|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB18-162: Vulnerability Summary for the Week of June 4, 2018
SB18-162: Vulnerability Summary for the Week of June 4, 2018 06-11-2018 03:39 AM Original release date: June 11, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned
Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info11xiaoli -- 11xiaoli *11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16160 MISC MISC22lixian -- 22lixian *22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16162 MISC MISC360class.jansenhm -- 360class.jansenhm *360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16186 MISC MISC3rd-eden -- useragent *Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.2018-06-04not yet calculatedCVE-2017-16030 MISC626 -- 626 *626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.2018-06-06not yet calculatedCVE-2018-3727 MISCabb -- ip_gateway *In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.2018-06-06not yet calculatedCVE-2017-7906 BID MISCabb -- ip_gateway *In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.2018-06-06not yet calculatedCVE-2017-7933 BID MISCabb -- ip_gateway *In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.2018-06-06not yet calculatedCVE-2017-7931 BID MISCablankenship10 -- goserv *goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16133 MISC MISCag-grid -- ag-grid *ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.2018-06-04not yet calculatedCVE-2017-16009 MISC MISC MISCallen_bradley -- micrologix *An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability.2018-06-04not yet calculatedCVE-2017-12092 MISCangular-http-server -- angular-http-server *angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.2018-06-06not yet calculatedCVE-2018-3713 MISCapache -- mxnet *The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.2018-06-08not yet calculatedCVE-2018-1281 CONFIRMapache -- storm *Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.2018-06-05not yet calculatedCVE-2018-1332 BID CONFIRMapache -- storm *Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.2018-06-05not yet calculatedCVE-2018-8008 BID CONFIRMapple -- ios_and_macos_and_icloud_and_itunes_and_tvos_and_w atchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.2018-06-08not yet calculatedCVE-2018-4224 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_icloud_and_itunes_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.2018-06-08not yet calculatedCVE-2018-4226 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_icloud_and_itunes_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.2018-06-08not yet calculatedCVE-2018-4225 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_tvos_and_watchosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.2018-06-08not yet calculatedCVE-2018-4240 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.2018-06-08not yet calculatedCVE-2018-4198 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.2018-06-08not yet calculatedCVE-2018-4223 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.2018-06-08not yet calculatedCVE-2018-4243 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DBapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.2018-06-08not yet calculatedCVE-2018-4241 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DBapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.2018-06-08not yet calculatedCVE-2018-4206 BID BID SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DBapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.2018-06-08not yet calculatedCVE-2018-4249 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2018-06-08not yet calculatedCVE-2018-4211 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.2018-06-08not yet calculatedCVE-2018-4237 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_macos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.2018-06-08not yet calculatedCVE-2018-4221 SECTRACK CONFIRM CONFIRMapple -- ios_and_macos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.2018-06-08not yet calculatedCVE-2018-4202 SECTRACK CONFIRM CONFIRMapple -- ios_and_macos *An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.2018-06-08not yet calculatedCVE-2018-4187 BID BID SECTRACK CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.2018-06-08not yet calculatedCVE-2018-4200 BID SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU EXPLOIT-DBapple -- ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4204 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.2018-06-08not yet calculatedCVE-2018-4232 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.2018-06-08not yet calculatedCVE-2018-4222 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DBapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.2018-06-08not yet calculatedCVE-2018-4214 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4201 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.2018-06-08not yet calculatedCVE-2018-4246 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.2018-06-08not yet calculatedCVE-2018-4218 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DBapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4233 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos_and_ watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.2018-06-08not yet calculatedCVE-2018-4192 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.2018-06-08not yet calculatedCVE-2018-4190 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios_and_safari_and_icloud_and_itunes_and_tvos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4199 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- ios *An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.2018-06-08not yet calculatedCVE-2018-4250 SECTRACK CONFIRMapple -- ios *An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri.2018-06-08not yet calculatedCVE-2018-4252 SECTRACK CONFIRMapple -- ios *An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri.2018-06-08not yet calculatedCVE-2018-4244 SECTRACK CONFIRMapple -- ios *An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted app.2018-06-08not yet calculatedCVE-2018-4215 SECTRACK CONFIRMapple -- ios *An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image.2018-06-08not yet calculatedCVE-2018-4239 SECTRACK CONFIRMapple -- ios *An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.2018-06-08not yet calculatedCVE-2018-4238 SECTRACK CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.2018-06-08not yet calculatedCVE-2018-4171 SECTRACK CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4242 SECTRACK CONFIRMapple -- macos_and_tvos_and_watchos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.2018-06-08not yet calculatedCVE-2018-4235 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4193 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.2018-06-08not yet calculatedCVE-2018-4253 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.2018-06-08not yet calculatedCVE-2018-4229 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.2018-06-08not yet calculatedCVE-2018-4228 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4236 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.2018-06-08not yet calculatedCVE-2018-4196 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.2018-06-08not yet calculatedCVE-2018-4227 SECTRACK MISC CONFIRM CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2018-06-08not yet calculatedCVE-2018-4159 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2018-06-08not yet calculatedCVE-2018-4234 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.2018-06-08not yet calculatedCVE-2018-4219 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2018-06-08not yet calculatedCVE-2018-4141 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.2018-06-08not yet calculatedCVE-2018-4184 SECTRACK CONFIRMapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.2018-06-08not yet calculatedCVE-2018-4230 SECTRACK MISC CONFIRM EXPLOIT-DBapple -- macos *An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.2018-06-08not yet calculatedCVE-2018-4251 SECTRACK CONFIRMapple -- safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.2018-06-08not yet calculatedCVE-2018-4188 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMapple -- safari *An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.2018-06-08not yet calculatedCVE-2018-4205 SECTRACK CONFIRMapple -- safari *An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4247 BID SECTRACK CONFIRM CONFIRM MISCapple -- swift *An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.2018-06-08not yet calculatedCVE-2018-4220 BID CONFIRMaprendecondedos -- dedos-web *In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation.2018-06-05not yet calculatedCVE-2018-10813 MISC MISCarthur-zhang -- node-bsdiff-android *node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-04not yet calculatedCVE-2016-10641 MISCaugustine -- augustine *augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.2018-06-04not yet calculatedCVE-2017-0930 MISCbabelcli -- babelcli *babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-06-06not yet calculatedCVE-2017-16060 MISCbeaconmedaes -- totalalert_scroll_medical_air_systems_web_applicat ion *In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.2018-06-06not yet calculatedCVE-2018-7510 MISCbear-qv -- ex *exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error.2018-06-06not yet calculatedCVE-2017-16130 MISC MISCbetterjs -- badjs-sourcemap-server *`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-04not yet calculatedCVE-2017-16036 MISC MISCbird -- internet_routing_daemon *BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.2018-06-08not yet calculatedCVE-2018-12066 CONFIRM CONFIRM CONFIRM CONFIRMbitfu -- uc-httpd-1.0.0-buffer-overflow-exploit *Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.2018-06-08not yet calculatedCVE-2018-10088 MISC EXPLOIT-DBbitjson -- slimerjs-edge *slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10644 MISCblakeembrey -- no-case *The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.2018-06-06not yet calculatedCVE-2017-16099 MISC MISCbmeck -- node-sfml *sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-04not yet calculatedCVE-2016-10654 MISCbotbait -- botbait *The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install)2018-06-06not yet calculatedCVE-2017-16126 MISCbouncy_castle -- bc_and_bc-fja *Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.2018-06-05not yet calculatedCVE-2018-1000180 CONFIRM CONFIRM CONFIRM MISCbouncy_castle -- jce_providerIn the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.2018-06-04not yet calculatedCVE-2016-1000341 CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.2018-06-04not yet calculatedCVE-2016-1000346 CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.2018-06-04not yet calculatedCVE-2016-1000339 CONFIRM CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.2018-06-04not yet calculatedCVE-2016-1000344 CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.2018-06-04not yet calculatedCVE-2016-1000345 CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.2018-06-04not yet calculatedCVE-2016-1000343 CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.2018-06-04not yet calculatedCVE-2016-1000340 CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.2018-06-04not yet calculatedCVE-2016-1000342 CONFIRMbouncy_castle -- jce_provider *In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.2018-06-04not yet calculatedCVE-2016-1000352 CONFIRMbrianc -- node-postgres *A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.2018-06-06not yet calculatedCVE-2017-16082 MISC MISCbrit95 -- lab6 *lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16140 MISC MISCbroofa -- node-mime *The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.2018-06-06not yet calculatedCVE-2017-16138 MISC MISCbrother -- hl-l2340d_printers_and_hl-l2380dw_printers *Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.2018-06-01not yet calculatedCVE-2018-11581 MISC EXPLOIT-DBbyucslabsix -- byucslabsix *byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16166 MISC MISCcalmquist.static-server -- calmquist.static-server *calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16165 MISC MISCcanon -- lbp6030w_web_interface *A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.2018-06-07not yet calculatedCVE-2018-12049 MISCcanon -- lbp7110cw_web_interface *A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.2018-06-07not yet calculatedCVE-2018-12048 MISCcanon -- mf210_and_mf220_web_interface *A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device.2018-06-04not yet calculatedCVE-2018-11711 MISC EXPLOIT-DBcanon -- multiple_devices *An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus.2018-06-04not yet calculatedCVE-2018-11692 MISC EXPLOIT-DBcaolan -- forms *Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting2018-06-04not yet calculatedCVE-2017-16015 MISC MISCcaolilinode -- caolilinode *caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16159 MISC MISCcedced19 -- fast-http *fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16155 MISC MISCcensorify.tanisjr -- censorify.tanisjr *censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16157 MISC MISCcharset -- charset *charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.2018-06-06not yet calculatedCVE-2017-16098 MISC MISCchatbyvista -- chatbyvista *chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16177 MISC MISCcisco -- 6800_and_7800_and_8800_series_ip_phones *A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.2018-06-07not yet calculatedCVE-2018-0316 CONFIRMcisco -- adaptive_security_appliance *A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.2018-06-07not yet calculatedCVE-2018-0296 CONFIRMcisco -- anyconnect_network_access_manager_and_anyconnect_s ecure_mobility_client *A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.2018-06-07not yet calculatedCVE-2018-0334 CONFIRMcisco -- appdynamics_app_iq_platform *The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.2018-06-08not yet calculatedCVE-2018-0225 CONFIRMcisco -- firesight_system_software *A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerability is due to incorrect management of the configured interface names and VPN parameters when dynamic CLI configuration changes are performed. An attacker could exploit this vulnerability by sending packets through an interface on the targeted device. A successful exploit could allow the attacker to bypass configured VPN policies. Cisco Bug IDs: CSCvh49388.2018-06-07not yet calculatedCVE-2018-0333 BID CONFIRMcisco -- identity_services_engine *A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.2018-06-07not yet calculatedCVE-2018-0339 CONFIRMcisco -- integrated_management_controller_supervisor_softwa re_and_ ucs_director_software *A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.2018-06-07not yet calculatedCVE-2018-0149 CONFIRMcisco -- ios_xe_software *A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380.2018-06-07not yet calculatedCVE-2018-0315 BID CONFIRMcisco -- meeting_server *A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.2018-06-07not yet calculatedCVE-2018-0263 BID CONFIRMcisco -- multiple_productsMultiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.2018-06-07not yet calculatedCVE-2017-6779 CONFIRMcisco -- network_services_orchestrator *A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.2018-06-07not yet calculatedCVE-2018-0274 CONFIRMcisco -- node-jose *node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.2018-06-04not yet calculatedCVE-2017-16007 MISC MISC MISC MISCcisco -- prime_collaboration_provisioningA vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.2018-06-07not yet calculatedCVE-2018-0319 CONFIRMcisco -- prime_collaboration_provisioning *A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.2018-06-07not yet calculatedCVE-2018-0335 CONFIRMcisco -- prime_collaboration_provisioning *A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61754.2018-06-07not yet calculatedCVE-2018-0320 BID CONFIRMcisco -- prime_collaboration_provisioning *A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.2018-06-07not yet calculatedCVE-2018-0336 CONFIRMcisco -- prime_collaboration_provisioning *A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd61746.2018-06-07not yet calculatedCVE-2018-0321 BID CONFIRMcisco -- prime_collaboration_provisioning *A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779.2018-06-07not yet calculatedCVE-2018-0322 CONFIRMcisco -- prime_collaboration_provisioning *A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245.2018-06-07not yet calculatedCVE-2018-0318 CONFIRMcisco -- prime_collaboration_provisioning *A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvc90286.2018-06-07not yet calculatedCVE-2018-0317 CONFIRMcisco -- unified_communications_manager *A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.2018-06-07not yet calculatedCVE-2018-0340 CONFIRMcisco -- unified_communications_manager *A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.2018-06-07not yet calculatedCVE-2018-0355 CONFIRMcisco -- unified_computing_system *A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.2018-06-07not yet calculatedCVE-2018-0338 CONFIRMcisco -- unified_ip_phone_software *A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.2018-06-07not yet calculatedCVE-2018-0332 CONFIRMcisco -- unity_connection *A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvf76417.2018-06-07not yet calculatedCVE-2018-0354 CONFIRMcisco -- web_security_appliance *A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875.2018-06-07not yet calculatedCVE-2018-0353 BID CONFIRMcisco -- webex *A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi63757.2018-06-07not yet calculatedCVE-2018-0356 BID CONFIRMcisco -- webex *A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274.2018-06-07not yet calculatedCVE-2018-0357 BID CONFIRMcisco -- wide_area_application_services_software *A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673.2018-06-07not yet calculatedCVE-2018-0352 CONFIRMcisco -- wide_area_application_services *A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137.2018-06-07not yet calculatedCVE-2018-0329 CONFIRMcitypredict.whauwiller -- citypredict.whauwiller *citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16104 MISC MISCclang-extra -- clang-extra *The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10655 MISCcloud_foundry -- diego *Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.2018-06-06not yet calculatedCVE-2018-1265 CONFIRMcloud_foundry -- loggregator *Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.2018-06-06not yet calculatedCVE-2018-1268 CONFIRMcloud_foundry -- loggregator *Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.2018-06-06not yet calculatedCVE-2018-1269 CONFIRMcloudpub-redis -- cloudpub-redis *cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10672 MISCco-cli-installer -- co-cli-installer *co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-04not yet calculatedCVE-2016-10657 MISCcofee-script -- cofee-script *The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16206 MISCcofeescript -- cofeescript *The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16202 MISCcoffe-script -- coffe-script *The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16205 MISCcoffe-script -- coffe-script *The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.2018-06-06not yet calculatedCVE-2017-16203 MISCcommentapp.stetsonwood -- commentapp.stetsonwood *commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16143 MISC MISCcreatiwity -- witycms *A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.2018-06-08not yet calculatedCVE-2018-12065 MISC MISCcrestron -- mulitple_devices *Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).2018-06-07not yet calculatedCVE-2018-11229 CONFIRMcrestron -- mulitple_devices *Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).2018-06-07not yet calculatedCVE-2018-11228 CONFIRMcross-env.js -- cross-env.js *cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-06-06not yet calculatedCVE-2017-16081 MISCcrossenv -- crossenv *crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-06-06not yet calculatedCVE-2017-16074 MISCcuciuci -- cuciuci *cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16122 MISC MISCcyber-js -- cyber-js *cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16093 MISC MISCcypserver -- cypserver *cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16191 MISC MISCdanlevan -- bracket-template bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template2018-06-06not yet calculatedCVE-2018-3735 MISCdasafio -- dasafio *dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files.2018-06-06not yet calculatedCVE-2017-16179 MISC MISCdatachannel-client -- datachannel-clientdatachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16121 MISC MISCdcdcdcdcdc -- dcdcdcdcdc *dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16190 MISC MISCdckt -- localhost-now *localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.2018-06-06not yet calculatedCVE-2018-3729 MISCdcserver -- dcserver *dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16158 MISC MISCdedecms -- dedecms *DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.2018-06-07not yet calculatedCVE-2018-12045 MISCdedecms -- dedecms *DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.2018-06-07not yet calculatedCVE-2018-12046 MISCdesafio -- desafio *desafio a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files.2018-06-06not yet calculatedCVE-2017-16164 MISC MISCdgard8 -- lab6 dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16218 MISC MISCdiscordi.js -- discordi.js *discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.2018-06-06not yet calculatedCVE-2017-16207 MISCdisplaylink -- core_software_cleaner_application *An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.2018-06-05not yet calculatedCVE-2018-7884 FULLDISCdmmcquay.lab6 -- dmmcquay.lab6 *dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16208 MISC MISCdodo -- node-slug slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.2018-06-06not yet calculatedCVE-2017-16117 MISC MISCdrewfus -- lab6 *lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16141 MISC MISCduyetdev -- static-html-server static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16152 MISC MISCdylmomo -- dylmomo *dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16163 MISC MISCearlybird -- earlybird *earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16154 MISC MISCeasyquick -- easyquick *easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not supported" error.2018-06-06not yet calculatedCVE-2017-16109 MISC MISCeclipse -- mosquitto *In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.2018-06-05not yet calculatedCVE-2017-7654 CONFIRMeclipse -- mosquitto *The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.2018-06-05not yet calculatedCVE-2017-7653 CONFIRMeeems -- pooledwebsocket *pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16107 MISC MISCelding -- elding *elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.2018-06-06not yet calculatedCVE-2017-16222 MISC MISCelectron -- electron *Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.2018-06-06not yet calculatedCVE-2017-16151 MISC MISCemreovunc -- eaton-intelligent-power-manager-local *Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.2018-06-07not yet calculatedCVE-2018-12031 MISCems -- master_calendarData input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.2018-06-01not yet calculatedCVE-2018-11628 MISC MISC EXPLOIT-DBenserver -- enserver *enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-06-06not yet calculatedCVE-2017-16209 MISC MISCerming -- shout *Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 |
Sponsored Links |
|