Weekly Vulnerabilities Reports > April 30 to May 6, 2018
Overview
180 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 45 high severity vulnerabilities. This weekly summary report vulnerabilities in 261 products from 94 vendors including Cisco, Redhat, IBM, F5, and Flexense. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", and "Improper Authentication".
- 141 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities have public exploit available.
- 53 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 128 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Progress has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-05-04 | CVE-2018-10251 | Sierrawireless | Insecure Default Initialization of Resource vulnerability in Sierrawireless Aleos A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 10.0 |
2018-05-04 | CVE-2018-8869 | Lantech | Improper Input Validation vulnerability in Lantech IDS 2102 Firmware In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. | 10.0 |
2018-05-04 | CVE-2018-8865 | Lantech | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lantech IDS 2102 Firmware In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. | 10.0 |
2018-05-03 | CVE-2018-10718 | Activision | Out-of-bounds Write vulnerability in Activision Call of Duty Modern Warfare 2 Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets. | 10.0 |
2018-05-02 | CVE-2018-0258 | Cisco | Path Traversal vulnerability in Cisco products A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. | 10.0 |
2018-05-02 | CVE-2018-0253 | Cisco | Improper Input Validation vulnerability in Cisco Secure Access Control System 5.8/5.8(0.8) A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. | 10.0 |
2018-05-05 | CVE-2018-10753 | Moinejf Debian Fedoraproject | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 9.8 |
2018-05-01 | CVE-2018-8939 | Progress | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). | 9.8 |
2018-05-01 | CVE-2018-8938 | Progress | Code Injection vulnerability in Progress Whatsup Gold A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). | 9.8 |
2018-05-04 | CVE-2018-8872 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Triconex Tricon MP 3008 Firmware In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. | 9.3 |
2018-05-02 | CVE-2018-8115 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Host Compute Service Shim A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute. | 9.3 |
2018-05-01 | CVE-2018-9232 | Twsz | Improper Authentication vulnerability in Twsz Be126 Firmware Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. | 9.3 |
2018-05-04 | CVE-2017-15043 | Sierrawireless | Improper Input Validation vulnerability in Sierrawireless products A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 9.0 |
2018-05-02 | CVE-2018-10577 | Watchguard | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 9.0 |
45 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-05-04 | CVE-2018-10750 | D Link | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 EU 1.01 devices. | 8.8 |
2018-05-04 | CVE-2018-10749 | D Link | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 EU 1.01 devices. | 8.8 |
2018-05-04 | CVE-2018-10748 | D Link | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 EU 1.01 devices. | 8.8 |
2018-05-04 | CVE-2018-10747 | D Link | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 EU 1.01 devices. | 8.8 |
2018-05-04 | CVE-2018-10746 | D Link | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 EU 1.01 devices. | 8.8 |
2018-05-03 | CVE-2018-10713 | D Link | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 EU 1.01 devices. | 8.8 |
2018-05-01 | CVE-2013-0185 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Manageiq Enterprise Virtualization Manager Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 8.8 |
2018-05-01 | CVE-2017-17020 | Dlink | OS Command Injection vulnerability in Dlink products On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | 8.8 |
2018-04-30 | CVE-2018-1102 | Redhat | Improper Input Validation vulnerability in Redhat Openshift A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. | 8.8 |
2018-04-30 | CVE-2018-5234 | Symantec | Unspecified vulnerability in Symantec Norton Core Firmware The Norton Core router prior to v237 may be susceptible to a command injection exploit. | 8.3 |
2018-05-04 | CVE-2018-10641 | Dlink | Improper Authentication vulnerability in Dlink Dir-601 Firmware 1.02Na D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. | 8.1 |
2018-05-02 | CVE-2018-0252 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.8 |
2018-05-02 | CVE-2018-0234 | Cisco | Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.4(100.0)/8.5(103.0)/8.5(105.0) A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.8 |
2018-05-02 | CVE-2018-10675 | Linux Redhat Canonical | Use After Free vulnerability in multiple products The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | 7.8 |
2018-05-02 | CVE-2018-5512 | F5 | Unspecified vulnerability in F5 products On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. | 7.8 |
2018-05-05 | CVE-2018-10723 | Rangerstudio | Use of Hard-coded Credentials vulnerability in Rangerstudio Directus 6.4.9 Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. | 7.5 |
2018-05-05 | CVE-2018-10757 | CSP Mysql User Manager Project | SQL Injection vulnerability in CSP Mysql User Manager Project CSP Mysql User Manager 2.3.1 CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. | 7.5 |
2018-05-04 | CVE-2018-10740 | Axublog | Code Injection vulnerability in Axublog 1.1.0 Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. | 7.5 |
2018-05-04 | CVE-2018-10562 | Dasannetworks | OS Command Injection vulnerability in Dasannetworks Gpon Router Firmware An issue was discovered on Dasan GPON home routers. | 7.5 |
2018-05-04 | CVE-2018-10561 | Dasannetworks | Improper Authentication vulnerability in Dasannetworks Gpon Router Firmware An issue was discovered on Dasan GPON home routers. | 7.5 |
2018-05-03 | CVE-2018-10666 | Auroradao | Unspecified vulnerability in Auroradao Idex Membership The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. | 7.5 |
2018-05-02 | CVE-2016-10722 | Partclone Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Partclone Project Partclone partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. | 7.5 |
2018-05-02 | CVE-2016-10721 | Partclone | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Partclone 0.2.87 partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. | 7.5 |
2018-05-02 | CVE-2018-10685 | Long Range ZIP Project | Use After Free vulnerability in Long Range ZIP Project Long Range ZIP 0.631 In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 7.5 |
2018-05-02 | CVE-2018-9919 | TP Shop | Server-Side Request Forgery (SSRF) vulnerability in Tp-Shop A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter. | 7.5 |
2018-05-02 | CVE-2018-10578 | Watchguard | Improper Input Validation vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 7.5 |
2018-05-02 | CVE-2017-1601 | IBM | Weak Password Requirements vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
2018-05-02 | CVE-2018-6401 | Meross | Use of Hard-coded Credentials vulnerability in Meross Mss110 Firmware Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password. | 7.5 |
2018-05-01 | CVE-2016-10036 | Jfrog | Unrestricted Upload of File with Dangerous Type vulnerability in Jfrog Artifactory Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | 7.5 |
2018-05-01 | CVE-2018-6589 | CA | Unspecified vulnerability in CA Spectrum CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
2018-05-01 | CVE-2017-18264 | Phpmyadmin Debian | An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. | 7.5 |
2018-05-01 | CVE-2018-10583 | Libreoffice Apache Debian Redhat Canonical | Information Exposure vulnerability in multiple products An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | 7.5 |
2018-04-30 | CVE-2018-10575 | Watchguard | Use of Hard-coded Credentials vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. | 7.5 |
2018-04-30 | CVE-2018-1183 | Dell | XXE vulnerability in Dell products In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. | 7.5 |
2018-04-30 | CVE-2018-10574 | Bigtreecms | Code Injection vulnerability in Bigtreecms Bigtree CMS site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | 7.5 |
2018-04-30 | CVE-2017-2591 | Fedoraproject Redhat | Out-of-bounds Read vulnerability in multiple products 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. | 7.5 |
2018-05-04 | CVE-2018-8857 | Philips | Use of Hard-coded Credentials vulnerability in Philips products Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.2 |
2018-05-04 | CVE-2018-8853 | Philips | Improper Privilege Management vulnerability in Philips products Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. | 7.2 |
2018-05-04 | CVE-2018-7522 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Triconex Tricon MP 3008 Firmware In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. | 7.2 |
2018-05-04 | CVE-2018-10722 | Cylance | Link Following vulnerability in Cylance Cylanceprotect In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses. | 7.2 |
2018-05-02 | CVE-2018-10647 | Safervpn | Incorrect Permission Assignment for Critical Resource vulnerability in Safervpn 4.2.5 SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. | 7.2 |
2018-05-02 | CVE-2018-10646 | Cyberghostvpn | Incorrect Permission Assignment for Critical Resource vulnerability in Cyberghostvpn Cyberghost 6.5.0.3180 CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. | 7.2 |
2018-05-02 | CVE-2018-10645 | Goldenfrog | Incorrect Permission Assignment for Critical Resource vulnerability in Goldenfrog Vyprvpn 2.12.1.8015 Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. | 7.2 |
2018-05-01 | CVE-2018-6242 | Nvidia | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Tegra Bootrom RCM Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). | 7.2 |
2018-04-30 | CVE-2018-9310 | Magnicomp Linux | Unspecified vulnerability in Magnicomp Sysinfo An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). | 7.2 |
93 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-05-04 | CVE-2017-3775 | Lenovo | Improper Authentication vulnerability in Lenovo products Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. | 6.9 |
2018-05-04 | CVE-2018-7509 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Wplsoft 2.45.0 WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. | 6.8 |
2018-05-04 | CVE-2018-7507 | Deltaww | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Wplsoft 2.45.0 WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | 6.8 |
2018-05-04 | CVE-2018-7494 | Deltaww | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Wplsoft 2.45.0 WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | 6.8 |
2018-05-04 | CVE-2018-8861 | Philips | Unspecified vulnerability in Philips products Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system. | 6.8 |
2018-05-03 | CVE-2018-10166 | TP Link | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. | 6.8 |
2018-05-03 | CVE-2018-10717 | Miniupnp Project | Out-of-bounds Write vulnerability in Miniupnp Project Ngiflib 0.4 The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677. | 6.8 |
2018-05-02 | CVE-2018-0287 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meetings Online T30/T32.7 A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 6.8 |
2018-05-02 | CVE-2018-0264 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. | 6.8 |
2018-05-02 | CVE-2018-0262 | Cisco | Unspecified vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. | 6.8 |
2018-05-02 | CVE-2018-10115 | 7 ZIP | Use of Uninitialized Resource vulnerability in 7-Zip Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 6.8 |
2018-05-02 | CVE-2018-10677 | Miniupnp Project | Out-of-bounds Write vulnerability in Miniupnp Project Ngiflib 0.4 The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file. | 6.8 |
2018-05-02 | CVE-2013-6272 | Improper Access Control vulnerability in Google Android The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application. | 6.8 | |
2018-04-30 | CVE-2018-7891 | Milestonesys Siemens | Deserialization of Untrusted Data vulnerability in multiple products The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution. | 6.8 |
2018-05-03 | CVE-2018-10168 | TP Link | Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. | 6.5 |
2018-05-02 | CVE-2018-1104 | Redhat | Code Injection vulnerability in Redhat Ansible Tower and Cloudforms Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 6.5 |
2018-05-02 | CVE-2018-1101 | Redhat | Weak Password Requirements vulnerability in Redhat Ansible Tower and Cloudforms Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. | 6.5 |
2018-05-02 | CVE-2018-10642 | Combodo | Code Injection vulnerability in Combodo Itop Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | 6.5 |
2018-05-01 | CVE-2018-10260 | Hrsale Project | Improper Input Validation vulnerability in Hrsale Project Hrsale 1.0.2 A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | 6.5 |
2018-05-01 | CVE-2018-10258 | Codeslab | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codeslab Shopy Point of Sale 1.0 A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 6.5 |
2018-05-01 | CVE-2018-10257 | Hrsale Project | Improper Neutralization of Formula Elements in a CSV File vulnerability in Hrsale Project Hrsale 1.0.2 A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 6.5 |
2018-05-01 | CVE-2018-10256 | Hrsale Project | SQL Injection vulnerability in Hrsale Project Hrsale 1.0.2 A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query. | 6.5 |
2018-05-01 | CVE-2018-10255 | Clustercoding | Improper Neutralization of Formula Elements in a CSV File vulnerability in Clustercoding Blog Master PRO 1.0.0 A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 6.5 |
2018-04-30 | CVE-2018-10573 | Open EMR | Unspecified vulnerability in Open-Emr Openemr interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter. | 6.5 |
2018-05-02 | CVE-2018-9302 | Getcockpit | Server-Side Request Forgery (SSRF) vulnerability in Getcockpit Cockpit SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. | 6.4 |
2018-05-02 | CVE-2018-5515 | F5 | Improper Input Validation vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. | 6.3 |
2018-05-06 | CVE-2018-10686 | Vestacp | Cross-site Scripting vulnerability in Vestacp Control Panel 0.9.820 An issue was discovered in Vesta Control Panel 0.9.8-20. | 6.1 |
2018-05-02 | CVE-2018-0235 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software 8.6(1.106)/8.6(1.114) A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 6.1 |
2018-05-02 | CVE-2018-10680 | Zblogcn | Cross-site Scripting vulnerability in Zblogcn Z-Blogphp 1.5.2 Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. | 6.1 |
2018-04-30 | CVE-2017-9658 | Philips | Improper Handling of Exceptional Conditions vulnerability in Philips Intellivue Mx40 Firmware Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. | 6.1 |
2018-04-30 | CVE-2017-17318 | Huawei | Improper Input Validation vulnerability in Huawei E5771H-937 Firmware V200R001B328D62Sp00C1133 Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. | 6.1 |
2018-05-03 | CVE-2018-10167 | TP Link | Use of Hard-coded Credentials vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. | 6.0 |
2018-05-02 | CVE-2018-0226 | Cisco | Unspecified vulnerability in Cisco Mobility Express Software 8.3(90.65)/8.4(1.65) A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point. | 6.0 |
2018-05-05 | CVE-2018-10758 | Datenstrom | Cross-Site Request Forgery (CSRF) vulnerability in Datenstrom Yellow 0.7.3 The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | 5.8 |
2018-05-04 | CVE-2018-10229 | Google Mozilla LG | Information Exposure vulnerability in multiple products A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | 5.8 |
2018-05-04 | CVE-2013-2233 | Redhat | Key Management Errors vulnerability in Redhat Ansible Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | 5.8 |
2018-05-03 | CVE-2018-4849 | Siemens | Improper Certificate Validation vulnerability in Siemens Siveillance VMS Video A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). | 5.8 |
2018-04-30 | CVE-2018-7901 | Huawei | Unspecified vulnerability in Huawei Alp-Al00B Firmware and Bla-Al00B Firmware RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. | 5.8 |
2018-04-30 | CVE-2017-18262 | Blackboard | Improper Input Validation vulnerability in Blackboard Learn 9.1 Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | 5.8 |
2018-05-03 | CVE-2018-10689 | Blktrace Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Blktrace Project Blktrace 1.2.0 blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. | 5.5 |
2018-05-02 | CVE-2018-5519 | F5 | Unspecified vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. | 5.5 |
2018-05-01 | CVE-2018-10581 | Octopus | Information Exposure vulnerability in Octopus Deploy In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. | 5.5 |
2018-04-30 | CVE-2018-10572 | Open EMR | Unspecified vulnerability in Open-Emr Openemr interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters. | 5.5 |
2018-05-04 | CVE-2018-10726 | Datenstrom | Cross-site Scripting vulnerability in Datenstrom Yellow 0.7.3 A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. | 5.4 |
2018-05-04 | CVE-2018-9154 | Jasper Project | Improper Input Validation vulnerability in Jasper Project Jasper 2.0.14 There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | 5.0 |
2018-05-03 | CVE-2018-8003 | Apache | Path Traversal vulnerability in Apache Ambari Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. | 5.0 |
2018-05-02 | CVE-2018-0288 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings Online T31.20/T31.20.2 A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. | 5.0 |
2018-05-02 | CVE-2018-0286 | Cisco | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS XR 6.3.1/6.3.2/6.5.1 A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. | 5.0 |
2018-05-02 | CVE-2018-0283 | Cisco | Cleartext Transmission of Sensitive Information vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. | 5.0 |
2018-05-02 | CVE-2018-0281 | Cisco | Cleartext Transmission of Sensitive Information vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. | 5.0 |
2018-05-02 | CVE-2018-0245 | Cisco | Improper Privilege Management vulnerability in Cisco Wireless LAN Controller Software 8.3(133.0)/8.5(105.0) A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. | 5.0 |
2018-05-02 | CVE-2018-10676 | Tbkvision | Unspecified vulnerability in Tbkvision Tbk-Dvr4104 Firmware and Tbk-Dvr4216 Firmware CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. | 5.0 |
2018-05-02 | CVE-2018-10657 | Matrix | Improper Input Validation vulnerability in Matrix Synapse Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. | 5.0 |
2018-05-02 | CVE-2017-4952 | Vmware | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Xenon VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. | 5.0 |
2018-05-02 | CVE-2018-5517 | F5 | Improper Input Validation vulnerability in F5 products On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. | 5.0 |
2018-05-02 | CVE-2018-5514 | F5 | Improper Input Validation vulnerability in F5 products On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. | 5.0 |
2018-05-02 | CVE-2017-1255 | IBM | Inadequate Encryption Strength vulnerability in IBM Security Guardium IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
2018-05-02 | CVE-2018-10544 | Meross | Improper Authentication vulnerability in Meross Mss110 Firmware Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. | 5.0 |
2018-05-01 | CVE-2013-2049 | Redhat | Session Fixation vulnerability in Redhat Cloudforms Management Engine 2.0 Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | 5.0 |
2018-04-30 | CVE-2018-10550 | Octopus | Improper Privilege Management vulnerability in Octopus Deploy In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | 5.0 |
2018-05-02 | CVE-2018-5516 | F5 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. | 4.7 |
2018-05-04 | CVE-2018-9063 | Lenovo | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Update MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. | 4.6 |
2018-05-01 | CVE-2018-9336 | Openvpn Slackware | Double Free vulnerability in multiple products openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. | 4.6 |
2018-04-30 | CVE-2018-10576 | Watchguard | Improper Authentication vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. | 4.6 |
2018-04-30 | CVE-2018-8839 | Deltaww | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Pmsoft 2.10 Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. | 4.6 |
2018-05-06 | CVE-2018-10768 | Freedesktop Canonical Debian Redhat | NULL Pointer Dereference vulnerability in multiple products There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. | 4.3 |
2018-05-06 | CVE-2018-10767 | Gnome Redhat | Out-of-bounds Read vulnerability in multiple products There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. | 4.3 |
2018-05-06 | CVE-2018-0494 | GNU Canonical Debian Redhat | Improper Input Validation vulnerability in multiple products GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | 4.3 |
2018-05-04 | CVE-2011-0704 | Fedoraproject | Improper Input Validation vulnerability in Fedoraproject 389 Directory Server 1.2.7.5 389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. | 4.3 |
2018-05-04 | CVE-2018-10733 | Gnome Redhat Opensuse | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. | 4.3 |
2018-05-02 | CVE-2018-0278 | Cisco | Incorrect Authorization vulnerability in Cisco Firepower Management Center A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. | 4.3 |
2018-05-02 | CVE-2018-8900 | Gemalto | Cross-site Scripting vulnerability in Gemalto Sentinel LDK RTE The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability. | 4.3 |
2018-05-02 | CVE-2018-10568 | Flexense | Cross-site Scripting vulnerability in Flexense Disksorter XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | 4.3 |
2018-05-02 | CVE-2018-10567 | Flexense | Cross-site Scripting vulnerability in Flexense VX Search XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | 4.3 |
2018-05-02 | CVE-2018-10566 | Flexense | Cross-site Scripting vulnerability in Flexense Dupscout XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | 4.3 |
2018-05-02 | CVE-2018-10565 | Flexense | Cross-site Scripting vulnerability in Flexense Disksavvy XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | 4.3 |
2018-05-02 | CVE-2018-10564 | Flexense | Cross-site Scripting vulnerability in Flexense Diskpulse XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | 4.3 |
2018-05-02 | CVE-2018-10563 | Flexense | Cross-site Scripting vulnerability in Flexense Syncbreeze An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | 4.3 |
2018-05-02 | CVE-2018-10294 | Flexense | Cross-site Scripting vulnerability in Flexense Diskboss 9.1.16 Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. | 4.3 |
2018-05-02 | CVE-2018-10665 | Ilias | Cross-site Scripting vulnerability in Ilias 5.3.4 ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | 4.3 |
2018-05-01 | CVE-2013-4201 | Katello | Permission Issues vulnerability in Katello Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | 4.3 |
2018-05-01 | CVE-2017-5535 | Tibco | Inadequate Encryption Strength vulnerability in Tibco Datasynapse Gridserver Manager The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. | 4.3 |
2018-05-01 | CVE-2018-10371 | Wunderfarm | Cross-site Scripting vulnerability in Wunderfarm WF Cookie Consent 1.1.3 An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. | 4.3 |
2018-04-30 | CVE-2018-10571 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | 4.3 |
2018-04-30 | CVE-2017-17314 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. | 4.3 |
2018-04-30 | CVE-2018-0711 | Qnap | Cross-site Scripting vulnerability in Qnap QTS Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | 4.3 |
2018-05-01 | CVE-2013-4035 | IBM | Cryptographic Issues vulnerability in IBM Sterling Connect IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. | 4.1 |
2018-05-04 | CVE-2017-1743 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. | 4.0 |
2018-05-02 | CVE-2018-0285 | Cisco | Resource Exhaustion vulnerability in Cisco Prime Service Catalog 11.1.2 A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. | 4.0 |
2018-05-02 | CVE-2018-1468 | IBM | Information Exposure vulnerability in IBM API Connect 5.0.8.1/5.0.8.2 IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. | 4.0 |
2018-04-30 | CVE-2018-1277 | Cloudfoundry | Resource Exhaustion vulnerability in Cloudfoundry Cf-Deployment and Garden-Runc Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. | 4.0 |
2018-04-30 | CVE-2018-1389 | IBM | Unspecified vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. | 4.0 |
2018-04-30 | CVE-2018-10553 | Nagios | Path Traversal vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 4.0 |
28 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-05-04 | CVE-2012-5628 | Gofer Project | Permission Issues vulnerability in Gofer Project Gofer 0.68 gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | 3.6 |
2018-05-01 | CVE-2013-0159 | Fedoraproject | Link Following vulnerability in Fedoraproject Fedora 17/18 The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | 3.6 |
2018-05-05 | CVE-2018-10752 | Tagregator Project | Cross-site Scripting vulnerability in Tagregator Project Tagregator 0.6 The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | 3.5 |
2018-05-03 | CVE-2018-10165 | TP Link | Cross-site Scripting vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. | 3.5 |
2018-05-03 | CVE-2018-10164 | TP Link | Cross-site Scripting vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. | 3.5 |
2018-05-02 | CVE-2018-5520 | F5 | Incorrect Authorization vulnerability in F5 products On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. | 3.5 |
2018-05-01 | CVE-2018-10259 | Hrsale Project | Cross-site Scripting vulnerability in Hrsale Project Hrsale 1.0.2 An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | 3.5 |
2018-05-01 | CVE-2017-5536 | Tibco | Cross-site Scripting vulnerability in Tibco Datasynapse Gridserver Manager The GridServer Broker, and GridServer Director components of TIBCO Software Inc. | 3.5 |
2018-05-01 | CVE-2018-10365 | Threads TO Link Project | Cross-site Scripting vulnerability in Threads TO Link Project Threads TO Link 1.3 An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. | 3.5 |
2018-05-01 | CVE-2018-1502 | IBM | Cross-site Scripting vulnerability in IBM Content Manager 8.4.3/8.5 IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. | 3.5 |
2018-04-30 | CVE-2018-1000172 | Imagely | Cross-site Scripting vulnerability in Imagely Nextgen Gallery Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. | 3.5 |
2018-04-30 | CVE-2018-10364 | Bigtreecms | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | 3.5 |
2018-04-30 | CVE-2018-10570 | Frogcms Project | Cross-site Scripting vulnerability in Frogcms Project Frogcms 0.9.5 Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | 3.5 |
2018-04-30 | CVE-2018-1430 | IBM | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. | 3.5 |
2018-04-30 | CVE-2018-10554 | Nagios | Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 3.5 |
2018-05-02 | CVE-2018-0249 | Cisco | Unspecified vulnerability in Cisco Aironet Access Point Software 8.2(161.0) A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. | 3.3 |
2018-05-02 | CVE-2018-0247 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. | 3.3 |
2018-04-30 | CVE-2017-9657 | Philips | Improper Handling of Exceptional Conditions vulnerability in Philips Intellivue Mx40 Firmware Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. | 3.3 |
2018-05-04 | CVE-2018-5448 | Medtronic | Path Traversal vulnerability in Medtronic 2090 Carelink Programmer Firmware All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system. | 2.7 |
2018-05-02 | CVE-2018-0250 | Cisco | Protection Mechanism Failure vulnerability in Cisco Aironet Access Point Software 8.2(160.0)/8.4(100.0)/8.7(1.3) A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). | 2.7 |
2018-05-02 | CVE-2018-5518 | F5 | Unspecified vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. | 2.3 |
2018-05-04 | CVE-2018-5446 | Medtronic | Insufficiently Protected Credentials vulnerability in Medtronic 2090 Carelink Programmer Firmware All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network. | 2.1 |
2018-05-04 | CVE-2018-10739 | 2345 Security Guard Project | Unspecified vulnerability in 2345 Security Guard Project 2345 Security Guard 3.7.0 An issue was discovered in Shanghai 2345 Security Guard 3.7.0. | 2.1 |
2018-05-03 | CVE-2018-10716 | 2345 Security Guard Project | Unspecified vulnerability in 2345 Security Guard Project 2345 Security Guard 3.7 An issue was discovered in Shanghai 2345 Security Guard 3.7.0. | 2.1 |
2018-05-01 | CVE-2013-4209 | Redhat | Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. | 2.1 |
2018-05-01 | CVE-2017-14014 | Bostonscientific | Use of Hard-coded Credentials vulnerability in Bostonscientific Zoom Latitude PRM 3120 Firmware Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. | 2.1 |
2018-05-01 | CVE-2017-14012 | Bostonscientific | Missing Encryption of Sensitive Data vulnerability in Bostonscientific Zoom Latitude PRM 3120 Firmware Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. | 2.1 |
2018-05-01 | CVE-2013-4040 | IBM | Permission Issues vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. | 2.1 |