The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 06-06-2018, 05:14 AM
The Patriot's Avatar
The Patriot The Patriot is offline
Senior Member
 

Join Date: Jun 2002
Posts: 1,386,283
Default SB18-155: Vulnerability Summary for the Week of May 28, 2018

SB18-155: Vulnerability Summary for the Week of May 28, 2018

06-04-2018 05:16 AM

Original release date: June 04, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1000ch -- dwebp-bin


*dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10633
MISCaerospike -- aerospike-client-nodejs


*aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10558
MISCair-sdk -- air-sdk
*air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10603
MISCairbrake -- node-airbrake
*The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.2018-05-31not yet calculatedCVE-2016-10530
MISC
MISCalexyoung -- jadedown
*jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2016-10520
MISCandzdroid -- paypal-ipn
*paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.2018-05-29not yet calculatedCVE-2014-10067
MISC
MISCappgyver -- steroids
*Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10581
MISCappium -- appium-chromedriver


*appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10557
MISCapple -- safari
*webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash.2018-06-01not yet calculatedCVE-2018-11646
MISC
MISCappnitro -- machform
*An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409
MISC
EXPLOIT-DB
MISCappnitro -- machform
*An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410
MISC
EXPLOIT-DB
MISCappnitro -- machform
*An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411
MISC
EXPLOIT-DB
MISCarian -- selenium-wrapper


*selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10628
MISCarrayfire -- arrayfire-js


*arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10598
MISCartifex -- ghostscript
*psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.2018-06-01not yet calculatedCVE-2018-11645
MISC
MISCartiomshapovalov -- tomita-parser


*tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10666
MISCarve0 -- node-geoip-country
*geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10568
MISCatob -- atob
*atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.2018-05-29not yet calculatedCVE-2018-3745
MISCauth0 -- node-jsonwebtokenIn jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).2018-05-29not yet calculatedCVE-2015-9235
MISC
MISC
MISC
MISCbarretts -- node-iedriver


*iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10562
MISCbem-archive -- imageoptim


*imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10596
MISCbionode -- bionode-sra


*bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10613
MISCbitmain -- antminer_d3_and_l3+_and_s9_devices
*Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.2018-05-31not yet calculatedCVE-2018-11220
EXPLOIT-DBbloodaxe -- npm-native-opencv

native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10658
MISCbluesmoon -- node-geoip


*adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.2018-05-29not yet calculatedCVE-2016-10680
MISCbmw -- multiple_vehiclesThe Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9318
BID
MISC
MISCbmw -- multiple_vehicles
*The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.2018-05-31not yet calculatedCVE-2018-9322
BID
MISC
MISCbmw -- multiple_vehicles
*The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.2018-05-31not yet calculatedCVE-2018-9313
BID
MISC
MISCbmw -- multiple_vehicles
*The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9320
BID
MISC
MISCbmw -- multiple_vehicles
*The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9312
BID
MISC
MISCbmw -- multiple_vehicles
*The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.2018-05-31not yet calculatedCVE-2018-9314
BID
MISC
MISCbmw -- multiple_vehicles
*The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9311
BID
MISC
MISCbroccoli -- broccoli


*broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10635
MISCbrother -- hl-l2340d_and_hl-l2380dw_series_printers
*Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.2018-06-01not yet calculatedCVE-2018-11581
MISCbulain -- grunt-webdriver-qunit


*grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10606
MISCcaspervonb -- bitty


*Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.2018-05-31not yet calculatedCVE-2016-10561
MISCclippercms -- clippercms
*ClipperCMS 1.3.3 allows Session Fixation.2018-05-30not yet calculatedCVE-2018-11571
MISCclippercms -- clippercms
*ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.2018-05-30not yet calculatedCVE-2018-11572
MISCcloudcmd -- console-io
*console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.2018-05-31not yet calculatedCVE-2016-10532
MISCcmseasy -- cmseasy
*An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.2018-06-02not yet calculatedCVE-2018-11679
MISC
MISCcmseasy -- cmseasy
*An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.2018-06-02not yet calculatedCVE-2018-11680
MISCcnpm -- node-operadriver
*operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10565
MISCcobalt-cli -- cobalt-cli
*cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10597
MISCcodecanyon.net -- easyservice_billing
*The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443
MISC
EXPLOIT-DBcodecanyon.net -- easyservice_billing
*A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445
MISC
EXPLOIT-DBcodecanyon.net -- easyservice_billing
*A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444
MISC
EXPLOIT-DBcodecanyon.net -- easyservice_billing
*A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442
MISC
EXPLOIT-DBcoderaiser -- node-restafary
*restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.2018-05-31not yet calculatedCVE-2016-10528
MISCconnected-web -- product-monitor


*product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10567
MISCcreatiwity -- witycms
*Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.2018-05-28not yet calculatedCVE-2018-11512
MISC
MISC
EXPLOIT-DBcscms -- cscms
*An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.2018-05-29not yet calculatedCVE-2018-11527
MISCdalekjs -- dalek-browser-chrome

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10604
MISCdalekjs -- dalek-browser-chrome-canary
*dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10584
MISCdalekjs -- dalek-browser-ie
*dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10605
MISCdalekjs -- dalek-browser-ie


*dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10612
MISCdanielcardoso -- html-pages


*The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.2018-05-29not yet calculatedCVE-2018-3744
MISC
MISCdanielfm -- jshamcrestjshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.2018-05-31not yet calculatedCVE-2016-10521
MISCdataiku -- dataiku_dss
*The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.2018-05-28not yet calculatedCVE-2018-10732
MISC
MISCdavidmarkclements -- install-nw


*install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10566
MISCdchem -- node-ibapi
*ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10593
MISCdcodeio -- closurecompiler.js
*closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10582
MISCddopson -- node-sauce-connect


*sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10599
MISCdell_emc -- recoverpoint_and_recoverpoint_for_vms
*Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.2018-05-29not yet calculatedCVE-2018-1241
FULLDISC
BIDdell_emc -- recoverpoint_and_recoverpoint_for_vms
*Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.2018-05-29not yet calculatedCVE-2018-1235
FULLDISC
BIDdell_emc -- recoverpoint_and_recoverpoint_for_vms
*Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.2018-05-29not yet calculatedCVE-2018-1242
FULLDISC
BIDdelta_electronics -- automation_tpeditor
*In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871
BID
MISCdirtyhairy -- node-libxl
*libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10585
MISCdomainmod -- domainmod
*DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.2018-05-30not yet calculatedCVE-2018-11559
MISCdomainmod -- domainmod
*DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.2018-05-30not yet calculatedCVE-2018-11558
MISCdtao -- fancy-server
*Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.2018-05-31not yet calculatedCVE-2014-10066
MISCdtsearch -- dtsearch
*A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.2018-05-29not yet calculatedCVE-2018-11488
MISC
MISC
MISCdwyl -- hapi-auth-jwt2
*When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.2018-05-29not yet calculatedCVE-2016-10525
MISC
MISC
MISCelectron-userland -- electron-packager
*electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 =6.0.0
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 04:41 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.