View Single Post
  #1  
Old 06-12-2018, 10:41 PM
The Patriot's Avatar
The Patriot The Patriot is offline
Senior Member
 

Join Date: Jun 2002
Posts: 1,386,283
Default SB18-162: Vulnerability Summary for the Week of June 4, 2018

SB18-162: Vulnerability Summary for the Week of June 4, 2018

06-11-2018 03:39 AM

Original release date: June 11, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info11xiaoli -- 11xiaoli
*11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16160
MISC
MISC22lixian -- 22lixian
*22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16162
MISC
MISC360class.jansenhm -- 360class.jansenhm
*360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16186
MISC
MISC3rd-eden -- useragent
*Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.2018-06-04not yet calculatedCVE-2017-16030
MISC626 -- 626
*626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.2018-06-06not yet calculatedCVE-2018-3727
MISCabb -- ip_gateway
*In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.2018-06-06not yet calculatedCVE-2017-7906
BID
MISCabb -- ip_gateway
*In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.2018-06-06not yet calculatedCVE-2017-7933
BID
MISCabb -- ip_gateway
*In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.2018-06-06not yet calculatedCVE-2017-7931
BID
MISCablankenship10 -- goserv
*goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16133
MISC
MISCag-grid -- ag-grid
*ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.2018-06-04not yet calculatedCVE-2017-16009
MISC
MISC
MISCallen_bradley -- micrologix
*An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability.2018-06-04not yet calculatedCVE-2017-12092
MISCangular-http-server -- angular-http-server
*angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.2018-06-06not yet calculatedCVE-2018-3713
MISCapache -- mxnet
*The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.2018-06-08not yet calculatedCVE-2018-1281
CONFIRMapache -- storm
*Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.2018-06-05not yet calculatedCVE-2018-1332
BID
CONFIRMapache -- storm
*Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.2018-06-05not yet calculatedCVE-2018-8008
BID
CONFIRMapple -- ios_and_macos_and_icloud_and_itunes_and_tvos_and_w atchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.2018-06-08not yet calculatedCVE-2018-4224
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_icloud_and_itunes_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.2018-06-08not yet calculatedCVE-2018-4226
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_icloud_and_itunes_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.2018-06-08not yet calculatedCVE-2018-4225
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_tvos_and_watchosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.2018-06-08not yet calculatedCVE-2018-4240
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.2018-06-08not yet calculatedCVE-2018-4198
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.2018-06-08not yet calculatedCVE-2018-4223
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.2018-06-08not yet calculatedCVE-2018-4243
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.2018-06-08not yet calculatedCVE-2018-4241
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.2018-06-08not yet calculatedCVE-2018-4206
BID
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.2018-06-08not yet calculatedCVE-2018-4249
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2018-06-08not yet calculatedCVE-2018-4211
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.2018-06-08not yet calculatedCVE-2018-4237
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_macos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.2018-06-08not yet calculatedCVE-2018-4221
SECTRACK
CONFIRM
CONFIRMapple -- ios_and_macos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.2018-06-08not yet calculatedCVE-2018-4202
SECTRACK
CONFIRM
CONFIRMapple -- ios_and_macos
*An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.2018-06-08not yet calculatedCVE-2018-4187
BID
BID
SECTRACK
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.2018-06-08not yet calculatedCVE-2018-4200
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
EXPLOIT-DBapple -- ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4204
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.2018-06-08not yet calculatedCVE-2018-4232
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.2018-06-08not yet calculatedCVE-2018-4222
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.2018-06-08not yet calculatedCVE-2018-4214
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4201
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.2018-06-08not yet calculatedCVE-2018-4246
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.2018-06-08not yet calculatedCVE-2018-4218
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4233
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.2018-06-08not yet calculatedCVE-2018-4192
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.2018-06-08not yet calculatedCVE-2018-4190
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4199
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- ios
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.2018-06-08not yet calculatedCVE-2018-4250
SECTRACK
CONFIRMapple -- ios
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri.2018-06-08not yet calculatedCVE-2018-4252
SECTRACK
CONFIRMapple -- ios
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri.2018-06-08not yet calculatedCVE-2018-4244
SECTRACK
CONFIRMapple -- ios
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted app.2018-06-08not yet calculatedCVE-2018-4215
SECTRACK
CONFIRMapple -- ios
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image.2018-06-08not yet calculatedCVE-2018-4239
SECTRACK
CONFIRMapple -- ios
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.2018-06-08not yet calculatedCVE-2018-4238
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.2018-06-08not yet calculatedCVE-2018-4171
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4242
SECTRACK
CONFIRMapple -- macos_and_tvos_and_watchos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.2018-06-08not yet calculatedCVE-2018-4235
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4193
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.2018-06-08not yet calculatedCVE-2018-4253
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.2018-06-08not yet calculatedCVE-2018-4229
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.2018-06-08not yet calculatedCVE-2018-4228
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4236
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.2018-06-08not yet calculatedCVE-2018-4196
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.2018-06-08not yet calculatedCVE-2018-4227
SECTRACK
MISC
CONFIRM
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2018-06-08not yet calculatedCVE-2018-4159
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4234
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.2018-06-08not yet calculatedCVE-2018-4219
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2018-06-08not yet calculatedCVE-2018-4141
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.2018-06-08not yet calculatedCVE-2018-4184
SECTRACK
CONFIRMapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.2018-06-08not yet calculatedCVE-2018-4230
SECTRACK
MISC
CONFIRM
EXPLOIT-DBapple -- macos
*An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.2018-06-08not yet calculatedCVE-2018-4251
SECTRACK
CONFIRMapple -- safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.2018-06-08not yet calculatedCVE-2018-4188
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safari
*An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.2018-06-08not yet calculatedCVE-2018-4205
SECTRACK
CONFIRMapple -- safari
*An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4247
BID
SECTRACK
CONFIRM
CONFIRM
MISCapple -- swift
*An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.2018-06-08not yet calculatedCVE-2018-4220
BID
CONFIRMaprendecondedos -- dedos-web


*In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation.2018-06-05not yet calculatedCVE-2018-10813
MISC
MISCarthur-zhang -- node-bsdiff-android
*node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-04not yet calculatedCVE-2016-10641
MISCaugustine -- augustine
*augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.2018-06-04not yet calculatedCVE-2017-0930
MISCbabelcli -- babelcli
*babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-06-06not yet calculatedCVE-2017-16060
MISCbeaconmedaes -- totalalert_scroll_medical_air_systems_web_applicat ion
*In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.2018-06-06not yet calculatedCVE-2018-7510
MISCbear-qv -- ex
*exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error.2018-06-06not yet calculatedCVE-2017-16130
MISC
MISCbetterjs -- badjs-sourcemap-server
*`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-04not yet calculatedCVE-2017-16036
MISC
MISCbird -- internet_routing_daemon
*BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.2018-06-08not yet calculatedCVE-2018-12066
CONFIRM
CONFIRM
CONFIRM
CONFIRMbitfu -- uc-httpd-1.0.0-buffer-overflow-exploit


*Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.2018-06-08not yet calculatedCVE-2018-10088
MISC
EXPLOIT-DBbitjson -- slimerjs-edge
*slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10644
MISCblakeembrey -- no-case


*The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.2018-06-06not yet calculatedCVE-2017-16099
MISC
MISCbmeck -- node-sfml
*sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-04not yet calculatedCVE-2016-10654
MISCbotbait -- botbait
*The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install)2018-06-06not yet calculatedCVE-2017-16126
MISCbouncy_castle -- bc_and_bc-fja
*Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.2018-06-05not yet calculatedCVE-2018-1000180
CONFIRM
CONFIRM
CONFIRM
MISCbouncy_castle -- jce_providerIn the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.2018-06-04not yet calculatedCVE-2016-1000341
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.2018-06-04not yet calculatedCVE-2016-1000346
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.2018-06-04not yet calculatedCVE-2016-1000339
CONFIRM
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.2018-06-04not yet calculatedCVE-2016-1000344
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.2018-06-04not yet calculatedCVE-2016-1000345
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.2018-06-04not yet calculatedCVE-2016-1000343
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.2018-06-04not yet calculatedCVE-2016-1000340
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.2018-06-04not yet calculatedCVE-2016-1000342
CONFIRMbouncy_castle -- jce_provider
*In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.2018-06-04not yet calculatedCVE-2016-1000352
CONFIRMbrianc -- node-postgres
*A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.2018-06-06not yet calculatedCVE-2017-16082
MISC
MISCbrit95 -- lab6


*lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16140
MISC
MISCbroofa -- node-mime
*The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.2018-06-06not yet calculatedCVE-2017-16138
MISC
MISCbrother -- hl-l2340d_printers_and_hl-l2380dw_printers
*Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.2018-06-01not yet calculatedCVE-2018-11581
MISC
EXPLOIT-DBbyucslabsix -- byucslabsix
*byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16166
MISC
MISCcalmquist.static-server -- calmquist.static-server
*calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16165
MISC
MISCcanon -- lbp6030w_web_interface
*A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.2018-06-07not yet calculatedCVE-2018-12049
MISCcanon -- lbp7110cw_web_interface
*A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.2018-06-07not yet calculatedCVE-2018-12048
MISCcanon -- mf210_and_mf220_web_interface
*A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device.2018-06-04not yet calculatedCVE-2018-11711
MISC
EXPLOIT-DBcanon -- multiple_devices
*An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus.2018-06-04not yet calculatedCVE-2018-11692
MISC
EXPLOIT-DBcaolan -- forms


*Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting2018-06-04not yet calculatedCVE-2017-16015
MISC
MISCcaolilinode -- caolilinode
*caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16159
MISC
MISCcedced19 -- fast-http
*fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16155
MISC
MISCcensorify.tanisjr -- censorify.tanisjr
*censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16157
MISC
MISCcharset -- charset
*charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.2018-06-06not yet calculatedCVE-2017-16098
MISC
MISCchatbyvista -- chatbyvista
*chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16177
MISC
MISCcisco -- 6800_and_7800_and_8800_series_ip_phones
*A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.2018-06-07not yet calculatedCVE-2018-0316
CONFIRMcisco -- adaptive_security_appliance
*A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.2018-06-07not yet calculatedCVE-2018-0296
CONFIRMcisco -- anyconnect_network_access_manager_and_anyconnect_s ecure_mobility_client
*A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.2018-06-07not yet calculatedCVE-2018-0334
CONFIRMcisco -- appdynamics_app_iq_platform
*The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.2018-06-08not yet calculatedCVE-2018-0225
CONFIRMcisco -- firesight_system_software
*A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerability is due to incorrect management of the configured interface names and VPN parameters when dynamic CLI configuration changes are performed. An attacker could exploit this vulnerability by sending packets through an interface on the targeted device. A successful exploit could allow the attacker to bypass configured VPN policies. Cisco Bug IDs: CSCvh49388.2018-06-07not yet calculatedCVE-2018-0333
BID
CONFIRMcisco -- identity_services_engine
*A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.2018-06-07not yet calculatedCVE-2018-0339
CONFIRMcisco -- integrated_management_controller_supervisor_softwa re_and_ ucs_director_software
*A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.2018-06-07not yet calculatedCVE-2018-0149
CONFIRMcisco -- ios_xe_software
*A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380.2018-06-07not yet calculatedCVE-2018-0315
BID
CONFIRMcisco -- meeting_server
*A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.2018-06-07not yet calculatedCVE-2018-0263
BID
CONFIRMcisco -- multiple_productsMultiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.2018-06-07not yet calculatedCVE-2017-6779
CONFIRMcisco -- network_services_orchestrator
*A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.2018-06-07not yet calculatedCVE-2018-0274
CONFIRMcisco -- node-jose
*node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.2018-06-04not yet calculatedCVE-2017-16007
MISC
MISC
MISC
MISCcisco -- prime_collaboration_provisioningA vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.2018-06-07not yet calculatedCVE-2018-0319
CONFIRMcisco -- prime_collaboration_provisioning
*A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.2018-06-07not yet calculatedCVE-2018-0335
CONFIRMcisco -- prime_collaboration_provisioning
*A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61754.2018-06-07not yet calculatedCVE-2018-0320
BID
CONFIRMcisco -- prime_collaboration_provisioning
*A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.2018-06-07not yet calculatedCVE-2018-0336
CONFIRMcisco -- prime_collaboration_provisioning
*A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd61746.2018-06-07not yet calculatedCVE-2018-0321
BID
CONFIRMcisco -- prime_collaboration_provisioning
*A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779.2018-06-07not yet calculatedCVE-2018-0322
CONFIRMcisco -- prime_collaboration_provisioning
*A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245.2018-06-07not yet calculatedCVE-2018-0318
CONFIRMcisco -- prime_collaboration_provisioning
*A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvc90286.2018-06-07not yet calculatedCVE-2018-0317
CONFIRMcisco -- unified_communications_manager
*A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.2018-06-07not yet calculatedCVE-2018-0340
CONFIRMcisco -- unified_communications_manager
*A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.2018-06-07not yet calculatedCVE-2018-0355
CONFIRMcisco -- unified_computing_system
*A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.2018-06-07not yet calculatedCVE-2018-0338
CONFIRMcisco -- unified_ip_phone_software
*A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.2018-06-07not yet calculatedCVE-2018-0332
CONFIRMcisco -- unity_connection
*A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvf76417.2018-06-07not yet calculatedCVE-2018-0354
CONFIRMcisco -- web_security_appliance
*A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875.2018-06-07not yet calculatedCVE-2018-0353
BID
CONFIRMcisco -- webex
*A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi63757.2018-06-07not yet calculatedCVE-2018-0356
BID
CONFIRMcisco -- webex
*A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274.2018-06-07not yet calculatedCVE-2018-0357
BID
CONFIRMcisco -- wide_area_application_services_software
*A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673.2018-06-07not yet calculatedCVE-2018-0352
CONFIRMcisco -- wide_area_application_services
*A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137.2018-06-07not yet calculatedCVE-2018-0329
CONFIRMcitypredict.whauwiller -- citypredict.whauwiller
*citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16104
MISC
MISCclang-extra -- clang-extra
*The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10655
MISCcloud_foundry -- diego
*Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.2018-06-06not yet calculatedCVE-2018-1265
CONFIRMcloud_foundry -- loggregator
*Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.2018-06-06not yet calculatedCVE-2018-1268
CONFIRMcloud_foundry -- loggregator
*Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.2018-06-06not yet calculatedCVE-2018-1269
CONFIRMcloudpub-redis -- cloudpub-redis
*cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10672
MISCco-cli-installer -- co-cli-installer
*co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10657
MISCcofee-script -- cofee-script
*The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16206
MISCcofeescript -- cofeescript
*The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16202
MISCcoffe-script -- coffe-script
*The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16205
MISCcoffe-script -- coffe-script
*The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16203
MISCcommentapp.stetsonwood -- commentapp.stetsonwood


*commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16143
MISC
MISCcreatiwity -- witycms
*A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.2018-06-08not yet calculatedCVE-2018-12065
MISC
MISCcrestron -- mulitple_devices
*Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).2018-06-07not yet calculatedCVE-2018-11229
CONFIRMcrestron -- mulitple_devices
*Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).2018-06-07not yet calculatedCVE-2018-11228
CONFIRMcross-env.js -- cross-env.js
*cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-06-06not yet calculatedCVE-2017-16081
MISCcrossenv -- crossenv
*crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-06-06not yet calculatedCVE-2017-16074
MISCcuciuci -- cuciuci
*cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16122
MISC
MISCcyber-js -- cyber-js
*cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16093
MISC
MISCcypserver -- cypserver
*cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16191
MISC
MISCdanlevan -- bracket-template

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template2018-06-06not yet calculatedCVE-2018-3735
MISCdasafio -- dasafio
*dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files.2018-06-06not yet calculatedCVE-2017-16179
MISC
MISCdatachannel-client -- datachannel-clientdatachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16121
MISC
MISCdcdcdcdcdc -- dcdcdcdcdc
*dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16190
MISC
MISCdckt -- localhost-now
*localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.2018-06-06not yet calculatedCVE-2018-3729
MISCdcserver -- dcserver
*dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16158
MISC
MISCdedecms -- dedecms
*DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.2018-06-07not yet calculatedCVE-2018-12045
MISCdedecms -- dedecms
*DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.2018-06-07not yet calculatedCVE-2018-12046
MISCdesafio -- desafio
*desafio a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files.2018-06-06not yet calculatedCVE-2017-16164
MISC
MISCdgard8 -- lab6

dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16218
MISC
MISCdiscordi.js -- discordi.js
*discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.2018-06-06not yet calculatedCVE-2017-16207
MISCdisplaylink -- core_software_cleaner_application
*An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.2018-06-05not yet calculatedCVE-2018-7884
FULLDISCdmmcquay.lab6 -- dmmcquay.lab6
*dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16208
MISC
MISCdodo -- node-slug

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.2018-06-06not yet calculatedCVE-2017-16117
MISC
MISCdrewfus -- lab6


*lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16141
MISC
MISCduyetdev -- static-html-server

static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16152
MISC
MISCdylmomo -- dylmomo
*dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16163
MISC
MISCearlybird -- earlybird
*earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16154
MISC
MISCeasyquick -- easyquick
*easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not supported" error.2018-06-06not yet calculatedCVE-2017-16109
MISC
MISCeclipse -- mosquitto
*In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.2018-06-05not yet calculatedCVE-2017-7654
CONFIRMeclipse -- mosquitto
*The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.2018-06-05not yet calculatedCVE-2017-7653
CONFIRMeeems -- pooledwebsocket
*pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16107
MISC
MISCelding -- elding
*elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.2018-06-06not yet calculatedCVE-2017-16222
MISC
MISCelectron -- electron
*Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.2018-06-06not yet calculatedCVE-2017-16151
MISC
MISCemreovunc -- eaton-intelligent-power-manager-local
*Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.2018-06-07not yet calculatedCVE-2018-12031
MISCems -- master_calendarData input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.2018-06-01not yet calculatedCVE-2018-11628
MISC
MISC
EXPLOIT-DBenserver -- enserver
*enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16209
MISC
MISCerming -- shout


*Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0
sendpm.gif Reply With Quote
Sponsored Links