Weekly Vulnerabilities Reports > May 14 to 20, 2018

Overview

327 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 306 products from 108 vendors including Foxitsoftware, Adobe, Microsoft, Apple, and Moxa. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Cross-site Scripting", "Use After Free", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 298 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 89 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 268 reported vulnerabilities are exploitable by an anonymous user.
  • Foxitsoftware has the most reported vulnerabilities, with 81 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 17 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

34 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-19 CVE-2018-4944 Adobe
Apple
Linux
Microsoft
Redhat
Google
Incorrect Type Conversion OR Cast vulnerability in Adobe Flash Player

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability.

10.0
2018-05-19 CVE-2018-4939 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability.

10.0
2018-05-19 CVE-2018-4937 Adobe
Apple
Linux
Microsoft
Google
Out-Of-Bounds Write vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability.

10.0
2018-05-19 CVE-2018-4935 Adobe
Microsoft
Apple
Google
Linux
Out-Of-Bounds Write vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability.

10.0
2018-05-19 CVE-2018-4924 Adobe
Microsoft
OS Command Injection vulnerability in Adobe Dreamweaver

Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability.

10.0
2018-05-19 CVE-2018-4920 Adobe
Apple
Linux
Microsoft
Google
Incorrect Type Conversion OR Cast vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability.

10.0
2018-05-19 CVE-2018-4919 Adobe
Apple
Linux
Microsoft
Google
USE After Free vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability.

10.0
2018-05-19 CVE-2018-4918 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe products

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability.

10.0
2018-05-19 CVE-2018-4917 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe products

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability.

10.0
2018-05-19 CVE-2017-11308 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe products

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability.

10.0
2018-05-19 CVE-2017-11307 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe products

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability.

10.0
2018-05-19 CVE-2017-11306 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe products

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability.

10.0
2018-05-19 CVE-2017-11253 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe products

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability.

10.0
2018-05-19 CVE-2017-11250 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe products

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability.

10.0
2018-05-19 CVE-2017-11240 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe products

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability.

10.0
2018-05-17 CVE-2018-7218 Citrix Unspecified vulnerability in Citrix products

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2018-05-17 CVE-2018-0268 Cisco Improperly Implemented Security Check for Standard vulnerability in Cisco Digital Network Architecture Center 1.1.2/1.1.3

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges.

10.0
2018-05-17 CVE-2018-0222 Cisco USE of Hard-Coded Credentials vulnerability in Cisco Digital Network Architecture Center 1.1.2

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials.

10.0
2018-05-15 CVE-2018-11094 Intelbras USE of Hard-Coded Credentials vulnerability in Intelbras Ncloud 300 Firmware 1.0

An issue was discovered on Intelbras NCLOUD 300 1.0 devices.

10.0
2018-05-14 CVE-2018-11031 Gouguoyin Server-Side Request Forgery (SSRF) vulnerability in Gouguoyin PHPrap

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

10.0
2018-05-19 CVE-2018-4928 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Indesign

Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability.

9.3
2018-05-17 CVE-2018-10731 Phoenixcontact Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phoenixcontact products

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

9.3
2018-05-19 CVE-2018-4932 Adobe
Apple
Linux
Microsoft
Google
USE After Free vulnerability in Adobe Flash Player

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability.

9.0
2018-05-18 CVE-2018-10967 D Link OS Command Injection vulnerability in D-Link Dir-550A Firmware and Dir-604M Firmware

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.

9.0
2018-05-17 CVE-2018-10730 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

9.0
2018-05-17 CVE-2018-0279 Cisco OS Command Injection vulnerability in Cisco Enterprise NFV Infrastructure Software 3.7.1

A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device.

9.0
2018-05-16 CVE-2018-10123 Intenogroup Unspecified vulnerability in Intenogroup Iopsys Firmware

p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.

9.0
2018-05-14 CVE-2018-11091 Mybiz Unrestricted Upload of File With Dangerous Type vulnerability in Mybiz Myprocurenet 5.0.0

An issue was discovered in MyBiz MyProcureNet 5.0.0.

9.0
2018-05-14 CVE-2017-14434 Moxa OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

9.0
2018-05-14 CVE-2017-14433 Moxa OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

9.0
2018-05-14 CVE-2017-14432 Moxa OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

9.0
2018-05-14 CVE-2017-12125 Moxa OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

9.0
2018-05-14 CVE-2017-12121 Moxa OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

9.0
2018-05-14 CVE-2017-12120 Moxa OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

9.0

21 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-20 CVE-2018-11319 Syntastic Project
Debian
Path Traversal vulnerability in multiple products

Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root).

8.5
2018-05-17 CVE-2018-1111 Fedoraproject
Redhat
OS Command Injection vulnerability in multiple products

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client.

7.9
2018-05-18 CVE-2018-8867 GE Improper Input Validation vulnerability in GE products

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

7.8
2018-05-19 CVE-2018-4991 Adobe Improper Certificate Validation vulnerability in Adobe Creative Cloud

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability.

7.5
2018-05-18 CVE-2018-11248 Liulishuo Path Traversal vulnerability in Liulishuo Filedownloader 1.7.3

util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name.

7.5
2018-05-18 CVE-2018-11236 GNU
Redhat
Oracle
Netapp
Integer Overflow OR Wraparound vulnerability in multiple products

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

7.5
2018-05-18 CVE-2017-18269 GNU
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Glibc

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation.

7.5
2018-05-18 CVE-2018-10968 D Link Insecure Default Initialization of Resource vulnerability in D-Link Dir-550A Firmware and Dir-604M Firmware

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.

7.5
2018-05-17 CVE-2018-0271 Cisco Improper Authentication vulnerability in Cisco Digital Network Architecture Center

A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services.

7.5
2018-05-16 CVE-2018-8014 Apache
Canonical
Debian
Netapp
Microsoft
Insecure Default Initialization of Resource vulnerability in multiple products

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins.

7.5
2018-05-16 CVE-2018-11210 Tinyxml2 Project Out-Of-Bounds Read vulnerability in Tinyxml2 Project Tinyxml2 6.2.0

** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so.

7.5
2018-05-16 CVE-2018-10759 Projectpier SQL Injection vulnerability in Projectpier

PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.

7.5
2018-05-15 CVE-2018-8845 Advantech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.

7.5
2018-05-15 CVE-2018-7505 Advantech Unrestricted Upload of File With Dangerous Type vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.

7.5
2018-05-15 CVE-2018-7499 Advantech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.

7.5
2018-05-15 CVE-2018-7497 Advantech Null Pointer Dereference vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.

7.5
2018-05-15 CVE-2018-10589 Advantech Path Traversal vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.

7.5
2018-05-14 CVE-2018-10990 Arris Insufficient Session Expiration vulnerability in Arris Tg1682G Firmware 9.1.103J6

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes").

7.5
2018-05-14 CVE-2018-11032 Gouguoyin SQL Injection vulnerability in Gouguoyin PHPrap

PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.

7.5
2018-05-18 CVE-2017-18273 Imagemagick
Debian
Canonical
Infinite Loop vulnerability in multiple products

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.

7.1
2018-05-18 CVE-2017-18271 Imagemagick
Canonical
Debian
Infinite Loop vulnerability in multiple products

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.

7.1

246 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-19 CVE-2018-4943 Adobe Improper Input Validation vulnerability in Adobe Push Notifications

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability.

6.8
2018-05-19 CVE-2018-4927 Adobe
Apple
Microsoft
Untrusted Search Path vulnerability in Adobe Indesign

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability.

6.8
2018-05-18 CVE-2018-11243 UPX Project Double Free vulnerability in UPX Project UPX 3.95

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.

6.8
2018-05-17 CVE-2018-1434 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2018-05-17 CVE-2018-11130 Vcftools Project USE After Free vulnerability in Vcftools Project Vcftools 0.1.15

The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.

6.8
2018-05-17 CVE-2018-11129 Vcftools Project USE After Free vulnerability in Vcftools Project Vcftools 0.1.15

The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.

6.8
2018-05-17 CVE-2018-11128 Pdfparser Out-Of-Bounds Write vulnerability in Pdfparser

The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.

6.8
2018-05-17 CVE-2018-10728 Phoenixcontact Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phoenixcontact products

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).

6.8
2018-05-17 CVE-2018-9982 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9981 Foxitsoftware Access of Uninitialized Pointer vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9977 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9975 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9974 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9970 Foxitsoftware Improper Input Validation vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9969 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9968 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9967 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9966 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9965 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9964 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9962 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9961 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9960 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9959 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9958 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9957 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9956 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9955 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9954 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9953 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9952 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-9951 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9949 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9947 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9945 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9944 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9943 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9942 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9941 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9940 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9939 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9938 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9937 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9936 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-9935 Foxitsoftware Improper Input Validation vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2018-05-17 CVE-2018-1180 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-1178 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-1177 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-1176 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-1173 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10495 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10494 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-05-17 CVE-2018-10491 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10490 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10489 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10488 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10484 Foxitsoftware Access of Uninitialized Pointer vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10483 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10477 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10474 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-10473 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-05-17 CVE-2018-7160 Nodejs Authentication Bypass BY Spoofing vulnerability in Nodejs Node.Js

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution.

6.8
2018-05-17 CVE-2018-11230 Jbig2Enc Project USE After Free vulnerability in Jbig2Enc Project Jbig2Enc 0.29

jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.

6.8
2018-05-17 CVE-2018-11226 Libming Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libming

The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

6.8
2018-05-17 CVE-2018-11225 Libming Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libming

The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

6.8
2018-05-17 CVE-2018-0270 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOT Field Network Director 4.2(0.4)

A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device.

6.8
2018-05-15 CVE-2018-11126 Doorgets Cross-Site Request Forgery (CSRF) vulnerability in Doorgets 7.0

dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.

6.8
2018-05-15 CVE-2018-11100 Libming Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libming

The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

6.8
2018-05-15 CVE-2018-11095 Libming Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libming

The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

6.8
2018-05-14 CVE-2017-12126 Moxa Cross-Site Request Forgery (CSRF) vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

6.8
2018-05-14 CVE-2018-10252 Actiontec Session Fixation vulnerability in Actiontec Wcb6200Q Firmware

An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices.

6.8
2018-05-14 CVE-2018-0580 Celsys Untrusted Search Path vulnerability in Celsys products

Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2018-05-14 CVE-2018-11033 Xpdfreader Buffer Errors vulnerability in Xpdfreader Xpdf 4.00

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.

6.8
2018-05-18 CVE-2018-1000400 Kubernetes Improper Privilege Management vulnerability in Kubernetes Cri-O

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have.

6.5
2018-05-18 CVE-2018-9250 Open EMR SQL Injection vulnerability in Open-Emr Openemr

interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.

6.5
2018-05-17 CVE-2018-1462 IBM Incorrect Authorization vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service.

6.5
2018-05-16 CVE-2018-10760 Projectpier Unrestricted Upload of File With Dangerous Type vulnerability in Projectpier

Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.

6.5
2018-05-16 CVE-2018-10738 Nagios SQL Injection vulnerability in Nagios XI

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.

6.5
2018-05-16 CVE-2018-10737 Nagios SQL Injection vulnerability in Nagios XI

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.

6.5
2018-05-16 CVE-2018-10736 Nagios SQL Injection vulnerability in Nagios XI

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.

6.5
2018-05-16 CVE-2018-10735 Nagios SQL Injection vulnerability in Nagios XI

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.

6.5
2018-05-15 CVE-2018-1262 Pivotal Software Unspecified vulnerability in Pivotal Software products

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation.

6.5
2018-05-15 CVE-2017-2608 Jenkins Deserialization of Untrusted Data vulnerability in Jenkins

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

6.5
2018-05-15 CVE-2018-1131 Infinispan
Redhat
Deserialization of Untrusted Data vulnerability in multiple products

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations.

6.5
2018-05-15 CVE-2018-11098 Frog CMS Project Unrestricted Upload of File With Dangerous Type vulnerability in Frog CMS Project Frog CMS 0.9.5

An issue was discovered in Frog CMS 0.9.5.

6.5
2018-05-14 CVE-2018-0568 Sitebridge Unrestricted Upload of File With Dangerous Type vulnerability in Sitebridge Joruri GW

Unrestricted file upload vulnerability in SiteBridge Inc.

6.5
2018-05-20 CVE-2018-11311 Myscada USE of Hard-Coded Credentials vulnerability in Myscada Mypro 7.0

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.

6.4
2018-05-19 CVE-2018-4923 Adobe OS Command Injection vulnerability in Adobe Connect

Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection.

6.4
2018-05-15 CVE-2018-7495 Advantech Path Traversal vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.

6.4
2018-05-14 CVE-2018-0588 Ultimatemember Path Traversal vulnerability in Ultimatemember User Profile & Membership

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

6.4
2018-05-14 CVE-2018-11035 2345 CC Improper Input Validation vulnerability in 2345.Cc Security Guard 3.7

In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.

6.1
2018-05-14 CVE-2018-11034 2345 CC Improper Input Validation vulnerability in 2345.Cc Security Guard 3.7

In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.

6.1
2018-05-17 CVE-2018-11119 Ilias Open Redirect vulnerability in Ilias

ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.

5.8
2018-05-16 CVE-2018-11206 Hdfgroup Out-Of-Bounds Read vulnerability in Hdfgroup Hdf5 1.10.2

An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library.

5.8
2018-05-16 CVE-2018-11205 Hdfgroup Out-Of-Bounds Read vulnerability in Hdfgroup Hdf5 1.10.2

A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library.

5.8
2018-05-15 CVE-2017-2613 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins.

5.8
2018-05-15 CVE-2017-2612 Jenkins Incorrect Permission Assignment FOR Critical Resource vulnerability in Jenkins

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

5.5
2018-05-15 CVE-2017-2815 Igniterealtime XXE vulnerability in Igniterealtime User Import Export 2.6.0

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0.

5.5
2018-05-19 CVE-2018-11239 Hexagontoken Integer Overflow OR Wraparound vulnerability in Hexagontoken Hexagon

An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the "burnOverflow" issue.

5.0
2018-05-19 CVE-2018-4994 Adobe Unspecified vulnerability in Adobe Connect

Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability.

5.0
2018-05-19 CVE-2018-4942 Adobe XXE vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability.

5.0
2018-05-19 CVE-2018-4936 Adobe
Apple
Linux
Microsoft
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability.

5.0
2018-05-19 CVE-2018-4934 Adobe
Apple
Linux
Microsoft
Google
Out-Of-Bounds Read vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability.

5.0
2018-05-19 CVE-2018-4925 Adobe
Apple
Google
Microsoft
Information Exposure vulnerability in Adobe Digital Editions

Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability.

5.0
2018-05-18 CVE-2018-6562 Totemo Insufficient Verification of Data Authenticity vulnerability in Totemo Totemomail Encryption Gateway

totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack.

5.0
2018-05-18 CVE-2018-8015 Apache Uncontrolled Recursion vulnerability in Apache ORC

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser.

5.0
2018-05-18 CVE-2018-11244 Dopewp Unspecified vulnerability in Dopewp BBE Theme

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.

5.0
2018-05-18 CVE-2018-5256 Redhat Information Exposure vulnerability in Redhat Tectonic

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server.

5.0
2018-05-17 CVE-2018-1438 IBM Information Exposure vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system.

5.0
2018-05-17 CVE-2018-1433 IBM Information Exposure vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system.

5.0
2018-05-17 CVE-2018-10729 Phoenixcontact Information Exposure vulnerability in Phoenixcontact products

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.

5.0
2018-05-17 CVE-2018-7159 Nodejs Improper Input Validation vulnerability in Nodejs Node.Js

The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`.

5.0
2018-05-17 CVE-2018-7158 Nodejs Improper Input Validation vulnerability in Nodejs Node.Js

The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector.

5.0
2018-05-17 CVE-2018-0325 Cisco Improper Input Validation vulnerability in Cisco IP Phone 7800 Firmware and IP Phone 8800 Firmware

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone.

5.0
2018-05-17 CVE-2018-0297 Cisco Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense

A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic.

5.0
2018-05-17 CVE-2018-0290 Cisco Unspecified vulnerability in Cisco Socialminer 11.6(1)

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system.

5.0
2018-05-17 CVE-2018-0280 Cisco Improper Input Validation vulnerability in Cisco Meeting Server

A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

5.0
2018-05-17 CVE-2018-0277 Cisco Improper Certificate Validation vulnerability in Cisco Identity Services Engine

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system.

5.0
2018-05-16 CVE-2018-4850 Siemens Unspecified vulnerability in Siemens Simatic S7-400 Firmware and Simatic S7-400H Firmware

A vulnerability has been identified in SIMATIC S7-400 (incl.

5.0
2018-05-16 CVE-2018-10240 Solarwinds Insufficient Entropy vulnerability in Solarwinds Serv-U 15.1.6

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie.

5.0
2018-05-16 CVE-2018-5231 Atlassian Unspecified vulnerability in Atlassian Jira

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.

5.0
2018-05-15 CVE-2018-7503 Advantech Path Traversal vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.

5.0
2018-05-15 CVE-2018-7501 Advantech SQL Injection vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.

5.0
2018-05-15 CVE-2018-10590 Advantech File and Directory Information Exposure vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.

5.0
2018-05-15 CVE-2018-11102 Libav Buffer Errors vulnerability in Libav 12.3

An issue was discovered in Libav 12.3.

5.0
2018-05-15 CVE-2018-11097 Cstring Project Missing Release of Resource After Effective Lifetime vulnerability in Cstring Project Cstring 20161109

An issue was discovered in cloudwu/cstring through 2016-11-09.

5.0
2018-05-14 CVE-2017-14439 Moxa Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.

5.0
2018-05-14 CVE-2017-14438 Moxa Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.

5.0
2018-05-14 CVE-2017-14437 Moxa Null Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

5.0
2018-05-14 CVE-2017-14436 Moxa Null Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

5.0
2018-05-14 CVE-2017-14435 Moxa Null Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

5.0
2018-05-14 CVE-2017-12128 Moxa Information Exposure vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317.

5.0
2018-05-14 CVE-2017-12124 Moxa Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

5.0
2018-05-14 CVE-2017-6021 Aveva
Schneider Electric
Improper Input Validation vulnerability in multiple products

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate.

5.0
2018-05-18 CVE-2018-11232 Linux Improper Input Validation vulnerability in Linux Kernel

The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.

4.9
2018-05-15 CVE-2018-3634 Intel Improper Input Validation vulnerability in Intel Online Connect Access 1.9.22.0

Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access.

4.9
2018-05-19 CVE-2018-4992 Adobe Improper Input Validation vulnerability in Adobe Creative Cloud

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability.

4.6
2018-05-19 CVE-2018-4938 Adobe Uncontrolled Search Path Element vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability.

4.6
2018-05-19 CVE-2018-4873 Adobe Unquoted Search Path OR Element vulnerability in Adobe Creative Cloud

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability.

4.6
2018-05-18 CVE-2018-11237 GNU
Redhat
Oracle
Netapp
Out-Of-Bounds Write vulnerability in multiple products

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

4.6
2018-05-17 CVE-2018-5827 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.

4.6
2018-05-17 CVE-2018-3568 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.

4.6
2018-05-17 CVE-2018-3567 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.

4.6
2018-05-17 CVE-2017-15855 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space.

4.6
2018-05-17 CVE-2018-10027 Estsoft Untrusted Search Path vulnerability in Estsoft Alzip 8.0/8.12/8.21

ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.

4.6
2018-05-17 CVE-2018-0324 Cisco OS Command Injection vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.6.2/3.7.1

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack.

4.6
2018-05-15 CVE-2018-8841 Advantech Improper Privilege Management vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.

4.6
2018-05-15 CVE-2018-1087 Linux
Canonical
Debian
Redhat
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions.
4.6
2018-05-19 CVE-2018-4941 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability.

4.3
2018-05-19 CVE-2018-4940 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability.

4.3
2018-05-19 CVE-2018-4931 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability.

4.3
2018-05-19 CVE-2018-4930 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability.

4.3
2018-05-19 CVE-2018-4929 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability.

4.3
2018-05-19 CVE-2018-4926 Adobe
Apple
Google
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Digital Editions

Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability.

4.3
2018-05-19 CVE-2018-4921 Adobe Unrestricted Upload of File With Dangerous Type vulnerability in Adobe Connect

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability.

4.3
2018-05-18 CVE-2018-11256 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

An issue was discovered in PoDoFo 0.9.5.

4.3
2018-05-18 CVE-2018-11255 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

An issue was discovered in PoDoFo 0.9.5.

4.3
2018-05-18 CVE-2018-11254 Podofo Project Uncontrolled Recursion vulnerability in Podofo Project Podofo 0.9.5

An issue was discovered in PoDoFo 0.9.5.

4.3
2018-05-18 CVE-2018-11251 Imagemagick Out-Of-Bounds Read vulnerability in Imagemagick

In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.

4.3
2018-05-18 CVE-2017-18272 Imagemagick USE After Free vulnerability in Imagemagick

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

4.3
2018-05-18 CVE-2018-11245 Misp Project Cross-Site Scripting vulnerability in Misp-Project Misp 2.4.91

app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.

4.3
2018-05-18 CVE-2018-10307 Ilias Cross-Site Scripting vulnerability in Ilias

error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.

4.3
2018-05-18 CVE-2018-10306 Ilias Cross-Site Scripting vulnerability in Ilias

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.

4.3
2018-05-17 CVE-2018-11101 Signal Cross-Site Scripting vulnerability in Signal Signal-Desktop

Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994.

4.3
2018-05-17 CVE-2018-11099 Vcftools Project Out-Of-Bounds Read vulnerability in Vcftools Project Vcftools 0.1.15

The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file.

4.3
2018-05-17 CVE-2018-9984 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9983 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader 9.0.0.29935

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9980 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9979 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9978 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9976 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9973 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049.

4.3
2018-05-17 CVE-2018-9972 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049.

4.3
2018-05-17 CVE-2018-9971 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader 9.0.1.104

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.104.

4.3
2018-05-17 CVE-2018-9963 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049.

4.3
2018-05-17 CVE-2018-9950 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9948 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-9946 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-1179 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-1175 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-1174 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10493 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049.

4.3
2018-05-17 CVE-2018-10492 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10487 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10486 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10485 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10482 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10481 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10480 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10479 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10478 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10476 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-10475 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935.

4.3
2018-05-17 CVE-2018-11120 Ilias Cross-Site Scripting vulnerability in Ilias

Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.

4.3
2018-05-17 CVE-2018-11118 Ilias Cross-Site Scripting vulnerability in Ilias

The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.

4.3
2018-05-17 CVE-2018-11117 Ilias Cross-Site Scripting vulnerability in Ilias

Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.

4.3
2018-05-17 CVE-2017-18268 Symantec Information Exposure Through Discrepancy vulnerability in Symantec Intelligencecenter 3.3

Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack.

4.3
2018-05-17 CVE-2017-15533 Symantec Information Exposure Through Discrepancy vulnerability in Symantec SSL Visibility

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack.

4.3
2018-05-17 CVE-2018-11224 Libav Buffer Errors vulnerability in Libav 12.3

An issue was discovered in Libav 12.3.

4.3
2018-05-17 CVE-2018-0328 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

4.3
2018-05-17 CVE-2018-0327 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software 2.1(0.905)

A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

4.3
2018-05-17 CVE-2018-0326 Cisco Protection Mechanism Failure vulnerability in Cisco Telepresence Tx9000 Firmware 10.0(2.98000.99)

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software.

4.3
2018-05-17 CVE-2018-0289 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.223)

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.

4.3
2018-05-16 CVE-2018-1172 Squid Cache Null Pointer Dereference vulnerability in Squid-Cache Squid 3.5.27

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318.

4.3
2018-05-16 CVE-2017-17689 9Folders
Apple
Bloop
Emclient
Flipdogsolutions
Freron
Gnome
Google
Horde
IBM
KDE
Microsoft
Mozilla
Postbox INC
R2Mail2
Ritlabs
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
4.3
2018-05-16 CVE-2017-17688 Apple
Bloop
Emclient
Flipdogsolutions
Freron
Horde
Microsoft
Mozilla
Postbox INC
R2Mail2
Roundcube
** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
4.3
2018-05-16 CVE-2018-11214 IJG
Debian
Canonical
An issue was discovered in libjpeg 9a.
4.3
2018-05-16 CVE-2018-11213 IJG
Debian
Canonical
An issue was discovered in libjpeg 9a.
4.3
2018-05-16 CVE-2018-11212 IJG
Debian
Canonical
Netapp
Oracle
Redhat
Opensuse
Divide BY Zero vulnerability in multiple products

An issue was discovered in libjpeg 9a and 9d.

4.3
2018-05-16 CVE-2018-11207 Hdfgroup Divide BY Zero vulnerability in Hdfgroup Hdf5 1.10.2

A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library.

4.3
2018-05-16 CVE-2018-11204 Hdfgroup Null Pointer Dereference vulnerability in Hdfgroup Hdf5 1.10.2

A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library.

4.3
2018-05-16 CVE-2018-11203 Hdfgroup Divide BY Zero vulnerability in Hdfgroup Hdf5 1.10.2

A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library.

4.3
2018-05-16 CVE-2018-11202 Hdfgroup Null Pointer Dereference vulnerability in Hdfgroup Hdf5 1.10.2

A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library.

4.3
2018-05-16 CVE-2018-10810 Livezilla Cross-Site Scripting vulnerability in Livezilla

chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.

4.3
2018-05-15 CVE-2018-11127 E107 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.7

e107 2.1.7 has CSRF resulting in arbitrary user deletion.

4.3
2018-05-15 CVE-2018-11105 WP Livechat Cross-Site Scripting vulnerability in Wp-Livechat WP Live Chat Support

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator.

4.3
2018-05-14 CVE-2018-11090 Mybiz Cross-Site Scripting vulnerability in Mybiz Myprocurenet 5.0.0

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0.

4.3
2018-05-14 CVE-2018-10994 Signal Cross-Site Scripting vulnerability in Signal Signal-Desktop

js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.

4.3
2018-05-14 CVE-2018-8843 Rockwellautomation USE After Free vulnerability in Rockwellautomation Arena

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data..

4.3
2018-05-14 CVE-2018-5230 Atlassian Cross-Site Scripting vulnerability in Atlassian Jira

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

4.3
2018-05-14 CVE-2018-0591 T JOY Improper Certificate Validation vulnerability in T-Joy Kinepass

The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

4.3
2018-05-14 CVE-2018-0583 Asus Cross-Site Scripting vulnerability in Asus Rt-Ac1200Hp Firmware

Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-05-14 CVE-2018-0582 Asus Cross-Site Scripting vulnerability in Asus Rt-Ac68U Firmware

Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-05-14 CVE-2018-0581 Asus Cross-Site Scripting vulnerability in Asus Rt-Ac87U Firmware 3.0.0.4.378.3754

Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-05-14 CVE-2018-0579 Webdados Cross-Site Scripting vulnerability in Webdados Open Graph FOR Facebook, Google+ and Twitter Card Tags

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-05-14 CVE-2017-16860 Atlassian Cross-Site Scripting vulnerability in Atlassian Application Links

The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.

4.3
2018-05-14 CVE-2018-11037 Exiv2 Information Exposure vulnerability in Exiv2 0.26

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.

4.3
2018-05-14 CVE-2018-10944 Rasputinonline Unspecified vulnerability in Rasputinonline Rasputin Online Coin

The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.

4.3
2018-05-20 CVE-2018-11242 Makemytrip Cleartext Storage of Sensitive Information vulnerability in Makemytrip 7.2.4

An issue was discovered in the MakeMyTrip application 7.2.4 for Android.

4.0
2018-05-19 CVE-2018-4933 Adobe
Apple
Linux
Microsoft
Google
Out-Of-Bounds Read vulnerability in Adobe Flash Player

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability.

4.0
2018-05-18 CVE-2018-1148 Tenable Session Fixation vulnerability in Tenable Nessus

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application.

4.0
2018-05-17 CVE-2018-1464 IBM Information Exposure vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read.

4.0
2018-05-17 CVE-2018-1463 IBM Incorrect Authorization vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials.

4.0
2018-05-17 CVE-2018-1276 Pivotal Software Information Exposure vulnerability in Pivotal Software Windows Stemcells

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere.

4.0
2018-05-17 CVE-2018-0323 Cisco Path Traversal vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.7.1

A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system.

4.0
2018-05-16 CVE-2018-11209 Zblogcn USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Zblogcn Z-Blogphp 2.0.0

** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0.

4.0
2018-05-16 CVE-2018-10241 Solarwinds Null Pointer Dereference vulnerability in Solarwinds Serv-U 15.1.6

A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.

4.0
2018-05-15 CVE-2017-2604 Jenkins Improper Authentication vulnerability in Jenkins

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

4.0
2018-05-15 CVE-2017-2602 Jenkins Security Bypass vulnerability in Jenkins

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem.

4.0
2018-05-15 CVE-2018-1263 Pivotal Software Path Traversal vulnerability in Pivotal Software Spring Integration ZIP

Addresses partial fix in CVE-2018-1261.

4.0
2018-05-15 CVE-2017-2600 Jenkins Information Exposure vulnerability in Jenkins

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API.

4.0
2018-05-15 CVE-2018-3611 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.

4.0
2018-05-14 CVE-2018-0590 Ultimatemember Unspecified vulnerability in Ultimatemember User Profile & Membership

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.

4.0
2018-05-14 CVE-2018-0589 Ultimatemember Unspecified vulnerability in Ultimatemember User Profile & Membership

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.

4.0
2018-05-14 CVE-2018-0587 Ultimatemember Unrestricted Upload of File With Dangerous Type vulnerability in Ultimatemember User Profile & Membership

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

4.0
2018-05-14 CVE-2018-0586 Ultimatemember Path Traversal vulnerability in Ultimatemember User Profile & Membership

Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

4.0

26 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-18 CVE-2017-18270 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.

3.6
2018-05-17 CVE-2018-8714 Honeywell Information Exposure vulnerability in Honeywell Matrikonopc Explorer

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries.

3.6
2018-05-18 CVE-2018-1147 Tenable Cross-Site Scripting vulnerability in Tenable Nessus

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation.

3.5
2018-05-17 CVE-2018-1466 IBM Inadequate Encryption Strength vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

3.5
2018-05-17 CVE-2018-1465 IBM Information Exposure vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible.

3.5
2018-05-17 CVE-2018-1461 IBM Cross-Site Scripting vulnerability in IBM products

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting.

3.5
2018-05-17 CVE-2018-10326 Printeron Cross-Site Scripting vulnerability in Printeron 4.1.3

PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest.

3.5
2018-05-16 CVE-2018-11208 Zblogcn Cross-Site Scripting vulnerability in Zblogcn Z-Blogphp 2.0.0

** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0.

3.5
2018-05-15 CVE-2017-2610 Jenkins Cross-Site Scripting vulnerability in Jenkins

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).

3.5
2018-05-15 CVE-2017-2603 Jenkins Information Exposure vulnerability in Jenkins

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API.

3.5
2018-05-14 CVE-2018-10989 Arris Insecure Default Initialization of Resource vulnerability in Arris Tg1682G Firmware 9.1.103J6

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network.

3.5
2018-05-14 CVE-2018-0585 Ultimatemember Cross-Site Scripting vulnerability in Ultimatemember Ultimate Member

Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-05-14 CVE-2018-0578 Pixelyoursite Cross-Site Scripting vulnerability in Pixelyoursite

Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-05-14 CVE-2018-0577 Google MAP Project Cross-Site Scripting vulnerability in Google MAP Project Google MAP

Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-05-14 CVE-2018-0576 WP Events Plugin Cross-Site Scripting vulnerability in Wp-Events-Plugin Events Manager

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-05-20 CVE-2018-11315 Radiothermostat Improper Input Validation vulnerability in Radiothermostat Ct50 Firmware and Ct80 Firmware

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack.

3.3
2018-05-14 CVE-2017-12123 Moxa Insufficiently Protected Credentials vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317.

3.3
2018-05-15 CVE-2018-10825 Mimobaby Improper Authentication vulnerability in Mimobaby Mimo Baby 2 Firmware

Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack.

2.9
2018-05-14 CVE-2017-12129 Moxa USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Moxa Edr-810 Firmware 4.1

An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.

2.9
2018-05-15 CVE-2018-10591 Advantech Session Fixation vulnerability in Advantech products

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.

2.6
2018-05-18 CVE-2018-8849 Medtronic Missing Encryption of Sensitive Data vulnerability in Medtronic N'Vision 8840 Firmware and N'Vision 8870 Firmware

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest.

2.1
2018-05-15 CVE-2018-3661 Intel Buffer Errors vulnerability in Intel Selview and Syscfg

Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service.

2.1
2018-05-14 CVE-2017-12127 Moxa Insufficiently Protected Credentials vulnerability in Moxa Edr-810 Firmware 4.1

A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317.

2.1
2018-05-18 CVE-2017-9637 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric Ampla Manufacturing Execution System

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases.

1.9
2018-05-18 CVE-2017-9635 Schneider Electric Inadequate Encryption Strength vulnerability in Schneider-Electric Ampla Manufacturing Execution System

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges.

1.9
2018-05-17 CVE-2018-10327 Printeron Insufficiently Protected Credentials vulnerability in Printeron 4.1.3

PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.

1.9