Weekly Vulnerabilities Reports > June 4 to 10, 2018

Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment.

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level.

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection.

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device.

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges.

A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user.

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.

A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.

There is an authentication bypass vulnerability in some Huawei servers.

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications.

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049.

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.

An issue was discovered in LibSass through 3.5.4.

An issue was discovered in LibSass <3.5.3.

An issue was discovered in LibSass through 3.5.4.

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.

An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

The hubl-server module is a wrapper for the HubL Development Server.

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native.

windows-latestchromedriver downloads the latest version of chromedriver.exe.

The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings.

alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows.

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

haxeshim haxe shim to deal with coexisting versions.

windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim.

The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

windows-selenium-chromedriver is a module that downloads the Selenium Jar file.

fis-sass-all is another libsass wrapper for node.

pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks.

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks.

cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

mystem-wrapper is a Yandex mystem app wrapper module.

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

herbivore is a packet sniffing and crafting library.

mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries.

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks.

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms.

The clang-extra module installs LLVM's clang-extra tools.

sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

xd-testing is a testing library for cross-device (XD) web applications.

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation.

webdriver-launcher is a Node.js Selenium Webdriver Launcher.

frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

marionette-socket-host is a marionette-js-runner host for sending actions over a socket.

node-air-sdk is an AIR SDK for nodejs.

resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor).

grunt-images is a grunt plugin for processing images.

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs.

jstestdriver is a wrapper for Google's jstestdriver.

cmake installs the cmake x86 linux binaries.

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

node-thulac is a node binding for thulac.

redis-srvr is a npm wrapper for redis-server.

js-given is a JavaScript frontend to jgiven.

haxe-dev is a cross-platform toolkit.

grunt-ccompiler is a Closure Compiler Grunt Plugin.

Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.

An issue was discovered in LibSass through 3.5.4.

An issue was discovered in LibSass through 3.5.4.

An issue was discovered in LibSass through 3.5.4.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system.

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data.

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ.

In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed.

In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed.

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.

A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956.

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls.

Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20.

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export.

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files.

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.

DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0.

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections.

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition.

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.

aegir is a module to help automate JavaScript project management.

nodeaaaaa is a static file server.

yzt is a simple file server.

wind-mvc is an mvc framework.

yttivy is a static file server.

dgard8.lab6 is a static file server.

fbr-client sends files through sockets via socket.io and webRTC.

tencent-server is a simple web server.

sgqserve is a simple file server.

peiserver is a static file server.

mfrserver is a simple file server.

ltt is a static file server.

lessindex is a static file server.

jn_jj_server is a static file server.

enserver is a simple web server.

dmmcquay.lab6 is a REST server.

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

zjjserver is a static file server.

uv-tj-demo is a static file server.

susu-sum is a static file server.

ritp is a static web server.

qinserve is a static file server.

quickserver is a simple static file server.

pytservce is a static file server.

picard is a micro framework.

mfrs is a static file server.

getcityapi.yoehoehne is a web server.

cypserver is a static file server.

dcdcdcdcdc is a static file server.

sly07 is an API for censoring text.

reecerver is a web server.

open-device creates a web interface for any device.

360class.jansenhm is a static file server.

uekw1511server is a static file server.

scott-blanch-weather-app is a sample Node.js app using Express 4.

iter-server is a static file server.

serverxxx is a static file server.

wintiwebdev is a static file server.

serverabc is a static file server.

intsol-package is a file server.

chatbyvista is a file server.

jansenstuffpleasework is a file server.

ewgaddis.lab6 is a file server.

whispercast is a file server.

utahcityfinder constructs lists of Utah cities with a certain prefix.

section2.madisonjbrooks12 is a simple web server.

hcbserver is a static file server.

liuyaserver is a static file server.

looppake is a simple http server.

wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

yyooopack is a simple file server.

byucslabsix is an http server.

calmquist.static-server is a static file server.

desafio is a simple web server.

dylmomo is a simple file server.

22lixian is a simple file server.

shenliru is a simple file server.

11xiaoli is a simple file server.

caolilinode is a simple file server.

dcserver is a static file server.

censorify.tanisjr is a simple web server and API RESTful service.

myprolyz is a static file server.

fast-http-cli is the command line interface for fast-http, a simple web server.

earlybird is a web server module for early development.

static-html-server is a static file server.

wanggoujing123 is a simple webserver.

zwserver is a weather web server.

serve46 is a static file server.

shit-server is a file server.

mockserve is a file server.

sspa is a server dedicated to single-page apps.

myserver.alexcthomas18 is a file server.

commentapp.stetsonwood is an http server.

infraserver is a RESTful server.

lab6drewfusbyu is an http server.

lab6.brit95 is a file server.

jikes is a file server.

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it.

serverzyy is a static file server.

http_static_simple is an http server.

goserv is an http server.

simple-npm-registry is a local npm package cache.

unicorn-list is a web framework.

exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide.

rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager.

node-server-forfront is a simple static file server.

welcomyzt is a simple file server.

cuciuci is a simple fileserver.

datachannel-client is a signaling implementation for DataChannel.js.

liyujing is a static file server.

Fresh is a module used by the Express.js framework for HTTP response freshness testing.

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header.

slug is a module to slugify strings, even if they contain unicode.

The string module is a module that provides extra string operations.

The timespan module is vulnerable to regular expression denial of service.

The marked module is vulnerable to a regular expression denial of service.

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.

The content module is a module to parse HTTP Content-* headers.

weather.swlyons is a simple web server for weather updates.

gaoxiaotingtingting is an HTTP server.

pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

tmock is a static file server.

serverwzl is a simple http server.

citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

serveryztyzt is a simple http server.

serverhuwenhui is a simple http server.

serverwg is a simple http server.

The no-case module is vulnerable to regular expression denial of service.

charset 1.0.0 and below are vulnerable to regular expression denial of service.

tiny-http is a simple http server.

serveryaozeyan is a simple HTTP server.

serverliujiayi1 is a simple http server.

iter-http is a server for static files.

cyber-js is a simple http server.

Sencisho is a simple http server for local development.

xtalk helps your browser talk to nodex, a simple web framework.

fsk-server is a simple http server.

serverlyr is a simple http server.

ua-parser is a port of Browserscope's user agent parser.

tinyserver2 is a webserver for static files.

list-n-stream is a server for static files to list and stream local videos.

node-simple-router is a minimalistic router for Node.

cross-env.js was a malicious module published with the intent to hijack environment variables.

nodesass was a malicious module published with the intent to hijack environment variables.

smb was a malicious module published with the intent to hijack environment variables.

shadowsock was a malicious module published with the intent to hijack environment variables.

mongose was a malicious module published with the intent to hijack environment variables.

proxy.js was a malicious module published with the intent to hijack environment variables.

http-proxy.js was a malicious module published with the intent to hijack environment variables.

crossenv was a malicious module published with the intent to hijack environment variables.

noderequest was a malicious module published with the intent to hijack environment variables.

nodemailer.js was a malicious module published with the intent to hijack environment variables.

nodemailer-js was a malicious module published with the intent to hijack environment variables.

nodecaffe was a malicious module published with the intent to hijack environment variables.

nodeffmpeg was a malicious module published with the intent to hijack environment variables.

ffmepg was a malicious module published with the intent to hijack environment variables.

node-opencv was a malicious module published with the intent to hijack environment variables.

opencv.js was a malicious module published with the intent to hijack environment variables.

openssl.js was a malicious module published with the intent to hijack environment variables.

node-openssl was a malicious module published with the intent to hijack environment variables.

node-opensl was a malicious module published with the intent to hijack environment variables.

babelcli was a malicious module published with the intent to hijack environment variables.

mssql-node was a malicious module published with the intent to hijack environment variables.

gruntcli was a malicious module published with the intent to hijack environment variables.

nodemssql was a malicious module published with the intent to hijack environment variables.

mssql.js was a malicious module published with the intent to hijack environment variables.

An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242.

Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed.

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker.

Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure.

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.

An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before.

`sqlserver` was a malicious module published with the intent to hijack environment variables.

`nodefabric` was a malicious module published with the intent to hijack environment variables.

`fabric-js` was a malicious module published with the intent to hijack environment variables.

`node-fabric` was a malicious module published with the intent to hijack environment variables.

`sqliter` was a malicious module published with the intent to hijack environment variables.

`sqlite.js` was a malicious module published with the intent to hijack environment variables.

`nodesqlite` was a malicious module published with the intent to hijack environment variables.

`node-sqlite` was a malicious module published with the intent to hijack environment variables.

`mariadb` was a malicious module published with the intent to hijack environment variables.

`jquery.js` was a malicious module published with the intent to hijack environment variables.

`d3.js` was a malicious module published with the intent to hijack environment variables.

`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.

`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`.

Socket.io is a realtime application framework that provides communication via websockets.

Useragent is used to parse useragent headers.

hostr is a simple web server that serves up the contents of the current directory.

Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase.

Http-proxy is a proxying library.

hapi is a web and services application framework.

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme".

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors.

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values.

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification.

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???).

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system.

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode.

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode.

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js.

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub.

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers.

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests.

A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root.

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests.

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g.

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9.

uri-js is a module that tries to fully implement RFC 3986.

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver.

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver.

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver.

Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.

Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.

xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system.

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.

content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

st is a module for serving static files.

SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php.

Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page.

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability.

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.

Shout is an IRC client.

Morris.js creates an svg graph, with labels that appear when hovering over a point.

GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc).

Restify is a framework for building REST APIs.

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.

Sanitize-html is a library for scrubbing html input of malicious values.

Forms is a library for easily creating HTML forms.

ag-grid is an advanced data grid that is library agnostic.

i18next is a language translation framework.

Remarkable is a markdown parser.

html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

An issue was discovered in certain Apple products.

The HTTP client module superagent is vulnerable to ZIP bomb attacks.

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack.

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9.

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

Request is an http client.

Nes is a websocket extension library for hapi.

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers.

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack.

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data.

BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames.

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes.

A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.

nZEDb v0.7.3.3 has XSS in the 404 error page.

The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20.

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP.

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

elding is a simple web server.

dasafio is a web server.

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.

The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem.

easyquick is a simple web server.

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users.

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly.

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8.

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native.

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine.

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code.

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files.

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver.

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in certain Apple products.

An issue was discovered in OTRS 6.0.x before 6.0.7.

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user.

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated.

An issue was discovered in certain Apple products.