US-CERT

  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
Syndicate content
Updated: 20 hours 33 min ago

Apache Releases Security Updates for Tomcat Native

Sat, 08/18/2018 - 10:05
Original release date: August 17, 2018 | Last revised: August 20, 2018

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server.

NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads page and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Thu, 08/16/2018 - 01:48
Original release date: August 15, 2018

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.  

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Guidance on Defending Against Travel Scams

Wed, 08/15/2018 - 10:04
Original release date: August 14, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against travel scams. FBI explains how scammers trick consumers with "free" vacation ploys. These offers may be fake or involve hidden fees. Legitimate companies will not ask prize winners to pay to claim their reward.

NCCIC encourages consumers to review the FBI Article, the Federal Trade Commission's Travel Tips, and NCCIC's Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Wed, 08/15/2018 - 07:16
Original release date: August 14, 2018 | Last revised: August 15, 2018

VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information.

NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020, VMSA-2018-0021, and VMSA-2018-0022 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Wed, 08/15/2018 - 06:23
Original release date: August 14, 2018

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, and CVE-2018-1140 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Wed, 08/15/2018 - 05:21
Original release date: August 14, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, Adobe Experience Manager, Adobe Flash Player, and Adobe Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-20, APSB18-25, APSB18-26, and APSB18-29, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases August 2018 Security Updates

Wed, 08/15/2018 - 05:14
Original release date: August 14, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft’s August 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Intel Side-Channel L1TF Vulnerability

Wed, 08/15/2018 - 01:54
Original release date: August 14, 2018 | Last revised: August 15, 2018

Intel has released recommendations to address a side-channel vulnerability called L1 Terminal Fault (L1TF) that affects multiple Intel microprocessors. An attacker could exploit this vulnerability to obtain sensitive information.

NCCIC encourages users and administrators to review Intel's Security Advisory INTEL-SA-00161, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

Additional resources include:

This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases Security Alert

Tue, 08/14/2018 - 03:19
Original release date: August 13, 2018 | Last revised: August 14, 2018

Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle Security Alert and the Multi-State Information Sharing & Analysis Center Advisory 2018-089 for more information and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-225: Vulnerability Summary for the Week of August 6, 2018

Mon, 08/13/2018 - 19:02
Original release date: August 13, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaedes -- aedes
 Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.2018-08-08not yet calculatedCVE-2018-3778
MISC
MISC
MISCapache -- airflowIt was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.2018-08-06not yet calculatedCVE-2017-12614
MLISTarubanetworks -- airwaveAruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.2018-08-06not yet calculatedCVE-2016-8526
CONFIRM
BID
EXPLOIT-DBarubanetworks -- airwaveAruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.2018-08-06not yet calculatedCVE-2016-8527
CONFIRM
BID
EXPLOIT-DBarubanetworks -- arubaosMultiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.2018-08-06not yet calculatedCVE-2017-9003
CONFIRM
SECTRACKarubanetworks -- arubaosArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.2018-08-06not yet calculatedCVE-2017-9000
CONFIRM
SECTRACKarubanetworks -- clearpassAruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.2018-08-06not yet calculatedCVE-2018-7059
CONFIRMarubanetworks -- clearpassAruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.2018-08-06not yet calculatedCVE-2018-7060
CONFIRMarubanetworks -- clearpassAruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.2018-08-06not yet calculatedCVE-2018-7058
CONFIRMarubanetworks -- clearpassAruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.2018-08-06not yet calculatedCVE-2017-9001
CONFIRMarubanetworks -- clearpassAll versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.2018-08-06not yet calculatedCVE-2017-9002
CONFIRMasus -- hg100_devicesASUS HG100 devices allow denial of service via an IPv4 packet flood.2018-08-10not yet calculatedCVE-2018-11492
MISCatlassian -- cloudtokenUnauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.2018-08-10not yet calculatedCVE-2018-13390
MISCauracms -- auracms
 AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.2018-08-07not yet calculatedCVE-2018-15199
MISCcelalink -- clr-m20_devicesCeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.2018-08-07not yet calculatedCVE-2018-15137
MISCcgit -- cgit
 cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.2018-08-03not yet calculatedCVE-2018-14912
MISC
MLIST
MISC
DEBIANcisco -- thorStack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream.2018-08-09not yet calculatedCVE-2018-0429
CONFIRMcobbler -- cobbler
 It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.2018-08-09not yet calculatedCVE-2018-10931
REDHAT
CONFIRMcoremail -- coremail
 Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.2018-08-10not yet calculatedCVE-2018-14503
MISCcouchdb -- couchdbCouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.2018-08-08not yet calculatedCVE-2018-11769
BID
MISCcraft -- cms
 A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.2018-08-06not yet calculatedCVE-2018-14716
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBcrestron -- tsw-x60_and_mc3For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.2018-08-10not yet calculatedCVE-2018-10630
MISCcrestron -- tsw-x60_and_mc3Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.2018-08-10not yet calculatedCVE-2018-13341
MISCcsrf-magic -- csrf-magic
 In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.2018-08-07not yet calculatedCVE-2013-7464
MISC
MISC
MISCdell -- wyse_management_suiteDell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.2018-08-10not yet calculatedCVE-2018-11063
MISCdell_emc -- data_protection_advisor_and_data_protection_applianceDell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.2018-08-10not yet calculatedCVE-2018-11048
FULLDISC
SECTRACKdilawar -- soundAn issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).2018-08-05not yet calculatedCVE-2018-14948
MISC
MISCdjango -- django
 django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.2018-08-03not yet calculatedCVE-2018-14574
BID
SECTRACK
UBUNTU
DEBIAN
CONFIRMdrupal -- drupal
 Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.2018-08-06not yet calculatedCVE-2017-6920
BID
SECTRACK
CONFIRMemlsoft -- emlsoftAn issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.2018-08-06not yet calculatedCVE-2018-14966
MISCemlsoft -- emlsoftAn issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF.2018-08-06not yet calculatedCVE-2018-14965
MISCemlsoft -- emlsoftAn issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter.2018-08-06not yet calculatedCVE-2018-14968
MISCemlsoft -- emlsoftAn issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter.2018-08-06not yet calculatedCVE-2018-14967
MISCemlsoft -- emlsoftAn issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.2018-08-06not yet calculatedCVE-2018-14964
MISCethereum -- eether_tokenAn integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.2018-08-08not yet calculatedCVE-2018-11561
MISCethereum -- megacryptopolisThe doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.2018-08-06not yet calculatedCVE-2018-13877
MISCethereum -- mycryptochampThe randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.2018-08-07not yet calculatedCVE-2018-12885
MISC
MISC
MISCethereum -- smartmesh_tokenThe transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).2018-08-10not yet calculatedCVE-2018-10769
MISCfreebsd -- freebsdOne of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.2018-08-09not yet calculatedCVE-2018-6922
SECTRACK
FREEBSDgitea_and_gogs -- gitea_and_gogs
 An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.2018-08-07not yet calculatedCVE-2018-15192
MISC
MISCgogs -- gogsA CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.2018-08-07not yet calculatedCVE-2018-15193
MISCgogs -- gogs
 Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.2018-08-07not yet calculatedCVE-2018-15178
MISC
MISCgxlcms -- gxlcms
 In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.2018-08-07not yet calculatedCVE-2018-15177
MISCharmonic -- nsg_9000_devicesHarmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.2018-08-05not yet calculatedCVE-2018-14943
MISCharmonic -- nsg_9000_devicesHarmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.2018-08-05not yet calculatedCVE-2018-14941
MISCharmonic -- nsg_9000_devicesHarmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data.2018-08-05not yet calculatedCVE-2018-14942
MISC

hewlett_packard_enterprise -- arcsight_winc_connector

A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.2018-08-06not yet calculatedCVE-2016-4391
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- business_service_managementA remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.262018-08-06not yet calculatedCVE-2016-4405
BID
CONFIRMhewlett_packard_enterprise -- business_service_managementA remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.2018-08-06not yet calculatedCVE-2016-4392
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- centralview_fraud_risk_managementHPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.2018-08-06not yet calculatedCVE-2017-8992
CONFIRMhewlett_packard_enterprise -- centralview_fraud_risk_managementHPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.2018-08-06not yet calculatedCVE-2018-7070
CONFIRMhewlett_packard_enterprise -- centralview_fraud_risk_management
 HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.2018-08-06not yet calculatedCVE-2018-7068
CONFIRMhewlett_packard_enterprise -- centralview_fraud_risk_management
 HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.2018-08-06not yet calculatedCVE-2018-7069
CONFIRMhewlett_packard_enterprise -- centralview_fraud_risk_management
 HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.2018-08-06not yet calculatedCVE-2017-8991
CONFIRMhewlett_packard_enterprise -- icewall_sso_dfw
 A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.2018-08-06not yet calculatedCVE-2017-8989
CONFIRMhewlett_packard_enterprise -- integrated_lights_outA Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions.2018-08-06not yet calculatedCVE-2017-8987
SECTRACK
CONFIRMhewlett_packard_enterprise -- integrated_lights_outA remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.2018-08-06not yet calculatedCVE-2018-7078
SECTRACK
CONFIRMhewlett_packard_enterprise -- integrated_lights_out
 A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.2018-08-06not yet calculatedCVE-2016-4406
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- intelligent_management_centerA potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.2018-08-06not yet calculatedCVE-2018-7092
SECTRACK
CONFIRMhewlett_packard_enterprise -- intelligent_management_center_wireless_service_manager
 A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.2018-08-06not yet calculatedCVE-2017-8990
SECTRACK
CONFIRMhewlett_packard_enterprise -- intelligent_management_center
 A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.2018-08-06not yet calculatedCVE-2018-7074
SECTRACK
CONFIRMhewlett_packard_enterprise -- intelligent_management_center
 A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version.2018-08-06not yet calculatedCVE-2018-7075
CONFIRMhewlett_packard_enterprise -- keyviewA security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.2018-08-06not yet calculatedCVE-2016-4404
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- keyviewA security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.2018-08-06not yet calculatedCVE-2016-4402
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- keyviewA security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.2018-08-06not yet calculatedCVE-2016-4403
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- moonshot_provisioning_manager
 A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.2018-08-06not yet calculatedCVE-2018-7072
CONFIRM
MISChewlett_packard_enterprise -- moonshot_provisioning_manager
 A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.2018-08-06not yet calculatedCVE-2018-7073
CONFIRM
UBUNTU
MISChewlett_packard_enterprise -- network_function_virtualization_director
 HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.2018-08-06not yet calculatedCVE-2018-7071
CONFIRMhewlett_packard_enterprise -- network_node_manager_iA security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).2018-08-06not yet calculatedCVE-2016-4400
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- network_node_manager_iA local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.2018-08-06not yet calculatedCVE-2016-4397
BID
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- network_node_manager_iA security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).2018-08-06not yet calculatedCVE-2016-4399
BID
SECTRACK
CONFIRMhewlett_packard_enterprise -- network_node_manager_iA remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.2018-08-06not yet calculatedCVE-2016-4398
BID
CONFIRMhewlett_packard_enterprise -- restful_interface_toolA remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.2018-08-06not yet calculatedCVE-2017-8968
CONFIRMhewlett_packard_enterprise -- xp_command_view_advanced_edition
 A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).2018-08-06not yet calculatedCVE-2017-8988
CONFIRMhewlett_packard_enterprise -- xp_p9000_command_view_advanced_edition
 HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.2018-08-06not yet calculatedCVE-2018-7091
CONFIRMhewlett_packard_enterprise -- xp_p9000_command_view_advanced_edition
 HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.2018-08-06not yet calculatedCVE-2018-7090
CONFIRMhitachi -- command_suiteAn Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.2018-08-09not yet calculatedCVE-2018-14735
CONFIRMibm -- jazz_foundation_productsIBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139025.2018-08-06not yet calculatedCVE-2018-1422
CONFIRM
BID
XFibm -- maximo_asset_managementIBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.2018-08-03not yet calculatedCVE-2018-1524
XF
CONFIRMibm -- maximo_asset_managementIBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.2018-08-06not yet calculatedCVE-2018-1528
BID
XF
CONFIRMibm -- rhapsody_model_managerIBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510.2018-08-07not yet calculatedCVE-2018-1690
CONFIRM
XFibm -- security_identity_governance_virtual_applianceIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.2018-08-06not yet calculatedCVE-2017-1366
CONFIRM
XFibm -- security_identity_governance_virtual_applianceIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400.2018-08-06not yet calculatedCVE-2017-1412
CONFIRM
XFibm -- security_identity_governance_virtual_applianceIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855.2018-08-06not yet calculatedCVE-2017-1755
CONFIRM
XFibm -- security_identity_governance_virtual_applianceIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 126861.2018-08-06not yet calculatedCVE-2017-1368
CONFIRM
XFibm -- security_identity_governance_virtual_applianceIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.2018-08-06not yet calculatedCVE-2017-1411
CONFIRM
XFibm -- security_identity_governance_virtual_applianceIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342.2018-08-06not yet calculatedCVE-2017-1396
CONFIRM
XFibm -- security_identity_governance_virtual_applianceIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 127396.2018-08-06not yet calculatedCVE-2017-1409
CONFIRM
XFibm -- websphere_mqIBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.2018-08-06not yet calculatedCVE-2018-1551
BID
XF
CONFIRMignited -- cmsAn issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages.2018-08-08not yet calculatedCVE-2018-15203
MISCinsteon -- hubSpecially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow.2018-08-06not yet calculatedCVE-2017-16252
MISCinsteon -- hubAn exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.2018-08-06not yet calculatedCVE-2017-14447
MISCjenkins -- jenkins
 jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.2018-08-06not yet calculatedCVE-2017-2654
CONFIRM
CONFIRMjiofi -- 4g_hotspot_m2s_devicesJioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields.2018-08-09not yet calculatedCVE-2018-15181
MISCjpeg_encoder -- jpeg_encoderAn issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.2018-08-05not yet calculatedCVE-2018-14945
MISC
MISCjpeg_encoder -- jpeg_encoder
 An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.2018-08-05not yet calculatedCVE-2018-14944
MISC
MISCjuunan06 -- ecommerceAn issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.2018-08-08not yet calculatedCVE-2018-15202
MISClaravel -- frameworkIn Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.2018-08-09not yet calculatedCVE-2018-15133
CONFIRMlibpq -- libpq
 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.2018-08-09not yet calculatedCVE-2018-10915
CONFIRM
DEBIAN
CONFIRMlibreoffice -- libreofficeThe get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.2018-08-05not yet calculatedCVE-2018-14939
BID
MISClibtiff -- libtiff
 ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.2018-08-08not yet calculatedCVE-2018-15209
MISClinux -- kernelThe swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.2018-08-07not yet calculatedCVE-2018-5953
BID
MISClinux -- kernelThe pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.2018-08-07not yet calculatedCVE-2018-5995
BID
MISClinux -- kernel
 The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.2018-08-10not yet calculatedCVE-2018-7754
CONFIRM
MISClinux -- kernel
 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.2018-08-06not yet calculatedCVE-2018-5390
BID
SECTRACK
SECTRACK
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CERT-VN
CONFIRMlxc-user-nic -- lxc-user-nic
 lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.2018-08-10not yet calculatedCVE-2018-6556
CONFIRM
CONFIRM
UBUNTUmedtronic -- mycarelink_and_patient_monitorA vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.2018-08-10not yet calculatedCVE-2018-10626
BID
MISCmedtronic -- mycarelink_and_patient_monitorA vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.2018-08-10not yet calculatedCVE-2018-10622
BID
MISCmultiple_vendors -- bluetooth_firmware_and_operating_system_software_drivers
 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.2018-08-07not yet calculatedCVE-2018-5383
MISC
BID
SECTRACK
CONFIRM
CERT-VNnetcomm_wireless -- 4g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.2018-08-10not yet calculatedCVE-2018-14785
MISCnetcomm_wireless -- 4g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.2018-08-10not yet calculatedCVE-2018-14783
MISCnetcomm_wireless -- 4g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device.2018-08-10not yet calculatedCVE-2018-14784
MISCnetcomm_wireless -- 4g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.2018-08-10not yet calculatedCVE-2018-14782
MISCnetiq -- edirectoryUnvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.2018-08-09not yet calculatedCVE-2018-7692
MISCnetiq -- edirectoryInformation leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.2018-08-09not yet calculatedCVE-2018-7686
MISCnmap -- nmap
 Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.2018-08-07not yet calculatedCVE-2018-15173
MISC
MISCocs_inventory_ng -- ocs_inventory_serverUnrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.2018-08-06not yet calculatedCVE-2018-14857
FULLDISC
SECTRACK
CONFIRMonethink -- onethinkAn issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.2018-08-07not yet calculatedCVE-2018-15198
MISConethink -- onethink
 An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.2018-08-07not yet calculatedCVE-2018-15197
MISCoracle -- database_serverA vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).2018-08-10not yet calculatedCVE-2018-3110
CONFIRMpdf2json -- pdf2jsonAn issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).2018-08-05not yet calculatedCVE-2018-14946
MISC
MISCpdf2json -- pdf2jsonAn issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).2018-08-05not yet calculatedCVE-2018-14947
MISC
MISCphp -- php
 An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.2018-08-07not yet calculatedCVE-2018-15132
MISC
MISC
MISC
MISCphpcms -- phpcms
 PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.2018-08-05not yet calculatedCVE-2018-14940
MISCphpscriptsmall.com -- advanced_real_estate_scriptPHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.2018-08-10not yet calculatedCVE-2018-15187
MISCphpscriptsmall.com -- advanced_real_estate_scriptPHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.2018-08-10not yet calculatedCVE-2018-15189
MISCphpscriptsmall.com -- advanced_real_estate_scriptPHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.2018-08-10not yet calculatedCVE-2018-15188
MISCphpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.2018-08-03not yet calculatedCVE-2018-14541
MISC
EXPLOIT-DBphpscriptsmall.com -- car_rental_scriptPHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.2018-08-09not yet calculatedCVE-2018-15182
MISCphpscriptsmall.com -- cms_auditor_websitePHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.2018-08-10not yet calculatedCVE-2018-15186
MISCphpscriptsmall.com -- hotel_booking_scriptPHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field.2018-08-10not yet calculatedCVE-2018-15190
MISCphpscriptsmall.com -- hotel_booking_scriptPHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field.2018-08-10not yet calculatedCVE-2018-15191
MISCphpscriptsmall.com -- naukri_clone_scriptPHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795.2018-08-09not yet calculatedCVE-2018-15184
MISCphpscriptsmall.com -- naukri_clone_scriptPHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field.2018-08-10not yet calculatedCVE-2018-15185
MISCphpscriptsmall.com -- php_template_store_scriptPHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.2018-08-06not yet calculatedCVE-2018-14869
MISC
EXPLOIT-DBphpscriptsmall.com -- resume_builder_scriptPHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields.2018-08-09not yet calculatedCVE-2018-15183
MISCpostgresql -- postgresqlIt was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.2018-08-09not yet calculatedCVE-2018-10925
CONFIRM
DEBIAN
CONFIRMqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.2018-08-06not yet calculatedCVE-2018-14973
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.2018-08-06not yet calculatedCVE-2018-14971
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.2018-08-06not yet calculatedCVE-2018-14976
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.2018-08-06not yet calculatedCVE-2018-14972
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.2018-08-06not yet calculatedCVE-2018-14970
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.2018-08-06not yet calculatedCVE-2018-14975
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.2018-08-06not yet calculatedCVE-2018-14977
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.2018-08-06not yet calculatedCVE-2018-14978
MISCqcms -- qcmsAn issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.2018-08-06not yet calculatedCVE-2018-14974
MISCqcms -- qcms
 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.2018-08-06not yet calculatedCVE-2018-14969
MISCresponsive_filemanager -- responsive_filemanagerupload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.2018-08-03not yet calculatedCVE-2018-14728
MISC
EXPLOIT-DBrubygems -- active-support_gemactive-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.2018-08-10not yet calculatedCVE-2018-3779
MISCsiemens -- automation_license_managerA vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.2018-08-07not yet calculatedCVE-2018-11456
CONFIRMsiemens -- automation_license_managerA vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.2018-08-07not yet calculatedCVE-2018-11455
CONFIRMsiemens -- simatic_step_7_and_simatic_winccA vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.2018-08-07not yet calculatedCVE-2018-11453
CONFIRMsiemens -- simatic_step_7_and_simatic_winccA vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.2018-08-07not yet calculatedCVE-2018-11454
CONFIRMsquirrelmail -- squirrelmailThe mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href="https://www.us-cert.gov attack.2018-08-05not yet calculatedCVE-2018-14950
MISC
MISC
MISCsquirrelmail -- squirrelmailThe mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.2018-08-05not yet calculatedCVE-2018-14951
MISC
MISC
MISCsquirrelmail -- squirrelmailThe mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.2018-08-05not yet calculatedCVE-2018-14954
MISC
MISC
MISCsquirrelmail -- squirrelmailThe mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href="https://www.us-cert.gov attack.2018-08-05not yet calculatedCVE-2018-14953
MISC
MISC
MISCsquirrelmail -- squirrelmailThe mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href="https://www.us-cert.gov attack.2018-08-05not yet calculatedCVE-2018-14952
MISC
MISC
MISCsquirrelmail -- squirrelmailThe mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).2018-08-05not yet calculatedCVE-2018-14955
MISC
MISC
MISCsymfony -- symfonyAn issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.2018-08-06not yet calculatedCVE-2017-16654
CONFIRM
CONFIRM
DEBIANsymfony -- symfonyAn issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a "FileType" is sent as normal POST data that could be interpreted as a local file path on the server-side (for example, "file:///etc/passwd"). If the application did not perform any additional checks about the value submitted to the "FileType", the contents of the given file on the server could have been exposed to the attacker.2018-08-06not yet calculatedCVE-2017-16790
CONFIRM
DEBIANsymfony -- symfonyAn issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks.2018-08-06not yet calculatedCVE-2017-16653
CONFIRM
CONFIRM
DEBIANthinksaas -- thinksaasThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.2018-08-07not yet calculatedCVE-2018-15130
MISCthinksaas -- thinksaasThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.2018-08-07not yet calculatedCVE-2018-15129
MISCtibco -- activematrix_businessworksThe BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.2018-08-08not yet calculatedCVE-2018-12408
BID
MISC
CONFIRMubuntu -- ubuntu
 The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.2018-08-10not yet calculatedCVE-2018-6553
MLIST
UBUNTU
DEBIANvdsm -- vdsm
 It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.2018-08-09not yet calculatedCVE-2018-10908
MISC
CONFIRM
MISCweaselcms -- weaselcmsAn issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.2018-08-05not yet calculatedCVE-2018-14958
MISCweaselcms -- weaselcmsAn issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.2018-08-05not yet calculatedCVE-2018-14959
MISCwolf -- cms
 Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.2018-08-10not yet calculatedCVE-2018-14837
MISCwordpress -- wordpress
 In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.2018-08-10not yet calculatedCVE-2018-14028
MISC
MISC
MISCwpa_supplicant -- wpa_supplicant
 An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.2018-08-08not yet calculatedCVE-2018-14526
SECTRACK
MLIST
MISC
MISCxiao5ucompany -- xiao5ucompanyXiao5uCompany 1.7 has CSRF via admin/Admin.asp.2018-08-06not yet calculatedCVE-2018-14960
MISC
MISCxnview -- xnviewXnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.2018-08-07not yet calculatedCVE-2018-15176
MISCxnview -- xnviewXnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.2018-08-07not yet calculatedCVE-2018-15175
MISCxnview -- xnview
 XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.2018-08-07not yet calculatedCVE-2018-15174
MISCzoho_manageengine -- applications_managerA SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.2018-08-07not yet calculatedCVE-2018-15168
MISC
MISCzoho_manageengine -- applications_managerA reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.2018-08-07not yet calculatedCVE-2018-15169
MISC
MISCzzcms --  zzcmszzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.2018-08-06not yet calculatedCVE-2018-14963
MISCzzcms --  zzcmszzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.2018-08-06not yet calculatedCVE-2018-14962
MISCzzcms --  zzcms
 dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.2018-08-06not yet calculatedCVE-2018-14961
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Back-to-School Cyber Safety

Fri, 08/10/2018 - 20:25
Original release date: August 10, 2018

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students with their schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help keep students stay safe while using their mobile devices and getting online.

NCCIC suggests reviewing the following tips and resources for information to keep students cyber safe:

This product is provided subject to this Notification and this Privacy & Use policy.


North Korean Malicious Cyber Activity

Fri, 08/10/2018 - 01:02
Original release date: August 09, 2018

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-17 and the US-CERT page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


AR18-221A: MAR-10135536-17 – North Korean Trojan: KEYMARBLE

Thu, 08/09/2018 - 21:29
Original release date: August 09, 2018
Description Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise.

This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.

SummaryDescription

This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant has been identified as KEYMARBLE. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

DHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

This malware report contains analysis of one 32-bit Windows executable file, identified as a Remote Access Trojan (RAT). This malware is capable of accessing device configuration data, downloading additional files, executing commands, modifying the registry, capturing screen shots, and exfiltrating data.

For a downloadable copy of IOCs, see:

Submitted Files (1)

e23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09 (704d491c155aad996f16377a35732c...)

IPs (3)

100.43.153.60

104.194.160.59

212.143.21.43

Findingse23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09Tags

trojan

DetailsName704d491c155aad996f16377a35732cb4Size126976 bytesTypePE32 executable (GUI) Intel 80386, for MS WindowsMD5704d491c155aad996f16377a35732cb4SHA1d1410d073a6df8979712dd1b6122983f66d5bef8SHA256e23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09SHA5120092900bf4ca71c17a3caa225a4d7dcc60c7b58f7ffd173f46731db7f696e34b2e752aefaf9cedc27fe76fe317962a394f1be2e59bd0cffaabd9f88cc4daedccssdeep3072:IDdXEYhXxS550wwiY0Pe6Q1vLo4lJnCtea:EXEEXxcQxZEntropy6.264656AntivirusAhnlabTrojan/Win32.AgentAntiyTrojan/Win32.AGenericAviraTR/Agent.rhagjBitDefenderTrojan.GenericKD.4837544ESETa variant of Win32/NukeSped.H trojanEmsisoftTrojan.GenericKD.4837544 (B)IkarusTrojan.AgentK7Trojan ( 0050e4401 )McAfeeGenericRXBP-FF!704D491C155ANANOAVTrojan.Win32.Agent.eqcfkiNetGateTrojan.Win32.MalwareQuick HealTrojan.IGENERICSymantecProcess timed outTACHYONTrojan/W32.Agent.126976.CTOZillya!Trojan.NukeSped.Win32.5Yara Ruleshidden_cobra_consolidated.yararule rsa_modulus { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $n = "bc9b75a31177587245305cd418b8df78652d1c03e9da0cfc910d6d38ee4191d40" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them }ssdeep Matches

No matches found.

PE MetadataCompile Date2017-04-12 11:16:04-04:00Import Hashfc7dab4d20f23681313b91eba653aa21PE SectionsMD5NameRaw SizeEntropy47f6fac41465e01dda5eac297ab250dbheader40960.62718230d34a8f4c29d7c2feb0f6e2b102b0a4.text942086.63340977f4a11d375f0f35b64a0c43fab947b8.rdata81925.054283d4364f6d2f55a37f0036e9e0dc2c6a2b.data204804.416980Packers/Compilers/CryptorsMicrosoft Visual C++ v6.0Relationshipse23900b00f...Connected_To104.194.160.59e23900b00f...Connected_To212.143.21.43e23900b00f...Connected_To100.43.153.60Description

This application is a malicious 32-bit Windows executable file, which functions as a RAT. When executed, it de-obfuscates its application programming interfaces (APIs) and using port 443, attempts to connect to the hard-coded IP addresses listed below. After connecting, the malware waits for further instructions.

--Begin hard-coded IP addresses--
100.43.153.60
104.194.160.59
212.143.21.43
--End hard-coded IP addresses--

Static analysis reveals that this RAT uses a customized XOR cryptographic algorithm displayed in Figure 1 to secure its data transfers and command-and-control (C2) sessions. It is designed to accept instructions from the remote server to perform the following functions:

--Begin functions--
Download and upload files
Execute secondary payloads
Execute shell commands
Terminate running processes
Delete files
Search files
Set file attributes
Create registry entries for storing data:(HKEY_CURRENT_USER\SOFTWARE\Microsoft\WABE\DataPath)
Collect device information from installed storage devices (disk free space and their type)
List running processes information
Capture screenshots
Collect and send information about the victim's system (operating system, CPU, MAC address, computer name, language settings, list of disk devices and their type, time elapsed since the system was started, and unique identifier of the victim's system)
--End functions--

Screenshots

Figure 1 - Screenshot of the cryptographic algorithms the malware used to secure its data transfers and C2 sessions.

100.43.153.60Ports
  • 443 TCP
Whois

Domain Name: KRYPT.COM
Registry Domain ID: 4620809_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2016-02-25T03:39:29Z
Creation Date: 1998-05-04T04:00:00Z
Registry Expiry Date: 2024-05-03T04:00:00Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS1.CF.KRYPT.COM
Name Server: NS2.CF.KRYPT.COM
Name Server: NS3.CF.KRYPT.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 503AEB51F773BBCA00DB982C938895EF147DDC7D48A4E1E6FD0FE5BE7B98DA0D
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Last update of whois database: 2018-06-28T02:39:11Z

Relationships100.43.153.60Connected_Frome23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09104.194.160.59Ports
  • 443 TCP
Whois

Domain Name: SERVPAC.COM
Registry Domain ID: 81803816_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2013-12-27T04:46:10Z
Creation Date: 2001-12-31T08:29:34Z
Registry Expiry Date: 2018-12-31T08:29:34Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS1.SERVPAC.COM
Name Server: NS2.SERVPAC.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Last update of whois database: 2018-06-28T02:40:41Z

Relationships104.194.160.59Connected_Frome23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09212.143.21.43Ports
  • 443 TCP
Whois

netnum:        212.143.21.0 - 212.143.21.63
netname:        Nana10-LAN
descr:         Nana10-LAN
country:        IL
admin-c:        NV6695-RIPE
tech-c:         NV6695-RIPE
status:         ASSIGNED PA
mnt-by:         NV-MNT-RIPE
created:        2011-02-17T09:16:56Z
last-modified: 2011-02-17T09:16:57Z
source:         RIPE

person:         Nana 10 LTD
address:        1 Korazin str
address:        Givataim, Israel, 53583
mnt-by:         NV-MNT-RIPE
phone:         +972-73-7992000
fax-no:         +972-73-7992220
e-mail:         domains@nana10.net.il
nic-hdl:        NV6695-RIPE
created:        2010-08-04T09:51:11Z
last-modified: 2011-02-17T09:01:21Z
source:         RIPE

% Information related to '212.143.0.0/16AS1680'

route:         212.143.0.0/16
descr:         013 Netvision Network
origin:         AS1680
mnt-by:         NV-MNT-RIPE
created:        1970-01-01T00:00:00Z
last-modified: 2009-03-26T10:55:12Z
source:         RIPE

Relationships212.143.21.43Connected_Frome23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09Relationship Summarye23900b00f...Connected_To104.194.160.59e23900b00f...Connected_To212.143.21.43e23900b00f...Connected_To100.43.153.60100.43.153.60Connected_Frome23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09104.194.160.59Connected_Frome23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09212.143.21.43Connected_Frome23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09Recommendations

NCCIC would like to remind users and administrators to consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumbdrives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate ACLs.

Additional information on malware incident prevention and handling can be found in NIST's Special Publication 800-83, Guide to Malware Incident Prevention & Handling for Desktops and Laptops.

Contact Information

NCCIC continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact US-CERT and provide information regarding the level of desired analysis.

Can I submit malware to NCCIC? Malware samples can be submitted via three methods:

NCCIC encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on US-CERT's homepage at www.us-cert.gov.

Revisions
  • August 9, 2018: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


ISC Releases Security Advisory for BIND

Thu, 08/09/2018 - 07:24
Original release date: August 08, 2018

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review the ISC Knowledge Base Article AA-01639 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Article on Building a Digital Defense Against Facebook Scams

Wed, 08/08/2018 - 10:57
Original release date: August 07, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against a fraud that uses Facebook’s texting app—Facebook Messenger. Scammers send messages that appear to be from trusted sources or trick users into clicking on malicious links or sharing personal information. Before clicking on links, users should verify the validity of the message with the sender outside of the app.

NCCIC encourages users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov .

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Wed, 08/08/2018 - 10:37
Original release date: August 07, 2018

VMware has released security updates to address a vulnerability in Horizon 6, 7, and Horizon Client for Windows. An attacker could exploit this vulnerability to obtain sensitive information.

NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0019 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Linux Kernel Vulnerability

Tue, 08/07/2018 - 08:27
Original release date: August 06, 2018

NCCIC is aware of a Linux kernel vulnerability affecting Linux versions 4.9 and greater. An attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review the Vulnerability Note VU #962459 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update for Thunderbird

Tue, 08/07/2018 - 08:23
Original release date: August 06, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-218: Vulnerability Summary for the Week of July 30, 2018

Mon, 08/06/2018 - 18:41
Original release date: August 06, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3cx -- 3cxThe Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.2018-08-03not yet calculatedCVE-2018-14906
MISC3cx -- 3cxThe Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.2018-08-03not yet calculatedCVE-2018-14907
MISC3cx -- 3cx
 The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.2018-08-03not yet calculatedCVE-2018-14905
MISCansible -- ansibleAnsible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.2018-07-31not yet calculatedCVE-2016-8628
BID
REDHAT
CONFIRMansible -- ansible
 A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.2018-07-31not yet calculatedCVE-2016-8614
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapache -- axisApache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.2018-08-02not yet calculatedCVE-2018-8032
MLIST
CONFIRMapache -- camelApache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.2018-07-31not yet calculatedCVE-2018-8027
CONFIRM
BID
MLISTapache -- karafIt was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.2018-08-01not yet calculatedCVE-2016-8648
BID
CONFIRMapache -- tomcatWhen using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.2018-07-31not yet calculatedCVE-2018-8019
MLIST
BIDapache -- tomcatApache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.2018-07-31not yet calculatedCVE-2018-8020
MLIST
BIDapache -- tomcatThe host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.2018-08-01not yet calculatedCVE-2018-8034
MLIST
BID
SECTRACK
MLIST
UBUNTUapache -- tomcat
 A bug in the tracking of connection closures can lead to reuse of user sessions in a new connection. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.2018-08-02not yet calculatedCVE-2018-8037
MLIST
BID
SECTRACKapache -- tomcat
 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.2018-08-02not yet calculatedCVE-2018-1336
MLIST
BID
SECTRACK
UBUNTU

ca_technologies -- api_developer_portal

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.2018-08-03not yet calculatedCVE-2018-6590
SECTRACK
CONFIRMcfitsio -- cfitsio
 Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.2018-08-01not yet calculatedCVE-2018-3847
MISCcgit -- cgit
 cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.2018-08-03not yet calculatedCVE-2018-14912
MISC
MISC
DEBIANcisco -- amp_for_endpoints_mac_connector_softwareA vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192.2018-08-01not yet calculatedCVE-2018-0397
BID
CONFIRMcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159.2018-08-01not yet calculatedCVE-2018-0413
BID
SECTRACK
CONFIRM

cisco -- prime_collaboration_provisioning

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586.2018-08-01not yet calculatedCVE-2018-0391
BID
SECTRACK
CONFIRMcisco -- small_business_managed_switchesA vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330.2018-08-01not yet calculatedCVE-2018-0408
BID
CONFIRMcisco -- small_business_managed_switchesA vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326.2018-08-01not yet calculatedCVE-2018-0407
BID
CONFIRMcisco -- unified_communications_managerA vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343.2018-08-01not yet calculatedCVE-2018-0411
BID
SECTRACK
CONFIRMcisco -- web_security_applianceA vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve84006.2018-08-01not yet calculatedCVE-2018-0406
BID
SECTRACK
CONFIRM

click_studios -- passwordstate

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document.2018-08-01not yet calculatedCVE-2018-14776
MISC
MISCcloud-init -- cloud-init
 The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.2018-08-01not yet calculatedCVE-2018-10896
CONFIRM
CONFIRM
CONFIRMcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.2018-07-29not yet calculatedCVE-2018-14740
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.2018-07-29not yet calculatedCVE-2018-14737
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.2018-07-29not yet calculatedCVE-2018-14742
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.2018-07-29not yet calculatedCVE-2018-14738
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.2018-07-29not yet calculatedCVE-2018-14739
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.2018-07-29not yet calculatedCVE-2018-14741
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.2018-07-29not yet calculatedCVE-2018-14743
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM.2018-07-29not yet calculatedCVE-2018-14736
MISCcloudwu -- pbcAn issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c.2018-07-29not yet calculatedCVE-2018-14744
MISCclustered_data -- ontapRead-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.2018-08-03not yet calculatedCVE-2018-5490
CONFIRMcomputerinsel -- photolineA memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.2018-08-01not yet calculatedCVE-2018-3923
MISCcomputerinsel -- photolineA memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution.2018-08-01not yet calculatedCVE-2018-3921
MISCcomputerinsel -- photolineA memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution.2018-08-01not yet calculatedCVE-2018-3922
MISCcurl -- curlThe function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.2018-08-01not yet calculatedCVE-2016-8619
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlA flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.2018-08-01not yet calculatedCVE-2016-8616
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlcurl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.2018-08-01not yet calculatedCVE-2016-8625
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlA flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.2018-08-01not yet calculatedCVE-2016-8623
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlThe `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.2018-07-31not yet calculatedCVE-2016-8621
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlThe base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.2018-07-31not yet calculatedCVE-2016-8617
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlThe libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.2018-07-31not yet calculatedCVE-2016-8618
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlThe 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.2018-08-01not yet calculatedCVE-2016-8620
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
CONFIRMcurl -- curlcurl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.2018-07-31not yet calculatedCVE-2016-8624
BID
SECTRACK
CONFIRM
MISC
GENTOO
CONFIRMcurl -- curl
 A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.2018-08-01not yet calculatedCVE-2016-8615
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRM

datalife_engine -- datalife_engine

An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users.2018-08-01not yet calculatedCVE-2018-14777
MISCdavolink -- dvw-3200nDavolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.2018-08-01not yet calculatedCVE-2018-10618
BID
MISC
EXPLOIT-DB

dell_emc -- networker

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.2018-08-01not yet calculatedCVE-2018-11050
FULLDISC
SECTRACKdjango -- django
 django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.2018-08-03not yet calculatedCVE-2018-14574
SECTRACK
UBUNTU
CONFIRMdracut -- dracut
 A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.2018-08-01not yet calculatedCVE-2016-8637
MLIST
BID
CONFIRM
CONFIRMethereum -- cryptogs
 The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.2018-08-03not yet calculatedCVE-2018-14715
MISC

ethereum -- suncontract_token

The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.2018-08-03not yet calculatedCVE-2018-14576
FULLDISC
MISCezplayer -- ezplayer
 A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.2018-08-03not yet calculatedCVE-2018-14923
MISCf5 -- big-ipWhen the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.2018-07-31not yet calculatedCVE-2018-5544
BID
SECTRACK
CONFIRMf5 -- big-ip
 The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container.2018-07-31not yet calculatedCVE-2018-5543
BID
CONFIRM

flif -- flif

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width.2018-08-02not yet calculatedCVE-2018-14876
MISC

focalscope -- focalscope

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.2018-08-01not yet calculatedCVE-2018-3881
MISCforeman -- foremanIt was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.2018-08-01not yet calculatedCVE-2016-8639
BID
REDHAT
CONFIRM
CONFIRM
CONFIRMforeman -- foreman
 A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability.2018-07-31not yet calculatedCVE-2016-8613
BID
CONFIRM
CONFIRM
CONFIRMforeman -- foreman
 A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL.2018-08-01not yet calculatedCVE-2016-8634
BID
CONFIRM
CONFIRMfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importTextData method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6030.2018-07-31not yet calculatedCVE-2018-14267
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6031.2018-07-31not yet calculatedCVE-2018-14268
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6033.2018-07-31not yet calculatedCVE-2018-14270
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034.2018-07-31not yet calculatedCVE-2018-14271
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6035.2018-07-31not yet calculatedCVE-2018-14272
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getOCGs method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6019.2018-07-31not yet calculatedCVE-2018-14256
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023.2018-07-31not yet calculatedCVE-2018-14260
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWordQuads method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6022.2018-07-31not yet calculatedCVE-2018-14259
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6029.2018-07-31not yet calculatedCVE-2018-14266
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the scroll method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6037.2018-07-31not yet calculatedCVE-2018-14274
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Line annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6215.2018-07-31not yet calculatedCVE-2018-14299
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038.2018-07-31not yet calculatedCVE-2018-14275
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Polygon annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6216.2018-07-31not yet calculatedCVE-2018-14300
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6059.2018-07-31not yet calculatedCVE-2018-14277
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the newDoc function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5773.2018-07-31not yet calculatedCVE-2018-14284
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageBox method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6020.2018-07-31not yet calculatedCVE-2018-14257
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FreeText annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6213.2018-07-31not yet calculatedCVE-2018-14297
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6015.2018-07-31not yet calculatedCVE-2018-14252
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6016.2018-07-31not yet calculatedCVE-2018-14253
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6212.2018-07-31not yet calculatedCVE-2018-14296
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6231.2018-07-31not yet calculatedCVE-2018-14291
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013.2018-07-31not yet calculatedCVE-2018-14250
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873.2018-07-31not yet calculatedCVE-2018-11622
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028.2018-07-31not yet calculatedCVE-2018-14265
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6003.2018-07-31not yet calculatedCVE-2018-11623
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getLinks method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6017.2018-07-31not yet calculatedCVE-2018-14254
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896.2018-07-31not yet calculatedCVE-2018-11621
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6027.2018-07-31not yet calculatedCVE-2018-14264
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6005.2018-07-31not yet calculatedCVE-2018-14242
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6233.2018-07-31not yet calculatedCVE-2018-14293
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Link objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6267.2018-07-31not yet calculatedCVE-2018-14307
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5756.2018-07-31not yet calculatedCVE-2018-11620
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events for ComboBox fields. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5415.2018-07-31not yet calculatedCVE-2018-11617
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getNthFieldName method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6018.2018-07-31not yet calculatedCVE-2018-14255
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6032.2018-07-31not yet calculatedCVE-2018-14269
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6021.2018-07-31not yet calculatedCVE-2018-14258
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setFocus method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5417.2018-07-31not yet calculatedCVE-2018-11619
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Sound annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6217.2018-07-31not yet calculatedCVE-2018-14301
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6004.2018-07-31not yet calculatedCVE-2018-14241
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6014.2018-07-31not yet calculatedCVE-2018-14251
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the calculateNow method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6007.2018-07-31not yet calculatedCVE-2018-14244
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5416.2018-07-31not yet calculatedCVE-2018-11618
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214.2018-07-31not yet calculatedCVE-2018-14298
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNumWords method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6058.2018-07-31not yet calculatedCVE-2018-14278
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6351.2018-07-31not yet calculatedCVE-2018-14316
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PolyLine annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6265.2018-07-31not yet calculatedCVE-2018-14305
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326.2018-07-31not yet calculatedCVE-2018-14308
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332.2018-07-31not yet calculatedCVE-2018-14312
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.2018-07-31not yet calculatedCVE-2018-14306
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6330.2018-07-31not yet calculatedCVE-2018-14310
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218.2018-07-31not yet calculatedCVE-2018-14302
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6327.2018-07-31not yet calculatedCVE-2018-14314
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportData XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5757.2018-07-31not yet calculatedCVE-2018-14281
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362.2018-07-31not yet calculatedCVE-2018-14313
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF documents. When parsing shading patterns, the process does not properly validate user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6223.2018-07-31not yet calculatedCVE-2018-14295
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getVersionID method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6026.2018-07-31not yet calculatedCVE-2018-14263
CONFIRM
MISCfoxit -- pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-08-01not yet calculatedCVE-2018-3924
SECTRACK
MISCfoxit -- pdf_readerAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2018-08-01not yet calculatedCVE-2018-3939
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the mailDoc function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5770.2018-07-31not yet calculatedCVE-2018-14286
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6024.2018-07-31not yet calculatedCVE-2018-14261
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6036.2018-07-31not yet calculatedCVE-2018-14273
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SeedValue Generic Object parameter provided to the signatureSetSeedValue function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6329.2018-07-31not yet calculatedCVE-2018-14309
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of StrikeOut annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6219.2018-07-31not yet calculatedCVE-2018-14303
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6328.2018-07-31not yet calculatedCVE-2018-14315
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220.2018-07-31not yet calculatedCVE-2018-14304
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025.2018-07-31not yet calculatedCVE-2018-14262
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FileAttachment annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6211.2018-07-31not yet calculatedCVE-2018-14294
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6010.2018-07-31not yet calculatedCVE-2018-14247
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039.2018-07-31not yet calculatedCVE-2018-14276
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the highlightMode attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5771.2018-07-31not yet calculatedCVE-2018-14283
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6232.2018-07-31not yet calculatedCVE-2018-14292
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619.2018-07-31not yet calculatedCVE-2018-14280
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060.2018-07-31not yet calculatedCVE-2018-14279
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009.2018-07-31not yet calculatedCVE-2018-14246
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the closeDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6008.2018-07-31not yet calculatedCVE-2018-14245
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the setFocus function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5642.2018-07-31not yet calculatedCVE-2018-14288
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5763.2018-07-31not yet calculatedCVE-2018-14282
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the instanceManager.nodes.append function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5641.2018-07-31not yet calculatedCVE-2018-14287
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the oneOfChild attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5774.2018-07-31not yet calculatedCVE-2018-14285
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-6221.2018-07-31not yet calculatedCVE-2018-14289
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6012.2018-07-31not yet calculatedCVE-2018-14249
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6006.2018-07-31not yet calculatedCVE-2018-14243
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA events. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6331.2018-07-31not yet calculatedCVE-2018-14311
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222.2018-07-31not yet calculatedCVE-2018-14290
CONFIRM
MISCfoxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011.2018-07-31not yet calculatedCVE-2018-14248
CONFIRM
MISCgeopython -- pycsw
 A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.2018-08-01not yet calculatedCVE-2016-8640
MLIST
BID
CONFIRM
CONFIRMgitlab -- community_edition_and_enterprise_editionAn issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.2018-08-03not yet calculatedCVE-2018-12605
CONFIRM
CONFIRMgitlab -- community_edition_and_enterprise_editionAn issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.2018-08-03not yet calculatedCVE-2018-12607
CONFIRM
CONFIRMgitlab -- community_edition_and_enterprise_editionAn issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.2018-08-03not yet calculatedCVE-2018-12606
CONFIRM
CONFIRMhuawei -- mate_10_smart_phonesHUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.2018-07-31not yet calculatedCVE-2018-7993
CONFIRMhuawei -- multiple_productsMdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition.2018-07-31not yet calculatedCVE-2018-7992
CONFIRMhuawei -- multiple_productsSome Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.2018-07-31not yet calculatedCVE-2018-7994
CONFIRMhuawei -- multiple_products
 Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.2018-07-31not yet calculatedCVE-2017-17174
CONFIRMhuawei -- multiple_smart_phonesHuawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.2018-07-31not yet calculatedCVE-2018-7947
CONFIRMhuawei -- multiple_smart_phonesHuawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.2018-07-31not yet calculatedCVE-2018-7957
CONFIRMhuawei -- multiple_smart_phones
 Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.2018-07-31not yet calculatedCVE-2018-7934
CONFIRM

ibm -- api_connect_developer_portal

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.2018-07-31not yet calculatedCVE-2018-1638
XF
CONFIRMibm -- maximo_asset_managementIBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.2018-08-03not yet calculatedCVE-2018-1524
XF
CONFIRMibm -- maximo_asset_managementIBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.2018-08-02not yet calculatedCVE-2018-1554
XF
CONFIRMibm -- spectrum_symphony_and_platform_symphonyIBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.2018-08-01not yet calculatedCVE-2018-1595
BID
XF
CONFIRMibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166.2018-07-31not yet calculatedCVE-2018-1718
BID
XF
CONFIRMidreamsoft -- icmsAn SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.2018-08-02not yet calculatedCVE-2018-14858
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.2018-08-02not yet calculatedCVE-2017-16341
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.2018-08-02not yet calculatedCVE-2017-16347
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".2018-08-02not yet calculatedCVE-2017-16344
MISCinsteon -- hubAn exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this vulnerability.2018-08-02not yet calculatedCVE-2017-14446
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.2018-08-02not yet calculatedCVE-2017-16343
MISCinsteon -- hubAn exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.2018-08-02not yet calculatedCVE-2017-14445
MISCinsteon -- hubAn exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.2018-08-02not yet calculatedCVE-2017-14444
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".2018-08-02not yet calculatedCVE-2017-16346
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".2018-08-02not yet calculatedCVE-2017-16345
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow.2018-08-02not yet calculatedCVE-2017-16339
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.2018-08-02not yet calculatedCVE-2017-16342
MISCinsteon -- hubAn exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.2018-08-02not yet calculatedCVE-2018-3834
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow.2018-08-02not yet calculatedCVE-2017-16340
MISCinsteon -- hubAn attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2018-08-02not yet calculatedCVE-2017-16338
MISCintel -- distribution_for_pythonInsufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.2018-08-01not yet calculatedCVE-2018-3650
CONFIRM

intel -- graphics_driver_for_windows

Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack.2018-08-01not yet calculatedCVE-2017-5692
BID
CONFIRMintel -- pumaFirmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.2018-07-31not yet calculatedCVE-2017-5693
BID
CONFIRM

intel -- saffron

Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.2018-08-01not yet calculatedCVE-2018-3671
CONFIRMintel -- saffron_memorybaseEscalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.2018-08-01not yet calculatedCVE-2018-3663
CONFIRMintel -- saffron_memorybaseEscalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.2018-08-01not yet calculatedCVE-2018-3662
CONFIRM

intel -- smart_sound_technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.2018-08-01not yet calculatedCVE-2018-3670
CONFIRM

intel -- smart_sound_technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.2018-08-01not yet calculatedCVE-2018-3666
CONFIRM

intel -- smart_sound_technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.2018-08-01not yet calculatedCVE-2018-3672
CONFIRM

inteno -- iopsys

read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.2018-07-31not yet calculatedCVE-2018-14533
MISC
EXPLOIT-DB

intuit -- lacerte_2017_for_windows

Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable.2018-07-31not yet calculatedCVE-2018-11338
MISCjasper -- jasper
 A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.2018-08-01not yet calculatedCVE-2016-8654
BID
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANjasper -- jasper
 An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.2018-08-01not yet calculatedCVE-2016-9583
BID
REDHAT
CONFIRM
CONFIRM
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.2018-08-01not yet calculatedCVE-2018-1999040
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.2018-08-01not yet calculatedCVE-2018-1999036
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.2018-08-01not yet calculatedCVE-2018-1999027
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.2018-08-01not yet calculatedCVE-2018-1999028
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.2018-08-01not yet calculatedCVE-2018-1999041
CONFIRMjenkins -- jenkinsA data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.2018-08-01not yet calculatedCVE-2018-1999037
CONFIRMjenkins -- jenkinsA server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.2018-08-01not yet calculatedCVE-2018-1999026
CONFIRMjenkins -- jenkinsA man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.2018-08-01not yet calculatedCVE-2018-1999034
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration.2018-08-01not yet calculatedCVE-2018-1999033
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.2018-08-01not yet calculatedCVE-2018-1999031
CONFIRMjenkins -- jenkinsA data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.2018-08-01not yet calculatedCVE-2018-1999032
CONFIRMjenkins -- jenkinsA man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.2018-08-01not yet calculatedCVE-2018-1999035
CONFIRMjenkins -- jenkinsA server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.2018-08-01not yet calculatedCVE-2018-1999039
CONFIRMjenkins -- jenkins
 A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.2018-08-01not yet calculatedCVE-2018-1999029
CONFIRMjenkins -- jenkins
 A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.2018-08-01not yet calculatedCVE-2018-1999025
CONFIRMjenkins -- jenkins
 A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.2018-08-01not yet calculatedCVE-2018-1999038
CONFIRMjenkins -- jenkins
 An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.2018-08-01not yet calculatedCVE-2018-1999030
CONFIRMjetbrains -- intellij_ideaIntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.2018-08-03not yet calculatedCVE-2017-8316
CONFIRM
MISC
MISCjohnson_controls -- metasys_and_bcproIn Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.2018-08-01not yet calculatedCVE-2018-10624
BID
MISCkamailio -- kamailio
 In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.2018-07-31not yet calculatedCVE-2018-14767
MISCkeycloak -- keycloak
 It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.2018-08-01not yet calculatedCVE-2018-10894
CONFIRMkeycloak -- keycloak
 It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.2018-08-01not yet calculatedCVE-2016-8609
REDHAT
BID
SECTRACK
CONFIRMknot_resolver -- knot_resolver
 Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.2018-08-02not yet calculatedCVE-2018-10920
CONFIRM
CONFIRMlenovo -- xclarity_administratorIn Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.2018-07-30not yet calculatedCVE-2018-9065
CONFIRMlenovo -- xclarity_administratorIn Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.2018-07-30not yet calculatedCVE-2018-9064
CONFIRMlenovo -- xclarity_administratorIn Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.2018-07-30not yet calculatedCVE-2018-9066
CONFIRMlftp -- lftp
 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.2018-08-01not yet calculatedCVE-2018-10916
CONFIRM
CONFIRM
CONFIRMlibcurl -- libcurlThe URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.2018-07-31not yet calculatedCVE-2016-8622
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
CONFIRMlibmspack -- libmspackAn issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).2018-07-28not yet calculatedCVE-2018-14679
MISC
SECTRACK
MISC
MISC
UBUNTU
UBUNTU
DEBIANlibmspack -- libmspackAn issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.2018-07-28not yet calculatedCVE-2018-14682
MISC
SECTRACK
MISC
MISC
UBUNTU
UBUNTU
DEBIANlibmspack -- libmspackAn issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.2018-07-28not yet calculatedCVE-2018-14681
MISC
SECTRACK
MISC
MISC
UBUNTU
UBUNTU
DEBIANlibmspack -- libmspack
 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.2018-07-28not yet calculatedCVE-2018-14680
MISC
SECTRACK
MISC
MISC
UBUNTU
UBUNTU
DEBIANlibxcursor -- libxcursor
 _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.2018-08-01not yet calculatedCVE-2015-9262
MISC
MISClibxdmcp -- libxdmcp
 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.2018-07-27not yet calculatedCVE-2017-2625
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
GENTOO
MISClinux -- linux_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.2018-07-27not yet calculatedCVE-2018-14616
BID
MISClinux -- linux_kernelA flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.2018-07-30not yet calculatedCVE-2017-7518
MLIST
BID
SECTRACK
CONFIRM
REDHAT
REDHAT
CONFIRM
UBUNTU
UBUNTU
DEBIAN
MLISTlinux -- linus_kernelA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.2018-07-30not yet calculatedCVE-2018-10883
CONFIRM
CONFIRM
CONFIRM
MLISTlinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c.2018-07-27not yet calculatedCVE-2018-14612
BID
MISC
MISC
MISClinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.2018-07-27not yet calculatedCVE-2018-14613
BID
MISC
MISClinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.2018-07-27not yet calculatedCVE-2018-14615
BID
MISClinux -- linus_kerneldrivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).2018-07-29not yet calculatedCVE-2018-14734
MISC
MISClinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.2018-07-28not yet calculatedCVE-2018-14678
BID
SECTRACK
MISClinux -- linus_kernelIn the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.2018-07-30not yet calculatedCVE-2017-7482
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
DEBIAN
DEBIANlinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.2018-07-27not yet calculatedCVE-2018-14614
BID
MISClinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.2018-07-27not yet calculatedCVE-2018-14609
BID
MISC
MISClinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.2018-07-27not yet calculatedCVE-2018-14611
BID
MISC
MISClinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.2018-07-27not yet calculatedCVE-2018-14617
BID
MISC
MISClinux -- linus_kernelAn issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.2018-07-27not yet calculatedCVE-2018-14610
BID
MISC
MISCmantisbt -- mantisbt
 An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)').2018-08-03not yet calculatedCVE-2018-14504
CONFIRM
CONFIRM
CONFIRMmantisbt -- mantisbt
 A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.2018-08-03not yet calculatedCVE-2018-13055
CONFIRM
CONFIRM
CONFIRMmartem -- telem-gw6_and_gwm_devicesMartem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.2018-07-31not yet calculatedCVE-2018-10603
BID
MISCmartem -- telem-gw6_and_gwm_devicesMartem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.2018-07-31not yet calculatedCVE-2018-10607
CONFIRM
BID
MISCmartem -- telem-gw6_and_gwm_devicesMartem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.2018-07-31not yet calculatedCVE-2018-10609
CONFIRM
BID
MISCmatera_systems -- bancoMatera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp.2018-08-03not yet calculatedCVE-2018-14927
MISCmatera_systems -- bancoMatera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.2018-08-03not yet calculatedCVE-2018-14929
MISCmatera_systems -- bancoMatera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.2018-08-03not yet calculatedCVE-2018-14926
MISCmatera_systems -- bancoMatera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.2018-08-03not yet calculatedCVE-2018-14924
MISCmatera_systems -- bancoMatera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.2018-08-03not yet calculatedCVE-2018-14925
MISCmatera_systems -- banco/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter.2018-08-03not yet calculatedCVE-2018-14928
MISC

metascrapper -- metascrapper

There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2.2018-07-30not yet calculatedCVE-2018-3773
MISCmicro_focus -- groupwiseA vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.2018-08-01not yet calculatedCVE-2018-12468
CONFIRMmikrotik -- routerosWinbox for MikroTik RouterOS through 6.42 allows remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID.2018-08-02not yet calculatedCVE-2018-14847
MISC
MISC
MISCmonitorix -- monitorix
 Monitorix before 3.10.1 allows XSS via CGI variables.2018-08-02not yet calculatedCVE-2018-7649
CONFIRMmozilla -- network_security_servicesIt was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.2018-08-01not yet calculatedCVE-2016-8635
REDHAT
BID
CONFIRM
GENTOOmy_little_forum -- my_little_forumThe Add page option in my little forum 2.4.12 allows XSS via the Title field.2018-08-04not yet calculatedCVE-2018-14936
MISCmy_little_forum -- my_little_forumThe Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.2018-08-04not yet calculatedCVE-2018-14937
MISCnagios -- nagios
 A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.2018-08-01not yet calculatedCVE-2016-8641
BID
CONFIRM
CONFIRM
GENTOO
EXPLOIT-DB

naver -- whale_browser

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.2018-08-02not yet calculatedCVE-2018-12448
MISC

netapp -- 7-mode_transition_tool

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.2018-08-03not yet calculatedCVE-2018-5489
CONFIRMnetapp -- oncommand_insightNetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.2018-07-31not yet calculatedCVE-2017-13652
CONFIRMnuuo -- nvrmini_devicesupgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.2018-08-04not yet calculatedCVE-2018-14933
EXPLOIT-DB

ocs -- inventory

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.2018-08-03not yet calculatedCVE-2018-14473
MISCocs -- inventoryOCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.2018-08-03not yet calculatedCVE-2018-12482
MISCocs -- inventoryOCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.2018-08-03not yet calculatedCVE-2018-12483
MISCopen_ticket_request_system -- open_ticket_request_systemAn issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.2018-08-03not yet calculatedCVE-2018-14593
CONFIRMopenbsd -- openbsd
 tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.2018-08-01not yet calculatedCVE-2018-14775
MISC
MISC
MISC
MISCopenbuildservice -- openbuildservice
 Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.2018-08-01not yet calculatedCVE-2018-12467
CONFIRM
CONFIRMopenjpeg -- openjpegAn infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.2018-08-01not yet calculatedCVE-2016-9581
BID
CONFIRM
CONFIRM
CONFIRM
GENTOOopenjpeg -- openjpeg
 A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.2018-08-01not yet calculatedCVE-2016-9572
CONFIRM
CONFIRM
CONFIRM
GENTOO
DEBIANopenjpeg -- openjpeg
 An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.2018-08-01not yet calculatedCVE-2016-9580
BID
CONFIRM
CONFIRM
CONFIRM
GENTOOopenshift -- enterprise
 The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.2018-07-31not yet calculatedCVE-2016-8631
BID
REDHAT
CONFIRMopenstack -- glance
 A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.2018-07-31not yet calculatedCVE-2016-8611
MLIST
BID
SECTRACK
CONFIRM
CONFIRMopenstack -- keystoneIn the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.2018-07-31not yet calculatedCVE-2018-14432
MLIST
BIDopensuse -- open-build-serviceopenSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.2018-08-01not yet calculatedCVE-2018-12466
BID
CONFIRM
CONFIRMoracle -- fusion_middlewareVulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).2018-08-02not yet calculatedCVE-2018-3109
CONFIRM
BID
SECTRACK

oracle -- fusion_middleware

Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Nofication Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).2018-08-02not yet calculatedCVE-2018-3108
CONFIRM
BID
SECTRACK

oracle -- weblogic_server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. Note: Please refer to MOS document2018-08-02not yet calculatedCVE-2018-2933
CONFIRM
BID
SECTRACKpaypal -- invoice-sdk-phppaypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.2018-08-02not yet calculatedCVE-2017-6213
CONFIRMpaypal -- permissions-sdk-phppaypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.2018-08-02not yet calculatedCVE-2017-6215
CONFIRMpearson -- vue_certiport_console_and_iqsystemThe report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.2018-08-03not yet calculatedCVE-2018-12989
MISCphp -- phpAn issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.2018-08-03not yet calculatedCVE-2018-14883
CONFIRM
CONFIRM
CONFIRMphp -- phpPHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.2018-08-02not yet calculatedCVE-2017-9120
MISCphp -- php
 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.2018-08-02not yet calculatedCVE-2018-14851
MISC
MISC
MISCphp -- php
 An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.2018-08-03not yet calculatedCVE-2018-14884
CONFIRM
CONFIRMphp -- php
 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.2018-08-02not yet calculatedCVE-2017-9118
MISC

phpscriptsmall.com -- basic_b2b_script

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.2018-08-03not yet calculatedCVE-2018-14541
MISC
EXPLOIT-DBpleasant_solutions -- pleasant_password_serverBecause of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3.2018-07-31not yet calculatedCVE-2017-17708
MISCpleasant_solutions -- pleasant_password_serverDue to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.2018-07-31not yet calculatedCVE-2017-17707
MISCprosody -- prosody
 prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.2018-07-30not yet calculatedCVE-2018-10847
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN

python-cryptography -- cryptography_python_library

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.2018-07-30not yet calculatedCVE-2018-10903
CONFIRM
CONFIRM
UBUNTUred_hat -- cephA flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.2018-08-01not yet calculatedCVE-2016-9579
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
BID
CONFIRMred_hat -- cephA flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.2018-07-31not yet calculatedCVE-2016-8626
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
BID
CONFIRMred_hat -- enterprise_linux
 It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.2018-07-31not yet calculatedCVE-2016-8657
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
CONFIRMred_hat -- jboss_brms_and_brms_suite_6
 JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.2018-08-01not yet calculatedCVE-2016-8608
REDHAT
REDHAT
BID
CONFIRMred_hat -- jboss_enterprise_application_platformAn out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.2018-08-01not yet calculatedCVE-2016-9573
REDHAT
BID
CONFIRM
CONFIRM
CONFIRM
GENTOO
DEBIANred_hat -- jboss_fuse_and_a-mqIt was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.2018-08-01not yet calculatedCVE-2016-8653
BID
CONFIRMred_hat -- openshift
 An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.2018-08-01not yet calculatedCVE-2016-8651
BID
REDHAT
CONFIRMred_hat -- openstack
 A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.2018-07-30not yet calculatedCVE-2018-10898
REDHAT
CONFIRMred_hat -- satellite
 A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.2018-07-30not yet calculatedCVE-2017-7514
REDHAT
CONFIRMred_hat -- jboss_core_servicesIt was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.2018-07-30not yet calculatedCVE-2016-9597
BID
CONFIRMredgate -- .net_reflector_and_smartassemblyRedgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.2018-07-31not yet calculatedCVE-2018-14581
CONFIRM
CONFIRMrejucms -- rejucms
 rejucms 2.1 has stored XSS via the admin/book.php content parameter.2018-08-01not yet calculatedCVE-2018-14838
MISC

responsive_filemanager -- responsive_filemanager

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.2018-08-03not yet calculatedCVE-2018-14728
MISCrestforce -- restforce
 Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.2018-08-03not yet calculatedCVE-2018-3777
CONFIRMrincewind -- rincewindAn issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset.2018-08-02not yet calculatedCVE-2018-14872
MISCrincewind -- rincewind
 An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php.2018-08-02not yet calculatedCVE-2018-14873
MISCsamba -- samba
 A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.2018-07-27not yet calculatedCVE-2017-12151
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRMsamsung -- syncthru_web_serviceSamsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.2018-08-03not yet calculatedCVE-2018-14904
MISCsamsung -- syncthru_web_serviceSamsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.2018-08-03not yet calculatedCVE-2018-14908
MISCsap -- business_planning_and_consolidation_softwareAn exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.2018-08-02not yet calculatedCVE-2017-16349
MISCseacms -- seacms
 SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.2018-08-03not yet calculatedCVE-2018-14910
MISC

seeddms -- seeddms

Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.2018-07-31not yet calculatedCVE-2018-12940
CONFIRM
MISCseeddms -- seeddmsCross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.2018-07-31not yet calculatedCVE-2018-12943
CONFIRM
MISC

seeddms -- seeddms

A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940.2018-07-31not yet calculatedCVE-2018-12939
CONFIRM
MISCseeddms -- seeddmsSQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system.2018-07-31not yet calculatedCVE-2018-12942
CONFIRM
MISCseeddms -- seeddmsPersistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.2018-07-31not yet calculatedCVE-2018-12944
CONFIRM
MISC

seeddms -- seeddms

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system.2018-07-31not yet calculatedCVE-2018-12941
CONFIRM
MISCservicenow -- servicenowreport_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.2018-08-03not yet calculatedCVE-2018-7748
MISC
MISC

simsong -- tcpflow

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).2018-08-04not yet calculatedCVE-2018-14938
MISC
MISC

softnas -- cloud

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.2018-08-03not yet calculatedCVE-2018-14417
FULLDISC
BID
CONFIRM
MISC
EXPLOIT-DB

sonicwall -- global_management_system

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.2018-08-03not yet calculatedCVE-2018-9866
MISC
CONFIRM
MISCsubrion -- cmsuploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).2018-08-01not yet calculatedCVE-2018-14840
MISC
MISCsubrion -- subrion_cmsSubrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.2018-08-01not yet calculatedCVE-2018-14835
MISC
MISCsubrion -- subrion
 Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.2018-08-01not yet calculatedCVE-2018-14836
MISCsymfony -- symfonyAn issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.2018-08-03not yet calculatedCVE-2018-14773
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMsymfony -- symfonyAn issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.2018-08-03not yet calculatedCVE-2018-14774
CONFIRM
CONFIRMsynology -- diskstation_manager
 Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.2018-07-30not yet calculatedCVE-2018-13280
CONFIRM

tenable -- securitycenter

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.2018-08-02not yet calculatedCVE-2018-1154
CONFIRM

tenable -- securitycenter

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.2018-08-02not yet calculatedCVE-2018-1155
CONFIRM

tenda -- d152_adsl_routers

Tenda D152 ADSL routers allow XSS via a crafted SSID.2018-08-03not yet calculatedCVE-2018-14497
MISCttembed -- ttembedAn input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values.2018-08-02not yet calculatedCVE-2018-10922
CONFIRM
CONFIRMttembed -- ttembed
 Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls.2018-08-02not yet calculatedCVE-2018-10921
CONFIRM
CONFIRMukcms -- ukcms
 A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction.2018-08-03not yet calculatedCVE-2018-14911
MISC

universal_media_server -- universal_media_server

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.2018-08-03not yet calculatedCVE-2018-13416
FULLDISC
EXPLOIT-DBvvo -- node-whereisConcatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead.2018-07-30not yet calculatedCVE-2018-3772
MISCweaselcms -- weaselcms
 An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.2018-08-02not yet calculatedCVE-2018-14877
MISCxk72 -- charles
 Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.2018-08-03not yet calculatedCVE-2017-15358
MISC
EXPLOIT-DBxorg-x11-server -- xorg-x11-server
 It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.2018-07-27not yet calculatedCVE-2017-2624
BID
SECTRACK
CONFIRM
CONFIRM
MLIST
GENTOO
GENTOO
MISCyokogawa -- stardom_controllersYokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.2018-07-31not yet calculatedCVE-2018-10592
BID
MISC
CONFIRMyum-utils -- yum-utils
 A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.2018-08-01not yet calculatedCVE-2018-10897
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Drupal Releases Security Update

Fri, 08/03/2018 - 08:07
Original release date: August 02, 2018

Drupal has released a security update addressing a vulnerability in Drupal 8.x. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.