Weekly Vulnerabilities Reports > May 21 to 27, 2018

Overview

226 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 501 products from 99 vendors including Debian, Microsoft, Linux, IBM, and Canonical. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Read", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".

  • 184 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities have public exploit available.
  • 75 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 173 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Trendmicro has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-25 CVE-2018-9091 Kemptechnologies Unspecified vulnerability in Kemptechnologies Loadmaster Operating System

A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system.

10.0
2018-05-23 CVE-2018-8176 Microsoft Improper Input Validation vulnerability in Microsoft Office for mac 2016

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.

9.3
2018-05-25 CVE-2018-10350 Trendmicro
Linux
SQL Injection vulnerability in Trendmicro Smart Protection Server

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php.

9.0
2018-05-23 CVE-2018-10357 Trendmicro Path Traversal vulnerability in Trendmicro Endpoint Application Control 2.0

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet.

9.0
2018-05-23 CVE-2018-10356 Trendmicro SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5

A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class.

9.0
2018-05-23 CVE-2018-10354 Trendmicro OS Command Injection vulnerability in Trendmicro Email Encryption Gateway 5.5

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer.

9.0
2018-05-23 CVE-2018-10351 Trendmicro SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class.

9.0
2018-05-22 CVE-2018-11340 Asustor Unrestricted Upload of File With Dangerous Type vulnerability in Asustor As6202T Firmware

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-25 CVE-2018-6237 Trendmicro
Linux
Resource Exhaustion vulnerability in Trendmicro Smart Protection Server

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.

7.8
2018-05-26 CVE-2018-6411 Appnitro Unrestricted Upload of File With Dangerous Type vulnerability in Appnitro Machform 4.2.3

An issue was discovered in Appnitro MachForm before 4.2.3.

7.5
2018-05-26 CVE-2018-6410 Appnitro SQL Injection vulnerability in Appnitro Machform 4.2.3

An issue was discovered in Appnitro MachForm before 4.2.3.

7.5
2018-05-26 CVE-2018-11499 Sass Lang USE After Free vulnerability in Sass-Lang Libsass

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

7.5
2018-05-25 CVE-2018-8871 Deltaww Out-Of-Bounds Write vulnerability in Deltaww Tpeditor

In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.

7.5
2018-05-25 CVE-2018-11444 Easyservice Billing Project SQL Injection vulnerability in Easyservice Billing Project Easyservice Billing 1.0

A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.

7.5
2018-05-24 CVE-2018-11419 Jerryscript Out-Of-Bounds Read vulnerability in Jerryscript 1.0

An issue was discovered in JerryScript 1.0.

7.5
2018-05-24 CVE-2018-11418 Jerryscript Out-Of-Bounds Read vulnerability in Jerryscript 1.0

An issue was discovered in JerryScript 1.0.

7.5
2018-05-24 CVE-2018-8013 Apache
Debian
Canonical
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.

7.5
2018-05-24 CVE-2018-5487 Netapp
Linux
Improper Input Validation vulnerability in Netapp Oncommand Unified Manager

NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

7.5
2018-05-24 CVE-2018-1000300 Haxx
Canonical
Out-Of-Bounds Write vulnerability in multiple products

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies..

7.5
2018-05-24 CVE-2018-1000155 Opennetworking Incorrect Authorization vulnerability in Opennetworking Openflow

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller.

7.5
2018-05-24 CVE-2018-11410 Liblouis
Canonical
USE After Free vulnerability in multiple products

An issue was discovered in Liblouis 3.5.0.

7.5
2018-05-23 CVE-2018-10653 Citrix XXE vulnerability in Citrix Xenmobile Server 10.7/10.8

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

7.5
2018-05-23 CVE-2018-10648 Citrix Unrestricted Upload of File With Dangerous Type vulnerability in Citrix Xenmobile Server 10.7/10.8

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

7.5
2018-05-23 CVE-2018-8898 D Link Improper Authentication vulnerability in D-Link Dsl-3782 Firmware 3.10.0.24

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.

7.5
2018-05-23 CVE-2018-1309 Apache XXE vulnerability in Apache Nifi

Apache NiFi External XML Entity issue in SplitXML processor.

7.5
2018-05-23 CVE-2018-1126 Procps NG Project
Canonical
Debian
Redhat
Schneider Electric
Integer Overflow OR Wraparound vulnerability in multiple products

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues.

7.5
2018-05-22 CVE-2018-9019 Dolibarr
Oracle
SQL Injection vulnerability in multiple products

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.

7.5
2018-05-22 CVE-2018-10094 Dolibarr SQL Injection vulnerability in Dolibarr

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.

7.5
2018-05-22 CVE-2018-11373 Iscripts SQL Injection vulnerability in Iscripts Eswap 2.4

iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.

7.5
2018-05-22 CVE-2018-11372 Iscripts SQL Injection vulnerability in Iscripts Eswap 2.4

iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.

7.5
2018-05-22 CVE-2018-11369 Pbootcms SQL Injection vulnerability in Pbootcms 1.0.9

An issue was discovered in PbootCMS v1.0.9.

7.5
2018-05-21 CVE-2018-11331 Pluck CMS Unrestricted Upload of File With Dangerous Type vulnerability in Pluck-Cms Pluck

An issue was discovered in Pluck before 4.7.6.

7.5
2018-05-25 CVE-2018-11479 Windscribe Improper Input Validation vulnerability in Windscribe 1.81

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections.

7.2
2018-05-25 CVE-2018-6235 Trendmicro
Microsoft
Out-Of-Bounds Write vulnerability in Trendmicro products

An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver.

7.2
2018-05-25 CVE-2018-6233 Trendmicro
Microsoft
Classic Buffer Overflow vulnerability in Trendmicro products

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver.

7.2
2018-05-25 CVE-2018-6232 Trendmicro
Microsoft
Classic Buffer Overflow vulnerability in Trendmicro products

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver.

7.2
2018-05-25 CVE-2018-1488 IBM
Linux
Microsoft
Buffer Errors vulnerability in IBM DB2 10.5/11.1

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.

7.2
2018-05-24 CVE-2013-3024 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 8.5.0.0/8.5.0.1/8.5.0.2

IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization.

7.2
2018-05-24 CVE-2017-14187 Fortinet Improper Privilege Management vulnerability in Fortinet Fortios

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.

7.2
2018-05-22 CVE-2018-6962 Vmware Unspecified vulnerability in VMWare Fusion

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.

7.2

160 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-25 CVE-2018-6236 Trendmicro
Microsoft
Race Condition vulnerability in Trendmicro products

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver.

6.9
2018-05-26 CVE-2018-11500 Publiccms Cross-Site Request Forgery (CSRF) vulnerability in Publiccms 4.0.20180210

An issue was discovered in PublicCMS V4.0.20180210.

6.8
2018-05-26 CVE-2018-11498 Lizard Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lizard Project Lizard and LZ5

In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h).

6.8
2018-05-26 CVE-2018-11493 Wuzhicms Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0

An issue was discovered in WUZHI CMS 4.1.0.

6.8
2018-05-26 CVE-2018-11490 Giflib Project
Sam2P Project
Improper Validation of Array Index vulnerability in multiple products

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked.

6.8
2018-05-26 CVE-2018-11489 Giflib Project
Sam2P Project
Improper Validation of Array Index vulnerability in multiple products

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked.

6.8
2018-05-25 CVE-2017-9641 Osisoft Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Coresight

PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system.

6.8
2018-05-25 CVE-2018-11445 Easyservice Billing Project Cross-Site Request Forgery (CSRF) vulnerability in Easyservice Billing Project Easyservice Billing 1.0

A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0.

6.8
2018-05-25 CVE-2018-11442 Easyservice Billing Project Cross-Site Request Forgery (CSRF) vulnerability in Easyservice Billing Project Easyservice Billing 1.0

A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.

6.8
2018-05-25 CVE-2018-11440 Liblouis
Canonical
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.

6.8
2018-05-24 CVE-2018-7407 Foxitsoftware Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Phantompdf and Reader

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-7406 Foxitsoftware Improper Validation of Array Index vulnerability in Foxitsoftware Phantompdf and Reader

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-5680 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-5679 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-5678 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-5677 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-5676 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-5675 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-5674 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1.

6.8
2018-05-24 CVE-2018-11416 Jpegoptim Project Double Free vulnerability in Jpegoptim Project Jpegoptim 1.4.5

jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

6.8
2018-05-24 CVE-2018-1000039 Artifex USE After Free vulnerability in Artifex Mupdf

In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.

6.8
2018-05-24 CVE-2018-1000038 Artifex Out-Of-Bounds Write vulnerability in Artifex Mupdf

In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.

6.8
2018-05-24 CVE-2018-11405 Kliqqi Cross-Site Request Forgery (CSRF) vulnerability in Kliqqi CMS 2.0.2

Kliqqi 2.0.2 has CSRF in admin/admin_users.php.

6.8
2018-05-23 CVE-2018-10654 Citrix Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server 10.7/10.8

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

6.8
2018-05-23 CVE-2018-10650 Citrix Untrusted Search Path vulnerability in Citrix Xenmobile Server 10.7/10.8

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

6.8
2018-05-23 CVE-2018-11231 Divido SQL Injection vulnerability in Divido

In the Divido plugin for OpenCart, there is SQL injection.

6.8
2018-05-22 CVE-2018-11378 Radare Buffer Errors vulnerability in Radare Radare2 2.5.0

The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.

6.8
2018-05-22 CVE-2017-2617 Hawt IO Unrestricted Upload of File With Dangerous Type vulnerability in Hawt.Io Hawtio

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload.

6.8
2018-05-22 CVE-2018-11371 Skycaiji Cross-Site Request Forgery (CSRF) vulnerability in Skycaiji 1.2

SkyCaiji 1.2 allows CSRF to add an Administrator user.

6.8
2018-05-25 CVE-2018-11470 Iscripts SQL Injection vulnerability in Iscripts Eswap 2.4

iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.

6.5
2018-05-25 CVE-2018-6664 Mcafee
Microsoft
Improper Verification of Cryptographic Signature vulnerability in Mcafee Data Loss Prevention Endpoint

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.

6.5
2018-05-25 CVE-2018-1133 Moodle Code Injection vulnerability in Moodle

An issue was discovered in Moodle 3.x.

6.5
2018-05-24 CVE-2018-11414 Bearadmin Project SQL Injection vulnerability in Bearadmin Project Bearadmin 0.5

An issue was discovered in BearAdmin 0.5.

6.5
2018-05-23 CVE-2018-10352 Trendmicro SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class.

6.5
2018-05-22 CVE-2018-6493 HP SQL Injection vulnerability in HP products

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50.

6.5
2018-05-22 CVE-2018-11323 Joomla Improper Privilege Management vulnerability in Joomla Joomla!

An issue was discovered in Joomla! Core before 3.8.8.

6.5
2018-05-22 CVE-2018-11345 Asustor Unrestricted Upload of File With Dangerous Type vulnerability in Asustor As6202T Firmware

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename.

6.5
2018-05-22 CVE-2018-11341 Asustor Path Traversal vulnerability in Asustor As6202T Firmware

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.

6.5
2018-05-24 CVE-2018-9920 K2 Server-Side Request Forgery (SSRF) vulnerability in K2 Smartforms 4.6.11

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.

6.4
2018-05-24 CVE-2018-1000301 Debian
Canonical
Haxx
Redhat
Oracle
Out-Of-Bounds Read vulnerability in multiple products

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content..

6.4
2018-05-24 CVE-2017-9421 Accellion Improper Authentication vulnerability in Accellion Kiteworks

Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.

6.4
2018-05-26 CVE-2018-11501 Website Seller Script Project Cross-Site Request Forgery (CSRF) vulnerability in Website Seller Script Project Website Seller Script 2.0.3

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.

6.0
2018-05-26 CVE-2018-11494 Opencart Path Traversal vulnerability in Opencart

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].

6.0
2018-05-25 CVE-2018-11475 Monstra Session Fixation vulnerability in Monstra 3.0.4

Monstra CMS 3.0.4 has a Session Management Issue in the Users tab.

6.0
2018-05-25 CVE-2018-11474 Monstra Session Fixation vulnerability in Monstra 3.0.4

Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab.

6.0
2018-05-22 CVE-2018-10092 Dolibarr Missing Authorization vulnerability in Dolibarr

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

6.0
2018-05-22 CVE-2018-11322 Joomla Unrestricted Upload of File With Dangerous Type vulnerability in Joomla Joomla!

An issue was discovered in Joomla! Core before 3.8.8.

6.0
2018-05-23 CVE-2018-10651 Citrix Open Redirect vulnerability in Citrix Xenmobile Server 10.7/10.8

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

5.8
2018-05-22 CVE-2015-8094 Cloudera Open Redirect vulnerability in Cloudera HUE

Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.

5.8
2018-05-21 CVE-2018-1067 Redhat Http Response Splitting vulnerability in Redhat products

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

5.8
2018-05-21 CVE-2018-11092 Admin Notes Project Cross-Site Request Forgery (CSRF) vulnerability in Admin Notes Project Admin Notes 1.1

An issue was discovered in the Admin Notes plugin 1.1 for MyBB.

5.8
2018-05-25 CVE-2018-1137 Moodle Improper Input Validation vulnerability in Moodle

An issue was discovered in Moodle 3.x.

5.5
2018-05-22 CVE-2018-6494 HP SQL Injection vulnerability in Microfocus Service Manager

Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.

5.5
2018-05-22 CVE-2018-1583 IBM Unspecified vulnerability in IBM Storediq 7.6.0

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions.

5.5
2018-05-26 CVE-2018-6409 Appnitro Path Traversal vulnerability in Appnitro Machform 4.2.3

An issue was discovered in Appnitro MachForm before 4.2.3.

5.0
2018-05-26 CVE-2018-11505 Werewolf Online Project Information Exposure vulnerability in Werewolf Online Project Werewolf Online 0.8.8

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.

5.0
2018-05-25 CVE-2017-14185 Fortinet Information Exposure vulnerability in Fortinet Fortios

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.

5.0
2018-05-25 CVE-2018-1467 IBM Information Exposure vulnerability in IBM Storwize Unified V7000 Software 1.6

The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users.

5.0
2018-05-24 CVE-2013-3018 IBM Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp.

5.0
2018-05-24 CVE-2018-7526 Beaconmedaes Forced Browsing vulnerability in Beaconmedaes Scroll Medical AIR Systems Firmware

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.

5.0
2018-05-24 CVE-2018-7518 Beaconmedaes Insufficiently Protected Credentials vulnerability in Beaconmedaes Scroll Medical AIR Systems Firmware

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.

5.0
2018-05-24 CVE-2017-9664 ABB Path Traversal vulnerability in ABB Srea-01 Firmware and Srea-50 Firmware

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths.

5.0
2018-05-24 CVE-2018-7942 Huawei Unspecified vulnerability in Huawei products

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability.

5.0
2018-05-24 CVE-2017-17315 Huawei Improper Input Validation vulnerability in Huawei products

Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability.

5.0
2018-05-24 CVE-2018-11411 Dimoncoin Improper Input Validation vulnerability in Dimoncoin

The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.

5.0
2018-05-23 CVE-2018-10652 Citrix Information Exposure vulnerability in Citrix Xenmobile Server 10.7

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.

5.0
2018-05-23 CVE-2018-1193 Cloudfoundry Unspecified vulnerability in Cloudfoundry Cf-Deployment and Routing-Release

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers.

5.0
2018-05-23 CVE-2018-1310 Apache Deserialization of Untrusted Data vulnerability in Apache Nifi

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability.

5.0
2018-05-23 CVE-2018-1125 Procps NG Project
Canonical
Debian
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep.

5.0
2018-05-23 CVE-2018-1123 Procps NG Project
Canonical
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow.

5.0
2018-05-23 CVE-2018-11396 Gnome Unspecified vulnerability in Gnome Epiphany

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

5.0
2018-05-22 CVE-2018-11362 Wireshark
Debian
Out-Of-Bounds Read vulnerability in multiple products

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash.

5.0
2018-05-22 CVE-2018-11361 Wireshark Buffer Errors vulnerability in Wireshark 2.6.0

In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash.

5.0
2018-05-22 CVE-2018-11360 Wireshark
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash.

5.0
2018-05-22 CVE-2018-11359 Wireshark
Debian
Null Pointer Dereference vulnerability in multiple products

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash.

5.0
2018-05-22 CVE-2018-11358 Wireshark
Debian
USE After Free vulnerability in multiple products

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash.

5.0
2018-05-22 CVE-2018-11357 Wireshark
Debian
Improper Input Validation vulnerability in multiple products

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory.

5.0
2018-05-22 CVE-2018-11356 Wireshark
Debian
Null Pointer Dereference vulnerability in multiple products

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash.

5.0
2018-05-22 CVE-2018-11355 Wireshark Buffer Errors vulnerability in Wireshark 2.6.0

In Wireshark 2.6.0, the RTCP dissector could crash.

5.0
2018-05-22 CVE-2018-11354 Wireshark Improper Input Validation vulnerability in Wireshark 2.6.0

In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash.

5.0
2018-05-22 CVE-2018-11325 Joomla Information Exposure Through AN Error Message vulnerability in Joomla Joomla!

An issue was discovered in Joomla! Core before 3.8.8.

5.0
2018-05-22 CVE-2018-11367 Cppcms Improper Input Validation vulnerability in Cppcms

An issue was discovered in CppCMS before 1.2.1.

5.0
2018-05-22 CVE-2018-11329 Ethercartel Unspecified vulnerability in Ethercartel Ether Cartel 20180518

The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone.

5.0
2018-05-22 CVE-2018-11365 Wizardmac Infinite Loop vulnerability in Wizardmac Readstat 0.1.1

sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.

5.0
2018-05-22 CVE-2018-11364 Wizardmac Missing Release of Resource After Effective Lifetime vulnerability in Wizardmac Readstat 0.1.1

sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.

5.0
2018-05-22 CVE-2018-11363 Pdfgen Out-Of-Bounds Read vulnerability in Pdfgen

jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.

5.0
2018-05-21 CVE-2018-8012 Apache
Debian
Missing Authorization vulnerability in multiple products

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta.

5.0
2018-05-21 CVE-2018-11320 Octopus Information Exposure Through LOG Files vulnerability in Octopus Deploy

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.

5.0
2018-05-24 CVE-2018-10595 BD SQL Injection vulnerability in BD Database Manager, Performa and Reada

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.

4.9
2018-05-24 CVE-2018-1000199 Debian
Linux
Canonical
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption.

4.9
2018-05-24 CVE-2018-11401 Simplisafe Unspecified vulnerability in Simplisafe U9K-Bs1000 Firmware

In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.

4.9
2018-05-24 CVE-2018-11400 Simplisafe Unspecified vulnerability in Simplisafe U9K-Bs1000 Firmware

In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.

4.9
2018-05-21 CVE-2018-7268 Magnicomp
Apple
Linux
Information Exposure vulnerability in Magnicomp Sysinfo 10H62

MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions.

4.9
2018-05-22 CVE-2018-3640 Intel
ARM
Information Exposure Through Discrepancy vulnerability in multiple products

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

4.7
2018-05-25 CVE-2018-1565 IBM
Linux
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner.

4.6
2018-05-25 CVE-2018-1544 IBM
Linux
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner.

4.6
2018-05-25 CVE-2018-1459 IBM
Linux
Microsoft
Out-Of-Bounds Write vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code.

4.6
2018-05-24 CVE-2018-5485 Netapp
Microsoft
Unspecified vulnerability in Netapp Oncommand Unified Manager

NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.

4.6
2018-05-23 CVE-2018-1124 Procps NG Project
Canonical
Debian
Redhat
Schneider Electric
Opensuse
Integer Overflow OR Wraparound vulnerability in multiple products

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function.

4.6
2018-05-23 CVE-2018-11334 Windscribe Incorrect Permission Assignment FOR Critical Resource vulnerability in Windscribe 1.81

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.

4.6
2018-05-22 CVE-2016-8656 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform

Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.

4.6
2018-05-21 CVE-2018-7687 Microfocus Buffer Errors vulnerability in Microfocus Client 2.0

The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.

4.6
2018-05-21 CVE-2018-8142 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

4.6
2018-05-25 CVE-2018-1515 IBM
Linux
Microsoft
Buffer Errors vulnerability in IBM DB2 10.5/11.1

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner.

4.4
2018-05-23 CVE-2018-1122 Procps NG Project
Canonical
Debian
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top.
4.4
2018-05-26 CVE-2018-11504 Discount Project
Debian
Out-Of-Bounds Read vulnerability in multiple products

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

4.3
2018-05-26 CVE-2018-11503 Discount Project
Debian
Out-Of-Bounds Read vulnerability in multiple products

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

4.3
2018-05-26 CVE-2018-11496 Lrzip Project USE After Free vulnerability in Lrzip Project Lrzip 0.631

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.

4.3
2018-05-26 CVE-2018-11487 Phpmywind Cross-Site Scripting vulnerability in PHPmywind 5.5

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.

4.3
2018-05-25 CVE-2018-11473 Monstra Cross-Site Scripting vulnerability in Monstra 3.0.4

Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).

4.3
2018-05-25 CVE-2018-11472 Monstra Cross-Site Scripting vulnerability in Monstra 3.0.4

Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).

4.3
2018-05-25 CVE-2018-11469 Haproxy
Canonical
Information Exposure vulnerability in multiple products

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

4.3
2018-05-25 CVE-2018-11468 Discount Project
Debian
Out-Of-Bounds Read vulnerability in multiple products

The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

4.3
2018-05-25 CVE-2018-11443 Easyservice Billing Project Cross-Site Scripting vulnerability in Easyservice Billing Project Easyservice Billing 1.0

The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.

4.3
2018-05-24 CVE-2013-3023 IBM Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used.

4.3
2018-05-24 CVE-2018-11415 SAP Cross-Site Scripting vulnerability in SAP Internet Transaction Server 6.20

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs.

4.3
2018-05-24 CVE-2018-11412 Linux
Canonical
USE After Free vulnerability in multiple products

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

4.3
2018-05-24 CVE-2018-1000040 Artifex
Debian
Improper Input Validation vulnerability in multiple products

In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

4.3
2018-05-24 CVE-2018-1000037 Artifex
Debian
Improper Input Validation vulnerability in multiple products

In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.

4.3
2018-05-24 CVE-2018-1000036 Artifex Missing Release of Resource After Effective Lifetime vulnerability in Artifex Mupdf

In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

4.3
2018-05-24 CVE-2018-11404 Domainmod Cross-Site Scripting vulnerability in Domainmod 4.09.03

DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.

4.3
2018-05-23 CVE-2018-10428 Ilias Cross-Site Scripting vulnerability in Ilias

ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.

4.3
2018-05-23 CVE-2018-10649 Citrix Cross-Site Scripting vulnerability in Citrix Xenmobile Server 10.7

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.

4.3
2018-05-23 CVE-2018-7295 Square Enix Improper Enforcement of Message Integrity During Transmission in A Communication Channel vulnerability in Square-Enix Final Fantasy XIV 4.21/4.25

ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https.

4.3
2018-05-22 CVE-2018-10095 Dolibarr Cross-Site Scripting vulnerability in Dolibarr

Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.

4.3
2018-05-22 CVE-2018-6492 HP Cross-Site Scripting vulnerability in HP products

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50.

4.3
2018-05-22 CVE-2018-11384 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

4.3
2018-05-22 CVE-2018-11383 Radare USE of Uninitialized Resource vulnerability in Radare Radare2 2.5.0

The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.

4.3
2018-05-22 CVE-2018-11382 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

4.3
2018-05-22 CVE-2018-11381 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

4.3
2018-05-22 CVE-2018-11380 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.

4.3
2018-05-22 CVE-2018-11379 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.

4.3
2018-05-22 CVE-2018-11377 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

4.3
2018-05-22 CVE-2018-11376 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

4.3
2018-05-22 CVE-2018-11375 Radare Out-Of-Bounds Read vulnerability in Radare Radare2 2.5.0

The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

4.3
2018-05-22 CVE-2018-11093 Ckeditor Cross-Site Scripting vulnerability in Ckeditor 5-Link

Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.

4.3
2018-05-22 CVE-2018-6378 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.

4.3
2018-05-22 CVE-2018-11324 Joomla Race Condition vulnerability in Joomla Joomla!

An issue was discovered in Joomla! Core before 3.8.8.

4.3
2018-05-22 CVE-2018-11366 Loginizer Cross-Site Scripting vulnerability in Loginizer 1.3.8/1.3.9

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled.

4.3
2018-05-22 CVE-2018-11339 Frappe Cross-Site Scripting vulnerability in Frappe Erpnext 11.X.Xdevelopb1036E5

An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.

4.3
2018-05-21 CVE-2018-1108 Linux
Canonical
USE of Insufficiently Random Values vulnerability in multiple products

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data.

4.3
2018-05-21 CVE-2018-11096 Horse Market Sell Rent Portal Project Cross-Site Request Forgery (CSRF) vulnerability in Horse Market Sell & Rent Portal Project Horse Market Sell & Rent Portal 1.5.7

Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.

4.3
2018-05-26 CVE-2018-11495 Opencart Path Traversal vulnerability in Opencart

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id.

4.0
2018-05-25 CVE-2017-1752 IBM Information Exposure vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information.

4.0
2018-05-25 CVE-2018-1136 Moodle Cross-Site Scripting vulnerability in Moodle

An issue was discovered in Moodle 3.x.

4.0
2018-05-25 CVE-2018-1135 Moodle Information Exposure vulnerability in Moodle

An issue was discovered in Moodle 3.x.

4.0
2018-05-25 CVE-2018-1134 Moodle Improper Privilege Management vulnerability in Moodle

An issue was discovered in Moodle 3.x.

4.0
2018-05-24 CVE-2018-11413 Bearadmin Project Path Traversal vulnerability in Bearadmin Project Bearadmin 0.5

An issue was discovered in BearAdmin 0.5.

4.0
2018-05-24 CVE-2018-7904 Huawei Unspecified vulnerability in Huawei 1288H V5 Firmware and 2288H V5 Firmware

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability.

4.0
2018-05-24 CVE-2018-7903 Huawei Unspecified vulnerability in Huawei 1288H V5 Firmware and 2288H V5 Firmware

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability.

4.0
2018-05-24 CVE-2018-7902 Huawei Unspecified vulnerability in Huawei 1288H V5 Firmware and 2288H V5 Firmware

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability.

4.0
2018-05-23 CVE-2018-10353 Trendmicro SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class.

4.0
2018-05-23 CVE-2017-9317 Dahuasecurity Unspecified vulnerability in Dahuasecurity products

Privilege escalation vulnerability found in some Dahua IP devices.

4.0
2018-05-23 CVE-2017-2598 Jenkins Inadequate Encryption Strength vulnerability in Jenkins

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

4.0
2018-05-22 CVE-2017-2609 Jenkins Information Exposure vulnerability in Jenkins

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385).

4.0
2018-05-22 CVE-2018-11327 Joomla Information Exposure vulnerability in Joomla Joomla!

An issue was discovered in Joomla! Core before 3.8.8.

4.0
2018-05-22 CVE-2018-11321 Joomla Improper Input Validation vulnerability in Joomla Joomla!

An issue was discovered in com_fields in Joomla! Core before 3.8.8.

4.0
2018-05-22 CVE-2018-11346 Asustor Forced Browsing vulnerability in Asustor As6202T Firmware

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.

4.0
2018-05-22 CVE-2018-11344 Asustor Path Traversal vulnerability in Asustor As6202T Firmware

A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.

4.0
2018-05-22 CVE-2018-11342 Asustor Path Traversal vulnerability in Asustor As6202T Firmware

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.

4.0

26 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-05-24 CVE-2018-10593 BD SQL Injection vulnerability in BD Database Manager, Performa and Reada

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.

3.8
2018-05-25 CVE-2018-1452 IBM
Linux
Microsoft
Unspecified vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner.

3.6
2018-05-25 CVE-2018-1451 IBM
Linux
Microsoft
Unspecified vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner.

3.6
2018-05-25 CVE-2018-1450 IBM
Linux
Microsoft
Unspecified vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner.

3.6
2018-05-25 CVE-2018-1449 IBM
Linux
Microsoft
Unspecified vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner.

3.6
2018-05-25 CVE-2018-11471 Getcockpit Cross-Site Scripting vulnerability in Getcockpit Cockpit 0.5.5

Cockpit 0.5.5 has XSS via a collection, form, or region.

3.5
2018-05-25 CVE-2017-3961 Mcafee Cross-Site Scripting vulnerability in Mcafee Network Security Manager

Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.

3.5
2018-05-24 CVE-2018-11332 Clippercms Cross-Site Scripting vulnerability in Clippercms 1.3.3

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

3.5
2018-05-24 CVE-2018-11403 Domainmod Cross-Site Scripting vulnerability in Domainmod 4.09.03

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.

3.5
2018-05-23 CVE-2018-6495 Microfocus Cross-Site Scripting vulnerability in Microfocus CMS Server, Universal Cmdb and Universal Cmdb Browser

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1.

3.5
2018-05-22 CVE-2018-11326 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! Core before 3.8.8.

3.5
2018-05-22 CVE-2018-11343 Asustor Cross-Site Scripting vulnerability in Asustor Soundsgood

A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.

3.5
2018-05-21 CVE-2017-2607 Jenkins Cross-Site Scripting vulnerability in Jenkins

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382).

3.5
2018-05-21 CVE-2018-11330 Pluck CMS Cross-Site Scripting vulnerability in Pluck-Cms Pluck

An issue was discovered in Pluck before 4.7.6.

3.5
2018-05-25 CVE-2018-8864 Atisystem Missing Encryption of Sensitive Data vulnerability in Atisystem products

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.

2.9
2018-05-25 CVE-2018-8862 Atisystem Improper Authentication vulnerability in Atisystem products

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.

2.9
2018-05-22 CVE-2018-11328 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! Core before 3.8.8.

2.6
2018-05-25 CVE-2018-6234 Trendmicro
Microsoft
Information Exposure vulnerability in Trendmicro products

An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver.

2.1
2018-05-25 CVE-2018-6674 Mcafee
Microsoft
Missing Encryption of Sensitive Data vulnerability in Mcafee Virusscan Enterprise 8.8.0

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).

2.1
2018-05-24 CVE-2017-17158 Huawei Improper Input Validation vulnerability in Huawei products

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability.

2.1
2018-05-22 CVE-2018-6963 Vmware Null Pointer Dereference vulnerability in VMWare Fusion and Workstation

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler.

2.1
2018-05-22 CVE-2018-3639 Intel
ARM
Redhat
Debian
Canonical
Siemens
Oracle
Mitel
Sonicwall
Schneider Electric
Nvidia
Microsoft
Information Exposure Through Discrepancy vulnerability in multiple products

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

2.1
2018-05-21 CVE-2018-8010 Apache XXE vulnerability in Apache Solr

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema).

2.1
2018-05-24 CVE-2018-11402 Simplisafe Cleartext Transmission of Sensitive Information vulnerability in Simplisafe U9K-Kp1000 Firmware

SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.

1.9
2018-05-24 CVE-2018-11399 Simplisafe Cleartext Transmission of Sensitive Information vulnerability in Simplisafe products

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.

1.9
2018-05-23 CVE-2018-10355 Trendmicro Insufficiently Protected Credentials vulnerability in Trendmicro Email Encryption Gateway 5.5

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class.

1.9