The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 05-29-2018, 09:35 AM
The Patriot's Avatar
The Patriot The Patriot is offline
Senior Member
 

Join Date: Jun 2002
Posts: 1,381,174
Default SB18-148: Vulnerability Summary for the Week of May 21, 2018

SB18-148: Vulnerability Summary for the Week of May 21, 2018

05-28-2018 04:09 AM

Original release date: May 28, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb -- srea-01
*In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.2018-05-24not yet calculatedCVE-2017-9664
BID
MISCaccellion -- kitewords
*Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.2018-05-24not yet calculatedCVE-2017-9421
MISCadobe -- acrobat_and_reader
*Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4918
BID
SECTRACK
MISCadobe -- acrobat_and_reader
*Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4917
BID
SECTRACK
MISCadobe -- coldfusion
*Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4941
BID
MISCadobe -- coldfusion
*Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4938
BID
MISCadobe -- coldfusion
*Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4942
BID
MISCadobe -- coldfusion
*Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4940
BID
MISCadobe -- coldfusion
*Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-05-19not yet calculatedCVE-2018-4939
BID
MISCadobe -- connect
*Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.2018-05-19not yet calculatedCVE-2018-4923
BID
SECTRACK
MISCadobe -- connect
*Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4994
BID
SECTRACK
MISCadobe -- connect
*Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4921
BID
SECTRACK
MISCadobe -- creative_cloud_desktop_applicationAdobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4873
BID
SECTRACK
MISCadobe -- creative_cloud_desktop_application
*Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.2018-05-19not yet calculatedCVE-2018-4991
BID
SECTRACK
MISCadobe -- creative_cloud_desktop_application
*Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4992
BID
SECTRACK
MISCadobe -- digital_editions
*Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4925
BID
MISCadobe -- digital_editions
*Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4926
BID
MISCadobe -- dreamweaver_cc
*Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4924
BID
SECTRACK
MISCadobe -- experience_manager
*Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4930
BID
MISCadobe -- experience_manager
*Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4931
BID
MISCadobe -- experience_manager
*Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4929
BID
MISCadobe -- flash_playerAdobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4936
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- flash_player
*Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4920
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
*Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4933
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
*Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4934
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- flash_player
*Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4919
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
*Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4937
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- flash_player
*Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4944
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
*Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4932
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
*Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4935
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- indesign
*Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4927
BID
MISCadobe -- indesign
*Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4928
BID
MISCadobe -- phonegap_push_plugin
*Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.2018-05-19not yet calculatedCVE-2018-4943
BID
MISCapache -- batik
*In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.2018-05-24not yet calculatedCVE-2018-8013
BID
MLIST
MLIST
CONFIRMapache -- nifi
*Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-05-23not yet calculatedCVE-2018-1309
CONFIRMapache -- nifi
*Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-05-23not yet calculatedCVE-2018-1310
CONFIRMapache -- orc
*In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.2018-05-18not yet calculatedCVE-2018-8015
BID
CONFIRMapache -- solr
*This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.2018-05-21not yet calculatedCVE-2018-8010
BID
MISCapache -- zookeeper
*No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.2018-05-21not yet calculatedCVE-2018-8012
BID
SECTRACK
MISCappnitro_software -- machform
*An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411
MISC
MISCappnitro_software -- machform
*An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410
MISC
MISCappnitro_software -- machform
*An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409
MISC
MISCasustor -- as6202t_adm
*An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.2018-05-21not yet calculatedCVE-2018-11340
MISCasustor -- as6202t_adm
*An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.2018-05-21not yet calculatedCVE-2018-11346
MISCasustor -- as6202t_adm
*A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.2018-05-21not yet calculatedCVE-2018-11343
MISCasustor -- as6202t_adm
*An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system.2018-05-21not yet calculatedCVE-2018-11345
MISCasustor -- as6202t_adm
*Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.2018-05-21not yet calculatedCVE-2018-11341
MISCasustor -- as6202t_adm
*A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.2018-05-21not yet calculatedCVE-2018-11342
MISCasustor -- as6202t_adm
*A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.2018-05-21not yet calculatedCVE-2018-11344
MISCati_systems -- emergency_mass_notification_systems
*In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.2018-05-25not yet calculatedCVE-2018-8862
BID
MISCati_systems -- emergency_mass_notification_systems
*In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.2018-05-25not yet calculatedCVE-2018-8864
BID
MISCbeaconmedaes*-- scroll_medical_air_systems
*In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.2018-05-24not yet calculatedCVE-2018-7526
MISCbeaconmedaes*-- scroll_medical_air_systems
*In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.2018-05-24not yet calculatedCVE-2018-7518
MISCbearadmin -- bearadmin
*An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.2018-05-24not yet calculatedCVE-2018-11413
MISCbearadmin -- bearadmin
*An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.2018-05-24not yet calculatedCVE-2018-11414
MISCbecton_dickinson_and_company -- bd_kiestra_inoquia_systems
*A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.2018-05-24not yet calculatedCVE-2018-10593
MISC
CONFIRMbecton_dickinson_and_company -- bd_kiestra_systems
*A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.2018-05-24not yet calculatedCVE-2018-10595
MISC
CONFIRMbitdroid -- werewolf_online_app_android
*The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.2018-05-26not yet calculatedCVE-2018-11505
MISCcitrix -- xenmobile_server
*There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10653
CONFIRMcitrix -- xenmobile_server
*There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10652
CONFIRMcitrix -- xenmobile_server
*There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10654
CONFIRMcitrix -- xenmobile_server
*There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10648
CONFIRMcitrix -- xenmobile_server
*There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10650
CONFIRMcitrix -- xenmobile_server
*There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10649
CONFIRMcitrix -- xenmobile_server
*There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10651
CONFIRMckeditor_5 -- ckeditor_5
*Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.2018-05-22not yet calculatedCVE-2018-11093
CONFIRM
CONFIRMclippercms -- clippercms
*Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.2018-05-24not yet calculatedCVE-2018-11332
MISCcloudera -- hue
*Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.2018-05-22not yet calculatedCVE-2015-8094
CONFIRM
CONFIRM
CONFIRM
MISCcloudfoundry -- cloudfoundry
*Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.2018-05-23not yet calculatedCVE-2018-1193
CONFIRMcockpit_project -- cockpit
*Cockpit 0.5.5 has XSS via a collection, form, or region.2018-05-25not yet calculatedCVE-2018-11471
MISCcodecanyon.net -- easyservice_billing
*A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445
MISCcodecanyon.net -- easyservice_billing
*A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444
MISCcodecanyon.net -- easyservice_billing


*A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442
MISCcodecanyon.net -- easyservice_billing
*The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443
MISCcodecanyon.net -- horse_market_sell_and_rent_portal_script


*Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.2018-05-21not yet calculatedCVE-2018-11096
EXPLOIT-DBcppcms -- cppcms
*An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module.2018-05-22not yet calculatedCVE-2018-11367
MISCcurl -- curl
*curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.2018-05-24not yet calculatedCVE-2018-1000301
BID
SECTRACK
CONFIRM
MLIST
UBUNTU
UBUNTU
DEBIANcurl -- curl
*curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.2018-05-24not yet calculatedCVE-2018-1000300
BID
SECTRACK
CONFIRM
UBUNTUd-link -- dsl-3782_router
*A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.2018-05-23not yet calculatedCVE-2018-8898
MISC
EXPLOIT-DBdahua_technology-- ip_devices
*Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.2018-05-23not yet calculatedCVE-2017-9317
CONFIRMdelta_electronics -- industrial_automation_tpeditor
*In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871
MISCdiscount -- discount
*The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-25not yet calculatedCVE-2018-11468
MISCdiscount -- discount
*The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-26not yet calculatedCVE-2018-11503
MISCdiscount -- discount
*The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-26not yet calculatedCVE-2018-11504
MISCdolibarr -- dolibarr
*The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.2018-05-22not yet calculatedCVE-2018-10092
MLIST
CONFIRM
CONFIRM
MISCdolibarr -- dolibarr
*SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.2018-05-22not yet calculatedCVE-2018-10094
MLIST
CONFIRM
CONFIRM
MISCdolibarr -- dolibarr
*SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.2018-05-22not yet calculatedCVE-2018-9019
CONFIRM
CONFIRMdolibarr -- dolibarr
*Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.2018-05-22not yet calculatedCVE-2018-10095
MLIST
CONFIRM
CONFIRM
MISCdomainmod -- domainmod
*DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.2018-05-24not yet calculatedCVE-2018-11404
MISCdomainmod -- domainmod
*DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.2018-05-24not yet calculatedCVE-2018-11403
MISCethereum -- dimoncoin_token
*The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.2018-05-24not yet calculatedCVE-2018-11411
MISCethereum -- ether_cartel
*The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.2018-05-22not yet calculatedCVE-2018-11329
MISCfortinet -- fortios
*A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.2018-05-24not yet calculatedCVE-2017-14187
SECTRACK
CONFIRMfortinet -- fortios
*An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.2018-05-25not yet calculatedCVE-2017-14185
CONFIRMfoxit -- foxit_reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5680.2018-05-24not yet calculatedCVE-2018-5679
MISC
CONFIRMfoxit -- foxit_reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678.2018-05-24not yet calculatedCVE-2018-5676
MISC
CONFIRMfoxit -- foxit_reader
*An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process.2018-05-24not yet calculatedCVE-2018-7406
MISC
CONFIRMfoxit -- foxit_reader
*An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.2018-05-24not yet calculatedCVE-2018-7407
MISC
CONFIRMfoxit -- foxit_reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678.2018-05-24not yet calculatedCVE-2018-5674
MISC
CONFIRMfoxit -- foxit_reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679.2018-05-24not yet calculatedCVE-2018-5680
MISC
CONFIRMfoxit -- foxit_reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5679 and CVE-2018-5680.2018-05-24not yet calculatedCVE-2018-5677
MISC
CONFIRMfoxit -- foxit_reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.2018-05-24not yet calculatedCVE-2018-5675
MISC
CONFIRMfoxit -- foxit_reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676.2018-05-24not yet calculatedCVE-2018-5678
MISC
CONFIRMfrappe_technologies -- erpnext
*An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.2018-05-21not yet calculatedCVE-2018-11339
MISC
MISC
EXPLOIT-DBge_automation -- pacssystems
*In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.2018-05-18not yet calculatedCVE-2018-8867
BID
MISCgiflib -- giflib
*The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11489
MISCgiflib -- giflib
*The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11490
MISCgnome_project -- gnome_web
*ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.2018-05-23not yet calculatedCVE-2018-11396
CONFIRMgnu -- gnu_c_library
*An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.2018-05-18not yet calculatedCVE-2018-11237
BID
MISC
EXPLOIT-DBgnu -- gnu_c_library
*stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.2018-05-18not yet calculatedCVE-2018-11236
BID
MISC
MISChaproxy -- haproxy
*Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.2018-05-25not yet calculatedCVE-2018-11469
CONFIRMhawtio -- hawtio
*hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.2018-05-22not yet calculatedCVE-2017-2617
BID
REDHAT
CONFIRMhp -- network_operations_management_ultimate
*SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.2018-05-22not yet calculatedCVE-2018-6493
BID
SECTRACK
CONFIRMhp -- network_operations_management_ultimate
*Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.2018-05-22not yet calculatedCVE-2018-6492
BID
SECTRACK
CONFIRMhp -- service_manager_software_web_tier
*Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.2018-05-22not yet calculatedCVE-2018-6494
BID
SECTRACK
CONFIRMhuawei -- 1288h_and_288H
*Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7902
CONFIRMhuawei -- 1288h_and_288H
*Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7903
CONFIRMhuawei -- 1288h_and_288H
*Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7904
CONFIRMhuawei -- ibmc
*The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.2018-05-24not yet calculatedCVE-2018-7942
CONFIRMhuawei -- smart_phones
*Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.2018-05-24not yet calculatedCVE-2017-17158
CONFIRMhuwaei -- multiple_products
*Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal.2018-05-24not yet calculatedCVE-2017-17315
CONFIRMibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.2018-05-25not yet calculatedCVE-2018-1452
CONFIRM
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.2018-05-25not yet calculatedCVE-2018-1544
CONFIRM
SECTRACK
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.2018-05-25not yet calculatedCVE-2018-1488
CONFIRM
SECTRACK
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.2018-05-25not yet calculatedCVE-2018-1565
CONFIRM
SECTRACK
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.2018-05-25not yet calculatedCVE-2018-1451
CONFIRM
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.2018-05-25not yet calculatedCVE-2018-1449
CONFIRM
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.2018-05-25not yet calculatedCVE-2018-1459
CONFIRM
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.2018-05-25not yet calculatedCVE-2018-1515
CONFIRM
SECTRACK
XFibm -- db2
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045.2018-05-25not yet calculatedCVE-2018-1450
CONFIRM
XFibm -- storediq
*IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331.2018-05-22not yet calculatedCVE-2018-1583
CONFIRM
XFibm -- storwize_v7000
*The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.2018-05-25not yet calculatedCVE-2018-1467
CONFIRM
XFibm -- tivoli_application_dependency_discovery_manager
*IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.2018-05-24not yet calculatedCVE-2013-3023
CONFIRM
XFibm -- tivoli_application_dependency_discovery_manager
*The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.2018-05-24not yet calculatedCVE-2013-3018
CONFIRM
XFibm -- urbancode_deploy
*IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.2018-05-25not yet calculatedCVE-2017-1752
CONFIRM
XFibm -- websphere_application_server
*IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.2018-05-24not yet calculatedCVE-2013-3024
CONFIRM
XFilias -- ilias
*ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.2018-05-23not yet calculatedCVE-2018-10428
MISC
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
MISCimagemagick -- imagemagick
*In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.2018-05-18not yet calculatedCVE-2017-18273
CONFIRM
MLISTimagemagick -- imagemagick
*In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.2018-05-18not yet calculatedCVE-2018-11251
CONFIRM
MLISTimagemagick -- imagemagick
*In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.2018-05-18not yet calculatedCVE-2017-18271
CONFIRM
MLISTiscripts -- eswap
*iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.2018-05-22not yet calculatedCVE-2018-11372
MISCiscripts -- eswap
*iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.2018-05-22not yet calculatedCVE-2018-11373
MISCiscripts -- eswap
*iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.2018-05-25not yet calculatedCVE-2018-11470
MISCjboss -- jboss_jbossas
*Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.2018-05-22not yet calculatedCVE-2016-8656
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRMjboss -- undertow_web_server
*In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.2018-05-21not yet calculatedCVE-2018-1067
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRMjenkins -- jenkins
*Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).2018-05-23not yet calculatedCVE-2017-2598
BID
CONFIRM
CONFIRM
CONFIRMjenkins -- jenkins
*jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.2018-05-22not yet calculatedCVE-2017-2609
BID
CONFIRM
CONFIRMjenkins -- jenkins
*jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.2018-05-21not yet calculatedCVE-2017-2607
BID
CONFIRMjerryscript -- jerryscript
*An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.2018-05-24not yet calculatedCVE-2018-11418
MISCjerryscript -- jerryscript
*An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.2018-05-24not yet calculatedCVE-2018-11419
MISCjoomla! -- joomla!
*In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.2018-05-22not yet calculatedCVE-2018-6378
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.2018-05-22not yet calculatedCVE-2018-11321
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.2018-05-22not yet calculatedCVE-2018-11323
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.2018-05-22not yet calculatedCVE-2018-11322
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.2018-05-22not yet calculatedCVE-2018-11327
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.2018-05-22not yet calculatedCVE-2018-11325
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.2018-05-22not yet calculatedCVE-2018-11326
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.2018-05-22not yet calculatedCVE-2018-11328
BID
SECTRACK
MISCjoomla! -- joomla!
*An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.2018-05-22not yet calculatedCVE-2018-11324
BID
SECTRACK
MISCjpegoptim -- jpegoptim
*jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-24not yet calculatedCVE-2018-11416
MISC
MISCk2 -- smartforms
*Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.2018-05-24not yet calculatedCVE-2018-9920
BUGTRAQkemp_technologies -- loadmaster_operating_system_long_term_support
*A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.2018-05-25not yet calculatedCVE-2018-9091
CONFIRMkliqqi -- kliqqi
*Kliqqi 2.0.2 has CSRF in admin/admin_users.php.2018-05-24not yet calculatedCVE-2018-11405
MISCkubernetes-incubator/cri-o -- kubernetes-incubator/cri-o


*Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.2018-05-18not yet calculatedCVE-2018-1000400
BID
MISCliblouis -- liblouis
*An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-24not yet calculatedCVE-2018-11410
MISC
MISCliblouis -- liblouis
*Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.2018-05-25not yet calculatedCVE-2018-11440
MISClibsass -- libsass
*A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11499
MISClinux -- linux_kernelkernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.2018-05-21not yet calculatedCVE-2018-1108
BID
CONFIRM
DEBIANlinux -- linux_kernel
*In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.2018-05-24not yet calculatedCVE-2018-11412
MISC
MISClinux -- linux_kernel
*The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.2018-05-24not yet calculatedCVE-2018-1000199
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
MLIST
UBUNTU
DEBIAN
DEBIANlinux -- linux_kernel
*In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.2018-05-18not yet calculatedCVE-2017-18270
CONFIRM
BID
CONFIRM
CONFIRMlizard -- lizard
*In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.2018-05-26not yet calculatedCVE-2018-11498
MISClong_range_zip -- long_range_zip
*In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.2018-05-26not yet calculatedCVE-2018-11496
MISCmagnicomp -- sysinfo
*MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.2018-05-21not yet calculatedCVE-2018-7268
MISC
BUGTRAQ
MISCmakemytrip.com -- makemytrip_app_android
*An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.2018-05-20not yet calculatedCVE-2018-11242
MISC
EXPLOIT-DBmcafee -- data_loss_prevention_endpoint
*Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.2018-05-25not yet calculatedCVE-2018-6664
SECTRACK
CONFIRMmcafee -- network_security_management
*Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.2018-05-25not yet calculatedCVE-2017-3961
CONFIRMmcafee -- virusscan_enterprise
*Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.2018-05-25not yet calculatedCVE-2018-6674
BID
SECTRACK
CONFIRMmicro_focus -- client_for_oes
*The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.2018-05-21not yet calculatedCVE-2018-7687
MISC
MISCmicro_focus -- multiple_products
*Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).2018-05-23not yet calculatedCVE-2018-6495
SECTRACK
CONFIRMmicrosoft -- office
*A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.2018-05-23not yet calculatedCVE-2018-8176
BID
SECTRACK
CONFIRMmicrosoft -- windows
*A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.2018-05-21not yet calculatedCVE-2018-8142
BID
CONFIRMmonstra -- monstra_cms
*Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).2018-05-25not yet calculatedCVE-2018-11472
MISC
MISCmonstra -- monstra_cms
*Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.2018-05-25not yet calculatedCVE-2018-11475
MISCmonstra -- monstra_cms
*Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.2018-05-25not yet calculatedCVE-2018-11474
MISCmonstra -- monstra_cms
*Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).2018-05-25not yet calculatedCVE-2018-11473
MISC
MISCmoodle -- moodle
*An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.2018-05-25not yet calculatedCVE-2018-1133
CONFIRMmoodle -- moodle
*An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1134
CONFIRMmoodle -- moodle
*An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.2018-05-25not yet calculatedCVE-2018-1136
CONFIRMmoodle -- moodle
*An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.2018-05-25not yet calculatedCVE-2018-1137
CONFIRMmoodle -- moodle
*An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1135
CONFIRMmultiple_vendors -- multiple_products
*Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.2018-05-22not yet calculatedCVE-2018-3639
CONFIRM
BID
SECTRACK
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
EXPLOIT-DB
CONFIRM
CERT-VN
CONFIRM
CERTmultiple_vendors -- multiple_products
*Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.2018-05-22not yet calculatedCVE-2018-3640
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CISCO
CONFIRM
CERT-VN
CONFIRM
CERTmupdf -- mupdfIn MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.2018-05-24not yet calculatedCVE-2018-1000040
CONFIRM
MISC
MISC
MISC
MISC
MISCmupdf -- mupdf
*In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.2018-05-24not yet calculatedCVE-2018-1000039
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISCmupdf -- mupdf
*In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.2018-05-24not yet calculatedCVE-2018-1000038
CONFIRM
CONFIRM
MISCmupdf -- mupdf
*In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.2018-05-24not yet calculatedCVE-2018-1000036
MISCmupdf -- mupdf
*In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.2018-05-24not yet calculatedCVE-2018-1000037
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
MISCmybb -- mybb
*An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.2018-05-21not yet calculatedCVE-2018-11092
CONFIRM
CONFIRM
EXPLOIT-DBmyscada -- mypro
*A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.2018-05-20not yet calculatedCVE-2018-11311
MISC
MISC
EXPLOIT-DBnetapp -- oncommand_unified_manager
*NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.2018-05-24not yet calculatedCVE-2018-5487
CONFIRMnetapp -- oncommand_unified_manager
*NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.2018-05-24not yet calculatedCVE-2018-5485
CONFIRMoctopus -- deploy
*In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.2018-05-21not yet calculatedCVE-2018-11320
CONFIRMopencart -- opencart
*In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.2018-05-23not yet calculatedCVE-2018-11231
MISCopencart -- opencart
*OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.2018-05-26not yet calculatedCVE-2018-11495
MISCopencart -- opencart
*The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].2018-05-26not yet calculatedCVE-2018-11494
MISCopenflow -- openflow
*OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.2018-05-24not yet calculatedCVE-2018-1000155
MISCosisoft -- pi_coresight
*PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.2018-05-25not yet calculatedCVE-2017-9641
BID
MISC
CONFIRMpbootcms -- pbootcms
*An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.2018-05-22not yet calculatedCVE-2018-11369
MISCpdfgen -- pdfgen
*jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.2018-05-22not yet calculatedCVE-2018-11363
MISC
MISCphpmywind -- phpmywind
*PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.2018-05-26not yet calculatedCVE-2018-11487
MISCphpscriptsmall.com -- website_seller_script
*PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.2018-05-26not yet calculatedCVE-2018-11501
MISCpluck -- pluck
*An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.2018-05-21not yet calculatedCVE-2018-11330
MISC
MISCpluck -- pluck
*An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.2018-05-21not yet calculatedCVE-2018-11331
MISC
MISCprocps-ng/procps -- procps-ng/procps
*procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.2018-05-23not yet calculatedCVE-2018-1126
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
*procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.2018-05-23not yet calculatedCVE-2018-1125
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
*procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).2018-05-23not yet calculatedCVE-2018-1123
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
*procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.2018-05-23not yet calculatedCVE-2018-1122
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
*procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.2018-05-23not yet calculatedCVE-2018-1124
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISCpubliccms -- publiccms
*An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.2018-05-26not yet calculatedCVE-2018-11500
MISCradare -- radare2
*The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.2018-05-22not yet calculatedCVE-2018-11384
MISC
MISCradare -- radare2
*The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11377
MISC
MISC
MISCradare -- radare2
*The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.2018-05-22not yet calculatedCVE-2018-11378
MISC
MISCradare -- radare2
*The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.2018-05-22not yet calculatedCVE-2018-11376
MISC
MISCradare -- radare2
*The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11375
MISC
MISCradare -- radare2
*The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.2018-05-22not yet calculatedCVE-2018-11380
MISC
MISCradare -- radare2
*The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.2018-05-22not yet calculatedCVE-2018-11383
MISC
MISCradare -- radare2
*The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11381
MISC
MISCradare -- radare2
*The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11382
MISC
MISCradare -- radare2
*The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.2018-05-22not yet calculatedCVE-2018-11379
MISC
MISCradio_thermostat -- ct50_and_ct80
*The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860.2018-05-20not yet calculatedCVE-2018-11315
MISCreadstat -- readstat
*sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.2018-05-22not yet calculatedCVE-2018-11365
MISCreadstat -- readstat
*sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.2018-05-22not yet calculatedCVE-2018-11364
MISCsap -- internet_transaction_server
*SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.2018-05-24not yet calculatedCVE-2018-11415
MISC
EXPLOIT-DBsimplisafe -- simplisafe_original
*In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.2018-05-24not yet calculatedCVE-2018-11400
MISCsimplisafe -- simplisafe_original
*SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.2018-05-24not yet calculatedCVE-2018-11399
MISCsimplisafe -- simplisafe_original
*SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.2018-05-24not yet calculatedCVE-2018-11402
MISCsimplisafe -- simplisafe_original
*In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.2018-05-24not yet calculatedCVE-2018-11401
MISCskycaiji -- skycaiji
*SkyCaiji 1.2 allows CSRF to add an Administrator user.2018-05-22not yet calculatedCVE-2018-11371
MISCsquare_enix -- final_fantasy_xiv
*ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.2018-05-23not yet calculatedCVE-2018-7295
MISCtrend_micro -- email_encryption_gateway
*A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10352
CONFIRM
MISCtrend_micro -- email_encryption_gateway
*An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10355
CONFIRM
MISCtrend_micro -- email_encryption_gateway
*A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10354
CONFIRM
MISCtrend_micro -- email_encryption_gateway
*A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10353
CONFIRM
MISCtrend_micro -- email_encryption_gateway
*A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10351
CONFIRM
MISCtrend_micro -- email_encryption_gateway
*A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10356
CONFIRM
MISCtrend_micro -- endpoint_application_control
*A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10357
CONFIRM
MISCtrend_micro -- maximum_security
*An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6235
CONFIRM
MISCtrend_micro -- maximum_security
*A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6236
CONFIRM
MISCtrend_micro -- maximum_security
*A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6233
CONFIRM
MISCtrend_micro -- maximum_security
*A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6232
CONFIRM
MISCtrend_micro -- maximum_security
*An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6234
CONFIRM
MISCtrend_micro -- smart_protection_server
*A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.2018-05-25not yet calculatedCVE-2018-6237
CONFIRM
MISCtrend_micro -- smart_protection_server
*A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-10350
CONFIRM
MISCvim-syntastic/syntastic -- vim-syntastic/syntastic


*Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed.2018-05-20not yet calculatedCVE-2018-11319
MISC
MISC
MISCvmware -- fusion
*VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.2018-05-22not yet calculatedCVE-2018-6962
BID
SECTRACK
CONFIRMvmware -- workstation
*VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.2018-05-22not yet calculatedCVE-2018-6963
BID
SECTRACK
CONFIRMwindscribe -- windscribe
*The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.2018-05-25not yet calculatedCVE-2018-11479
MISCwindscribe -- windscribe
*Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.2018-05-23not yet calculatedCVE-2018-11334
MISCwireshark -- wireshark
*In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.2018-05-22not yet calculatedCVE-2018-11358
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.2018-05-22not yet calculatedCVE-2018-11356
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.2018-05-22not yet calculatedCVE-2018-11357
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.2018-05-22not yet calculatedCVE-2018-11355
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.2018-05-22not yet calculatedCVE-2018-11362
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.2018-05-22not yet calculatedCVE-2018-11360
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.2018-05-22not yet calculatedCVE-2018-11359
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.2018-05-22not yet calculatedCVE-2018-11361
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.2018-05-22not yet calculatedCVE-2018-11354
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpress
*init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.2018-05-22not yet calculatedCVE-2018-11366
MISC
MISC
MISC
MISCwuzhi_cms -- wuzhi_cms
*An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.2018-05-26not yet calculatedCVE-2018-11493
@#812#Back to top
This product is provided subject to this Notification and this Privacy & Use policy.




More...
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 04:23 AM.


Powered by vBulletin, Jelsoft Enterprises Ltd.