-15369
BID
CISCOcisco -- ios_and_ios_xe_software
 A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition.2018-10-05not yet calculatedCVE-2018-0466
BID
SECTRACK
CISCOcisco -- ios_and_ios_xe_software
 A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability.2018-10-05not yet calculatedCVE-2018-0197
BID
CISCOcisco -- ios_and_ios_xe_software
 A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-15373
BID
CISCOcisco -- ios_rom_monitor_software
 A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.2018-10-05not yet calculatedCVE-2018-15370
BID
CISCOcisco -- ios_software
 A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.2018-10-05not yet calculatedCVE-2018-15375
CISCOcisco -- ios_software
 A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.2018-10-05not yet calculatedCVE-2018-0473
BID
SECTRACK
CISCOcisco -- ios_software
 A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.2018-10-05not yet calculatedCVE-2018-15376
CISCOcisco -- ios_xe_software
 A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.2018-10-05not yet calculatedCVE-2018-0475
BID
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.2018-10-05not yet calculatedCVE-2018-0472
BID
SECTRACK
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.2018-10-05not yet calculatedCVE-2018-0481
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition.2018-10-05not yet calculatedCVE-2018-0470
BID
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device.2018-10-05not yet calculatedCVE-2018-15368
CISCOcisco -- ios_xe_software
 A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.2018-10-05not yet calculatedCVE-2018-0469
BID
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.2018-10-05not yet calculatedCVE-2018-15374
BID
CISCOcisco -- ios_xe_software
 A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.2018-10-05not yet calculatedCVE-2018-0471
BID
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2018-10-05not yet calculatedCVE-2018-0476
BID
SECTRACK
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.2018-10-05not yet calculatedCVE-2018-15372
BID
CISCOcisco -- ios_xe_software
 A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.2018-10-05not yet calculatedCVE-2018-15371
CISCOcisco -- ios_xe_software
 A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.2018-10-05not yet calculatedCVE-2018-0480
BID
SECTRACK
CISCOcisco -- ios_xe_software
 A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.2018-10-05not yet calculatedCVE-2018-0477
SECTRACK
CISCOcisco -- ios_xr_software
 A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.2018-10-05not yet calculatedCVE-2018-15428
SECTRACK
CISCOcisco -- meeting_serverA vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.2018-10-05not yet calculatedCVE-2018-0439
BID
SECTRACK
CISCOcisco -- multiple_products
 A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.2018-10-05not yet calculatedCVE-2018-15403
SECTRACK
SECTRACK
CISCOcisco -- network_plug_and_play_agent
 A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.2018-10-05not yet calculatedCVE-2018-15377
CISCOcisco -- network_services_orchestrator
 A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.2018-10-05not yet calculatedCVE-2018-0463
CISCOcisco -- packaged_contact_center_enterprise
 A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.2018-10-05not yet calculatedCVE-2018-0445
CISCOcisco -- packaged_contact_center_enterprise
 A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-10-05not yet calculatedCVE-2018-0444
CISCOcisco -- prime_access_registrar
 A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.2018-10-05not yet calculatedCVE-2018-0421
BID
SECTRACK
CISCOcisco -- prime_collaboration_assurance
 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-10-05not yet calculatedCVE-2018-0458
BID
SECTRACK
CISCOcisco -- prime_collaboration_provisioning
 A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.2018-10-05not yet calculatedCVE-2018-15389
CISCOcisco -- prime_infrastructure
 A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information.2018-10-05not yet calculatedCVE-2018-15432
CISCOcisco -- prime_infrastructure
 A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.2018-10-05not yet calculatedCVE-2018-15379
BID
CISCOcisco -- prime_infrastructure
 A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information.2018-10-05not yet calculatedCVE-2018-15433
CISCOcisco -- remote_phy_software
 A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition.2018-10-05not yet calculatedCVE-2018-15391
CISCOcisco -- rv110w_wireless-n_vpn_firewall_and_rv130w_wireless-n_multifunction_vpn_router_and_ rv215w_wireless-n_vpn_routerA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.2018-10-05not yet calculatedCVE-2018-0426
SECTRACK
CISCOcisco -- rv110w_wireless-n_vpn_firewall_and_rv130w_wireless-n_multifunction_vpn_router_and_ rv215w_wireless-n_vpn_routerA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.2018-10-05not yet calculatedCVE-2018-0423
BID
SECTRACK
CISCOcisco -- rv110w_wireless-n_vpn_firewall_and_rv130w_wireless-n_multifunction_vpn_router_and_cisco_rv215w_wireless-n_vpn_routerA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.2018-10-05not yet calculatedCVE-2018-0424
SECTRACK
CISCOcisco -- rv110w_wireless-n_vpn_firewall_and_rv130w_wireless-n_multifunction_vpn_router_and_rv215w_wireless-n_vpn_routerA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.2018-10-05not yet calculatedCVE-2018-0425
SECTRACK
CISCOcisco -- rv180w_wireless-n_multifunction_vpn_router_and_small_business_rv_series_rv220w_wireless_network_security_firewallA vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.2018-10-05not yet calculatedCVE-2018-0404
CONFIRMcisco -- rv180w_wireless-n_multifunction_vpn_router_and_small_business_rv_series_rv220w_wireless_network_security_firewallA vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.2018-10-05not yet calculatedCVE-2018-0405
CONFIRMcisco -- sd-wan_solution
 A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.2018-10-05not yet calculatedCVE-2018-15387
BID
CISCOcisco -- sd-wan_solution
 A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.2018-10-05not yet calculatedCVE-2018-0434
BID
CISCOcisco -- sd-wan_solution
 A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.2018-10-05not yet calculatedCVE-2018-0433
BID
CISCOcisco -- sd-wan_solution
 A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.2018-10-05not yet calculatedCVE-2018-0432
BID
CISCOcisco -- second_generation_integrated_services_routers
 A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device.2018-10-05not yet calculatedCVE-2018-0485
BID
SECTRACK
SECTRACK
CISCOcisco -- secure_access_control_server
 A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.2018-10-05not yet calculatedCVE-2018-0414
BID
SECTRACK
CISCOcisco -- server_message_block
 A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. It is also possible that a manual reload of the device may be required to clear the condition. The vulnerability is due to incorrect SMB header validation. An attacker could exploit this vulnerability by sending a custom SMB file transfer through the targeted device. A successful exploit could cause the device to consume an excessive amount of system memory and prevent the SNORT process from forwarding network traffic. This vulnerability can be exploited using either IPv4 or IPv6 in combination with SMBv2 or SMBv3 network traffic.2018-10-05not yet calculatedCVE-2018-0455
CISCOcisco -- small_business_300_series_managed_switches
 A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-0465
CISCOcisco -- tetration_analytics
 A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-10-05not yet calculatedCVE-2018-0452
BID
CISCOcisco -- tetration_analytics
 A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.2018-10-05not yet calculatedCVE-2018-0451
BID
CISCOcisco -- ucs_director
 A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15406
SECTRACK
CISCOcisco -- umbrella_api
 A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.2018-10-05not yet calculatedCVE-2018-0435
BID
CISCOcisco -- umbrella_enterprise_roaming_client
 A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.2018-10-05not yet calculatedCVE-2018-0438
BID
CISCO
EXPLOIT-DBcisco -- umbrella_enterprise_roaming_client
 A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.2018-10-05not yet calculatedCVE-2018-0437
BID
CISCO
EXPLOIT-DBcisco -- unified_ip_phone_7900_series
 A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15434
SECTRACK
CISCOcisco -- unity_connection
 A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.2018-10-05not yet calculatedCVE-2018-15396
SECTRACK
CISCOcisco -- unity_connection
 A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15426
SECTRACK
CISCOcisco -- video_surveillance_manager_software
 A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.2018-10-05not yet calculatedCVE-2018-15427
BID
SECTRACK
CISCOcisco -- webex_events_center_and_webex_meeting_center_and_webex_support_center_and_webex_training_centerA vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2018-10-05not yet calculatedCVE-2018-15436
SECTRACK
SECTRACK
CISCOcisco -- webex_meetings_client_for_windows
 A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.2018-10-05not yet calculatedCVE-2018-0422
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15416
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15411
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15431
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15422
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15419
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15409
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15420
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15408
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15410
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15417
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15418
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15414
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15412
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15421
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15415
BID
SECTRACK
CISCOcisco -- webex_network_recording_player_and_ webex_player_for_microsoft_windowsA vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.2018-10-05not yet calculatedCVE-2018-15413
BID
SECTRACK
CISCOcisco -- webex_player_for_webex_recording_formatA vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory.2018-10-05not yet calculatedCVE-2018-0457
BID
SECTRACK
CISCOcisco -- webex_teams
 A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.2018-10-05not yet calculatedCVE-2018-0436
BID
CISCOcloud_foundry_foundation -- bosh
 Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.2018-10-05not yet calculatedCVE-2018-11083
CONFIRMcloud_foundry_foundation -- log_cache
 Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation.2018-10-05not yet calculatedCVE-2018-1264
CONFIRMcloud_foundry_foundation -- uaa_and_uaa_releaseCloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.2018-10-05not yet calculatedCVE-2018-11082
CONFIRMcoaster -- cms
 A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product.2018-10-04not yet calculatedCVE-2018-17876
MISCd-link -- dir-823g_2018-09-19_devices
 On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.2018-10-03not yet calculatedCVE-2018-17880
MISCd-link -- dir-823g_208-09-19_devices
 On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.2018-10-03not yet calculatedCVE-2018-17881
MISCd_link -- dir-823g_devices
 On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.2018-10-02not yet calculatedCVE-2018-17787
MISCd_link -- dir-823g_devices
 On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.2018-10-02not yet calculatedCVE-2018-17786
MISCdasan -- h660gw_devices
 The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).2018-10-01not yet calculatedCVE-2018-17867
MISCdasan -- h660gw_devices
 DASAN H660GW devices do not implement any CSRF protection mechanism.2018-10-01not yet calculatedCVE-2018-17869
MISCdasdan -- h660gw_devices
 DASAN H660GW devices have Stored XSS in the Port Forwarding functionality.2018-10-01not yet calculatedCVE-2018-17868
MISCdell -- digital_delivery
 Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.2018-10-02not yet calculatedCVE-2018-11072
CONFIRMdell_emc -- unity_oe_and_unityvsa_oeDell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.2018-10-05not yet calculatedCVE-2018-11064
BID
FULLDISCdelta_electronics -- ispsoft
 Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.2018-10-03not yet calculatedCVE-2018-14800
BID
MISCdjango -- django
 An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.2018-10-02not yet calculatedCVE-2018-16984
SECTRACK
CONFIRMellislab -- expressionengine
 ExpressionEngine before 4.3.5 has reflected XSS.2018-10-01not yet calculatedCVE-2018-17874
CONFIRMemerson -- ams_device_manager
 Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.2018-10-01not yet calculatedCVE-2018-14804
BID
MISCemerson -- ams_device_manager
 Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.2018-10-01not yet calculatedCVE-2018-14808
BID
MISCentes -- emg12
 Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution.2018-10-02not yet calculatedCVE-2018-14826
BID
MISCentes -- emg12
 Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code.2018-10-02not yet calculatedCVE-2018-14822
BID
MISCfork -- fork_cms
 In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.2018-10-02not yet calculatedCVE-2018-17595
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3993
SECTRACK
MISCfoxit -- pdf_reader
 Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.2018-09-29not yet calculatedCVE-2018-17781
SECTRACK
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3965
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3994
SECTRACK
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3995
SECTRACK
MISCfoxit -- pdf_reader
 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3962
SECTRACK
MISCfoxit -- pdf_reader
 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3961
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3946
SECTRACK
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3944
SECTRACK
MISCfoxit -- pdf_reader
 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3958
SECTRACK
MISCfoxit -- pdf_reader
 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3957
SECTRACK
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3966
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3943
SECTRACK
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3967
MISCfoxit -- pdf_reader
 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-03not yet calculatedCVE-2018-3964
MISCfoxit -- pdf_reader
 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3959
MISCfoxit -- pdf_reader
 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-10-02not yet calculatedCVE-2018-3960
MISCfuji_electric -- alpha5_smart_loader
 Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.2018-10-01not yet calculatedCVE-2018-14794
BID
MISCfuji_electric -- frenic_loader
 Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure.2018-10-01not yet calculatedCVE-2018-14798
BID
MISCfuji_electric -- frenic_loader
 Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution.2018-10-01not yet calculatedCVE-2018-14802
BID
MISCfuji_electric -- frenic_loader
 Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.2018-10-01not yet calculatedCVE-2018-14790
BID
MISCfuji_electric -- alpha5_smart_loader
 Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types.2018-10-01not yet calculatedCVE-2018-14788
BID
MISCge -- communicatorA heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.2018-10-02not yet calculatedCVE-2017-7908
BID
MISCgetsimple -- cms
 An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.2018-10-01not yet calculatedCVE-2018-17835
MISCgit -- git
 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.2018-10-06not yet calculatedCVE-2018-17456
MISC
MISC
MISC
DEBIAN
MISCgitlab -- community_and_enterprise_edition
 An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.2018-10-03not yet calculatedCVE-2018-16050
CONFIRM
CONFIRMgitlab -- community_and_enterprise_edition
 An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.2018-10-03not yet calculatedCVE-2018-16049
CONFIRM
CONFIRM
CONFIRMgitlab -- community_and_enterprise_edition
 An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.2018-10-03not yet calculatedCVE-2018-16051
CONFIRM
CONFIRMgitlab -- community_and_enterprise_edition
 An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.2018-10-03not yet calculatedCVE-2018-16048
CONFIRM
CONFIRMgnu -- binutils
 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.2018-09-30not yet calculatedCVE-2018-17794
MISCgnu -- binutils
 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.2018-10-04not yet calculatedCVE-2018-17985
MISCgnulib -- gnulib
 The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.2018-10-03not yet calculatedCVE-2018-17942
MISC
MISC
MISCgolang -- go
 The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.2018-10-01not yet calculatedCVE-2018-17846
MISCgolang -- go
 The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.2018-10-01not yet calculatedCVE-2018-17847
MISCgolang -- go
 The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.2018-10-01not yet calculatedCVE-2018-17848
MISCgoogle -- androidAn issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password.2018-10-02not yet calculatedCVE-2018-15753
MISC
BUGTRAQgoogle -- androidIn SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-783548552018-10-02not yet calculatedCVE-2018-9498
BID
MISC
CONFIRMgoogle -- androidAn issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authentication information between the application and the server.2018-10-02not yet calculatedCVE-2018-15752
MISC
BUGTRAQgoogle -- android
 In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1119367922018-10-02not yet calculatedCVE-2018-9502
BID
MISC
MISC
MISC
CONFIRMgoogle -- android
 In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1118939512018-10-02not yet calculatedCVE-2018-9507
BID
MISC
CONFIRMgoogle -- android
 In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A2018-10-02not yet calculatedCVE-2018-9513
BID
CONFIRMgoogle -- android
 In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1118039252018-10-02not yet calculatedCVE-2018-9506
BID
MISC
CONFIRMgoogle -- android
 In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1119370652018-10-02not yet calculatedCVE-2018-9510
BID
MISC
CONFIRMgoogle -- android
 In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-784643612018-10-02not yet calculatedCVE-2018-9452
BID
MISC
MISC
CONFIRMgoogle -- android
 The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.2018-10-05not yet calculatedCVE-2018-13042
CONFIRMgoogle -- android
 In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-1116502882018-10-02not yet calculatedCVE-2018-9511
BID
MISC
CONFIRMgoogle -- android
 In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1119370272018-10-02not yet calculatedCVE-2018-9509
BID
MISC
CONFIRMgoogle -- android
 In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1112740462018-10-02not yet calculatedCVE-2018-9490
BID
MISC
MISC
CONFIRMgoogle -- android
 In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-1119349482018-10-02not yet calculatedCVE-2018-9492
BID
MISC
CONFIRMgoogle -- android
 In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1110859002018-10-02not yet calculatedCVE-2018-9493
BID
MISC
MISC
MISC
CONFIRMgoogle -- android
 In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1100344192018-10-02not yet calculatedCVE-2018-9501
BID
MISC
CONFIRMgoogle -- android
 In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-792184742018-10-02not yet calculatedCVE-2018-9499
BID
MISC
CONFIRMgoogle -- android
 In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1102161762018-10-02not yet calculatedCVE-2018-9504
BID
MISC
CONFIRMgoogle -- android
 In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-740786692018-10-02not yet calculatedCVE-2018-9497
BID
MISC
CONFIRMgoogle -- android
 In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-1096991122018-10-02not yet calculatedCVE-2018-9476
BID
MISC
CONFIRMgoogle -- android
 In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-1119368342018-10-02not yet calculatedCVE-2018-9508
BID
MISC
CONFIRMgoogle -- android
 In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1107915362018-10-02not yet calculatedCVE-2018-9505
BID
MISC
CONFIRMgoogle -- android
 In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-1116030512018-10-02not yet calculatedCVE-2018-9491
BID
MISC
CONFIRMgoogle -- android
 In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A2018-10-02not yet calculatedCVE-2018-9514
BID
CONFIRMgoogle -- android
 In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-654844602018-10-02not yet calculatedCVE-2018-9473
BID
MISC
CONFIRMgoogle -- android
 In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-1107699242018-10-02not yet calculatedCVE-2018-9496
BID
MISC
CONFIRMgoogle -- android
 In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A2018-10-02not yet calculatedCVE-2018-9515
BID
CONFIRMgoogle -- android
 In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-804329282018-10-02not yet calculatedCVE-2018-9503
BID
MISC
MISC
MISC
CONFIRMhisiphp -- hisiphp
 HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico).2018-10-01not yet calculatedCVE-2018-17826
MISChisiphp -- hisiphp
 HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.2018-10-01not yet calculatedCVE-2018-17827
MISChp -- consumer_notebooksA BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.2018-10-03not yet calculatedCVE-2017-2751
HPhp -- printers_and_multi-function_printersA potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.2018-10-03not yet calculatedCVE-2018-5921
HPibm -- financial_transaction_manager_for_ach_services_for_multi-platformIBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946.2018-10-04not yet calculatedCVE-2018-1670
CONFIRM
CONFIRM
XFibm -- financial_transaction_manager_for_digital_payments_for_multi-platform
 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023.2018-10-04not yet calculatedCVE-2018-1819
CONFIRM
CONFIRM
CONFIRM
XFibm -- gpfsIBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.2018-10-05not yet calculatedCVE-2018-1783
XF
CONFIRMibm -- maximo_asset_management
 IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505.2018-10-05not yet calculatedCVE-2018-1686
XF
CONFIRMibm -- multi-cloud_data_encryption
 IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568.2018-10-02not yet calculatedCVE-2018-1593
XF
CONFIRMibm -- qradar_incident_forensics
 IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655.2018-10-05not yet calculatedCVE-2018-1649
XF
CONFIRMibm -- qradar_incident_forensics
 IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650.2018-10-05not yet calculatedCVE-2018-1647
XF
CONFIRMibm -- raitonal_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133259.2018-10-02not yet calculatedCVE-2017-1649
CONFIRM
XFibm -- rational_collaborative_lifecycle_management
 IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.2018-10-02not yet calculatedCVE-2018-1558
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138441.2018-10-02not yet calculatedCVE-2018-1405
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143794.2018-10-04not yet calculatedCVE-2018-1604
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138440.2018-10-02not yet calculatedCVE-2018-1404
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139589.2018-10-02not yet calculatedCVE-2018-1439
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138439.2018-10-02not yet calculatedCVE-2018-1403
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143791.2018-10-02not yet calculatedCVE-2018-1601
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138427.2018-10-02not yet calculatedCVE-2018-1395
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792.2018-10-04not yet calculatedCVE-2018-1602
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143795.2018-10-02not yet calculatedCVE-2018-1605
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145583.2018-10-02not yet calculatedCVE-2018-1692
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141803.2018-10-02not yet calculatedCVE-2018-1522
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142955.2018-10-02not yet calculatedCVE-2018-1557
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139595.2018-10-02not yet calculatedCVE-2018-1440
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582.2018-10-02not yet calculatedCVE-2018-1691
CONFIRM
XFibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143793.2018-10-04not yet calculatedCVE-2018-1603
CONFIRM
XFibm -- robotic_process_automation_with_automation_anywhere_enterpriseIBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883.2018-10-05not yet calculatedCVE-2018-1812
XF
CONFIRMibm -- robotic_process_automation_with_automation_anywhere_enterprise
 IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073.2018-10-05not yet calculatedCVE-2018-1795
XF
CONFIRMibm -- security_guardiam_ecosystem
 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.2018-10-02not yet calculatedCVE-2018-1509
CONFIRM
SECTRACK
XFibm -- security_guardium_ecosystem
 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.2018-10-02not yet calculatedCVE-2018-1498
SECTRACK
XF
CONFIRMibm -- spectrum_scale
 IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow a GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.2018-10-05not yet calculatedCVE-2018-1723
XF
CONFIRMibm -- websphere_application_server
 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949.2018-10-03not yet calculatedCVE-2018-1794
SECTRACK
XF
CONFIRMibm -- websphere_application_server
 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948.2018-10-03not yet calculatedCVE-2018-1793
SECTRACK
XF
CONFIRMibm -- websphere_portal
 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.2018-10-01not yet calculatedCVE-2018-1420
SECTRACK
XF
CONFIRMibm --websphere_portal
 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.2018-10-01not yet calculatedCVE-2018-1672
SECTRACK
XF
CONFIRMice_cold_apps -- ice_cold_apps_servers_ultimateIce Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.2018-10-05not yet calculatedCVE-2013-7465
MISC
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.2018-10-03not yet calculatedCVE-2018-17966
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.2018-10-05not yet calculatedCVE-2018-18016
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.2018-10-03not yet calculatedCVE-2018-17967
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.2018-10-03not yet calculatedCVE-2018-17965
MISCispconfig -- ispconfig
 An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.2018-10-04not yet calculatedCVE-2018-17984
MISC
MISC
MISC
jeesns -- jeesnsAn issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.2018-10-02not yet calculatedCVE-2018-17886
MISCjtbc -- jtbcAn issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.2018-10-01not yet calculatedCVE-2018-17836
MISCjtbc -- jtbcAn issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.2018-10-01not yet calculatedCVE-2018-17837
MISCjtbc -- jtbc
 An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.2018-10-01not yet calculatedCVE-2018-17838
MISClenovo -- ideapad
 In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.2018-10-02not yet calculatedCVE-2018-9069
CONFIRMlibtiff -- libtiff
 The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.2018-09-30not yet calculatedCVE-2018-17795
MISC
BIDlinux -- kernel
 An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.2018-10-03not yet calculatedCVE-2018-17972
MISCmartem -- telem_gw6/gwm
 Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU.2018-10-01not yet calculatedCVE-2018-10605
MISC
CONFIRMmcafee -- data_loss_prevention_endpoint
 Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.2018-10-03not yet calculatedCVE-2018-6689
CONFIRMmcafee -- threat_intelligence_exchange_server
 SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.2018-10-03not yet calculatedCVE-2018-6695
CONFIRMmediawiki -- mediawiki
 Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.2018-10-04not yet calculatedCVE-2018-0503
SECTRACK
MLIST
CONFIRM
DEBIANmediawiki -- mediawiki
 Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid2018-10-04not yet calculatedCVE-2018-0504
SECTRACK
MLIST
CONFIRM
DEBIANmediawiki -- mediawiki
 Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock2018-10-04not yet calculatedCVE-2018-0505
SECTRACK
MLIST
CONFIRM
DEBIANmediawiki -- mediawiki
 Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.2018-10-04not yet calculatedCVE-2018-13258
SECTRACK
MLIST
CONFIRMmercurial -- mercurial
 cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.2018-10-04not yet calculatedCVE-2018-17983
MISC
MISCmrcms -- mrcms
 An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file.2018-09-30not yet calculatedCVE-2018-17796
MISCmulti-tech -- faxfinder
 Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.2018-10-03not yet calculatedCVE-2018-17562
MISCnavigate -- cms
 Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.2018-10-04not yet calculatedCVE-2018-17849
MISCnaviwebs -- navigate_cms
 An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.2018-10-03not yet calculatedCVE-2018-17553
CONFIRM
MISCnaviwebs -- navigate_cms
 SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.2018-10-03not yet calculatedCVE-2018-17552
CONFIRM
MISCnetapp -- e-series_santricity_os_controller_software
 NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution.2018-10-04not yet calculatedCVE-2018-5492
CONFIRMnullsoft -- scriptable_install_systemNullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.2018-10-01not yet calculatedCVE-2015-9268
MISCnullsoft -- scriptable_install_system
 Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.2018-10-01not yet calculatedCVE-2015-9267
MISCnvidia -- geforce_experience
 NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.2018-10-02not yet calculatedCVE-2018-6262
CONFIRMnvidia -- geforce_experience
 NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.2018-10-02not yet calculatedCVE-2018-6261
CONFIRMopac -- easyweb_five
 An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.2018-10-03not yet calculatedCVE-2018-17428
EXPLOIT-DBopc_foundation -- ua_client_applications
 Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.2018-10-03not yet calculatedCVE-2018-12087
CONFIRMopensuse -- open_build_serviceA path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.2018-10-02not yet calculatedCVE-2018-12473
CONFIRM
CONFIRMphpscriptsmall.com -- mall_domain_lookup_script
 PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar.2018-10-04not yet calculatedCVE-2018-16453
MISCphpscriptsmall.com -- market_place_script
 PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword.2018-10-04not yet calculatedCVE-2018-16455
MISCphpscriptsmall.com -- olx_clone
 PHP Scripts Mall Olx Clone 3.4.2 has XSS.2018-10-04not yet calculatedCVE-2018-16326
MISCphpscriptsmall.com -- open_source_real-estate_script
 PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory.2018-10-04not yet calculatedCVE-2018-16457
MISCphpscriptsmall.com -- website_seller_script
 PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature.2018-10-04not yet calculatedCVE-2018-16456
MISCpivotal -- container service
 Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.2018-10-05not yet calculatedCVE-2018-15763
CONFIRMpivotal -- operations_manager
 Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..2018-10-05not yet calculatedCVE-2018-11081
CONFIRMprogress -- sitefinity_cmsCross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053.2018-10-03not yet calculatedCVE-2018-17054
CONFIRMprogress -- sitefinity_cms
 Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054.2018-10-03not yet calculatedCVE-2018-17053
CONFIRMptc -- thingworx_platform
 An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.2018-09-30not yet calculatedCVE-2018-17217
CONFIRMptc -- thingworx_platform
 An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.2018-09-30not yet calculatedCVE-2018-17216
CONFIRMptc -- thingworx_platform
 An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.2018-09-30not yet calculatedCVE-2018-17218
CONFIRMpuppet -- cisco_ios_modulePrevious releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default.2018-10-02not yet calculatedCVE-2018-11750
CONFIRMpuppet -- cisco_ios_modulePrevious releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release.2018-10-02not yet calculatedCVE-2018-11752
CONFIRMpuppet -- device_manager_module
 Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0.2018-10-02not yet calculatedCVE-2018-11748
CONFIRMqpdf -- qpdfIn QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.2018-10-06not yet calculatedCVE-2018-18020
MISCrazorcms -- razorcms
 rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.2018-10-04not yet calculatedCVE-2018-17986
MISCreaxo -- redaxo_cms
 The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.2018-10-01not yet calculatedCVE-2018-17830
MISCredaxo -- redaxo_cms
 In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.2018-10-01not yet calculatedCVE-2018-17831
MISC
MISC
MISCrsa -- authentication_manager
 RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.2018-09-28not yet calculatedCVE-2018-11075
BID
SECTRACK
FULLDISCrsa -- authentication_manager
 RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.2018-09-28not yet calculatedCVE-2018-11074
BID
SECTRACK
FULLDISCrsa -- authentication_manager
 RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.2018-09-28not yet calculatedCVE-2018-11073
BID
SECTRACK
FULLDISCruby -- karo_gem
 The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.2018-10-05not yet calculatedCVE-2014-10075
MISC
MISCsamsung -- scx-6545x_devices
 Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.2018-10-03not yet calculatedCVE-2018-17969
MISCsimdcomp -- simdcomp
 SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.2018-10-01not yet calculatedCVE-2018-17854
MISCsimdcomp -- simdcomp
 SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes.2018-10-01not yet calculatedCVE-2018-17427
MISCstrongswan -- strongswan
 The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.2018-10-03not yet calculatedCVE-2018-17540
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRMsubrion -- subrion_cms
 _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter.2018-10-02not yet calculatedCVE-2018-15563
MISCsuse -- linux_smtA SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.2018-10-04not yet calculatedCVE-2018-12470
CONFIRMsuse -- linux_smt
 A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.2018-10-04not yet calculatedCVE-2018-12471
CONFIRMsuse -- linux_smt
 A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.2018-10-04not yet calculatedCVE-2018-12472
CONFIRMtcpreplay -- tcpreplay
 A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.2018-09-28not yet calculatedCVE-2018-17580
MISC
MISCtcpreplay -- tcpreplay
 Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.2018-09-28not yet calculatedCVE-2018-17582
MISC
MISCtcpreplay -- tcpreplay
 An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.2018-10-03not yet calculatedCVE-2018-17974
MISC
MISCtp-link -- tl-wrn841n
 The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.2018-10-01not yet calculatedCVE-2018-15702
MISCtp-link -- tl-wrn841n
 The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.2018-10-01not yet calculatedCVE-2018-15701
MISCtp-link_--_tl-wrn841nThe web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.2018-10-01not yet calculatedCVE-2018-15700
MISCverba -- collaboration_compliance_and_quality_management_platform
 Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.2018-10-04not yet calculatedCVE-2018-17871
MISC
CONFIRM
BUGTRAQ
MISCverba -- collaboration_compliance_and_quality_management_platform
 Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.2018-10-04not yet calculatedCVE-2018-17872
MISC
CONFIRM
BUGTRAQ
MISCvirtualenv -- virtualenv
 Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands.2018-09-30not yet calculatedCVE-2018-17793
MISC
EXPLOIT-DBvmware -- workspace_one_unified_endpoint_management_console
 The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.8, 9.6.x prior to 9.6.0.8, 9.5.x prior to 9.5.0.17, 9.4.x prior to 9.4.0.23, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.28, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.2018-10-05not yet calculatedCVE-2018-6979
SECTRACK
CONFIRM

wordpress -- wordpress

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.2018-10-03not yet calculatedCVE-2018-17946
MISC
MISCwordpress -- wordpress
 The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code.2018-10-05not yet calculatedCVE-2015-9272
MISC
MISCwordpress -- wordpress
 The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.2018-10-05not yet calculatedCVE-2014-10076
MISCwordpress -- wordpress
 The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.2018-10-03not yet calculatedCVE-2018-17947
MISC
MISC
MISCwordpress -- wordpress
 The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905.2018-10-04not yet calculatedCVE-2015-9271
MISCwordpress -- wordpress
 An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bounds index which can result in arbitrary data being read as a pointer. Later, when the application attempts to write to said pointer, an arbitrary write will occur. This can allow an attacker to further corrupt memory, which leads to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.2018-10-01not yet calculatedCVE-2018-3982
MISCwordpress -- wordpress
 XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php2018-10-02not yet calculatedCVE-2018-17884
MISC
MISC
MISCwordpress -- wordpress
 The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.2018-10-01not yet calculatedCVE-2015-9269
MISC
MISC
MISCwordpress -- wordpress
 XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter.2018-10-01not yet calculatedCVE-2015-9270
MISC
MISCwuzhi -- cms
 A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.2018-10-01not yet calculatedCVE-2018-17852
MISCwuzhi -- cms
 XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.2018-10-01not yet calculatedCVE-2018-17832
MISC
EXPLOIT-DBzahir -- accounting_enterprise_plus
 Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.2018-10-03not yet calculatedCVE-2018-17408
MISC
EXPLOIT-DBzimbra -- collaboration
 Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.2018-10-03not yet calculatedCVE-2018-17938
MISC
MISCzoho -- manageengine_assetexplorerIn Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.2018-10-02not yet calculatedCVE-2018-17596
MISCzzcms -- zzcms
 An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-09-30not yet calculatedCVE-2018-17797
MISCzzcms -- zzcms
 An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-09-30not yet calculatedCVE-2018-17798
MISCzziplib -- zziplib
 Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.2018-10-01not yet calculatedCVE-2018-17828
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


National Cybersecurity Awareness Month Webinar on Securing the Internet

Fri, 10/05/2018 - 20:04
Original release date: October 05, 2018

The Multi-State Information Sharing and Analysis Center, National Cyber Security Alliance, and the Department of Homeland Security are conducting a National Cybersecurity Awareness Month (NCSAM) webinar focused on securing the internet. The webinar will be held on Tuesday, October 9, 2018, at 2 p.m. ET.

NCCIC encourages users and administrators to review the Center for Internet Security's NCSAM webinar page for additional information and register for the webinar by clicking on the date listed above.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Update

Fri, 10/05/2018 - 20:00
Original release date: October 05, 2018

VMware has released a security update to address a vulnerability in AirWatch Console. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0024 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.