Weekly Vulnerabilities Reports > June 4 to 10, 2018

Overview

558 new vulnerabilities reported during this period, including 87 critical vulnerabilities and 66 high severity vulnerabilities. This weekly summary report vulnerabilities in 582 products from 375 vendors including Apple, Cisco, Jenkins, Microsoft, and IBM. Vulnerabilities are notably categorized as "Path Traversal", "Information Exposure", "Cryptographic Issues", "Cross-site Scripting", and "Improper Input Validation".

  • 520 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities have public exploit available.
  • 222 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 487 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 55 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

87 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-06-08 CVE-2018-4229 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

10.0
2018-06-08 CVE-2018-10088 Xiongmaitech Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xiongmaitech Uc-Httpd 1.0.0

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.

10.0
2018-06-08 CVE-2018-11228 Crestron Code Injection vulnerability in Crestron Toolbox Protocol Firmware

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).

10.0
2018-06-07 CVE-2017-16128 NPM Script Demo Project Incorrect Default Permissions vulnerability in Npm-Script-Demo Project Npm-Script-Demo 0.0.1

The module npm-script-demo opened a connection to a command and control server.

10.0
2018-06-07 CVE-2017-16127 Pandora Doomsday Project Incorrect Default Permissions vulnerability in Pandora-Doomsday Project Pandora-Doomsday 0.0.1

The module pandora-doomsday infects other modules.

10.0
2018-06-07 CVE-2017-16100 DNS Sync Project Command Injection vulnerability in Dns-Sync Project Dns-Sync 0.1.0/0.1.1

dns-sync is a sync/blocking dns resolver.

10.0
2018-06-07 CVE-2017-16088 Safe Eval Project Unspecified vulnerability in Safe-Eval Project Safe-Eval

The safe-eval module describes itself as a safer version of eval.

10.0
2018-06-06 CVE-2018-11808 Zohocorp Improper Input Validation vulnerability in Zohocorp Manageengine Applications Manager 13

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.

10.0
2018-06-05 CVE-2017-7637 Qnap OS Command Injection vulnerability in Qnap NAS Proxy Server

QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.

10.0
2018-06-04 CVE-2018-11714 TP Link Session Fixation vulnerability in Tp-Link Tl-Wr840N Firmware and Tl-Wr841N Firmware

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices.

10.0
2018-06-08 CVE-2018-0225 Cisco SQL Injection vulnerability in Cisco Appdynamics APP IQ

The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.

9.8
2018-06-08 CVE-2014-0593 Opensuse Improper Input Validation vulnerability in Opensuse Open Build Service

The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS).

9.8
2018-06-08 CVE-2011-3172 Suse Permissions, Privileges, and Access Controls vulnerability in Suse Linux Enterprise Server

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled.

9.8
2018-06-08 CVE-2018-12049 Canon Improper Authentication vulnerability in Canon Lbp6030W Firmware

A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.

9.8
2018-06-08 CVE-2018-12048 Canon Improper Authentication vulnerability in Canon Lbp7110Cw Firmware

A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.

9.8
2018-06-07 CVE-2018-0315 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE 16.7.1/16.8.1

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition.

9.8
2018-06-04 CVE-2017-16020 Summit Project Code Injection vulnerability in Summit Project Summit

Summit is a node web framework.

9.8
2018-06-04 CVE-2018-11711 Canon Improper Authentication vulnerability in Canon Mf210 Firmware and Mf220 Firmware

A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device.

9.8
2018-06-04 CVE-2018-11692 Canon Improper Authentication vulnerability in Canon products

An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices.

9.8
2018-06-08 CVE-2018-4243 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2018-06-08 CVE-2018-4242 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2018-06-08 CVE-2018-4241 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2018-06-08 CVE-2018-4236 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2018-06-08 CVE-2018-4234 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2018-06-08 CVE-2018-4220 Apple Incorrect Permission Assignment for Critical Resource vulnerability in Apple Swift

An issue was discovered in certain Apple products.

9.3
2018-06-08 CVE-2018-4196 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2018-06-08 CVE-2018-4193 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2018-06-06 CVE-2018-5850 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android

In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

9.3
2018-06-06 CVE-2018-5846 Google Use After Free vulnerability in Google Android

A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

9.3
2018-06-06 CVE-2018-5841 Google Insecure Default Initialization of Resource vulnerability in Google Android

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

9.3
2018-06-06 CVE-2018-5840 Google Classic Buffer Overflow vulnerability in Google Android

Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

9.3
2018-06-06 CVE-2018-3580 Google Out-of-bounds Write vulnerability in Google Android

Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

9.3
2018-06-06 CVE-2018-3578 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

9.3
2018-06-06 CVE-2018-3565 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.

9.3
2018-06-05 CVE-2018-7884 Displaylink Untrusted Search Path vulnerability in Displaylink Core Software Cleaner 8.2.1956

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956.

9.3
2018-06-04 CVE-2017-16040 GFE Sass Project Cleartext Transmission of Sensitive Information vulnerability in Gfe-Sass Project Gfe-Sass

gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2017-16035 Hubspot Cleartext Transmission of Sensitive Information vulnerability in Hubspot Hubl-Server

The hubl-server module is a wrapper for the HubL Development Server.

9.3
2018-06-04 CVE-2016-10697 React Native Baidu Voice Synthesizer Project Cryptographic Issues vulnerability in React-Native-Baidu-Voice-Synthesizer Project React-Native-Baidu-Voice-Synthesizer 1.0.0

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native.

9.3
2018-06-04 CVE-2016-10696 Windows Latestchromedriver Project Cryptographic Issues vulnerability in Windows-Latestchromedriver Project Windows-Latestchromedriver 0.1.0

windows-latestchromedriver downloads the latest version of chromedriver.exe.

9.3
2018-06-04 CVE-2016-10695 Mapbox Cryptographic Issues vulnerability in Mapbox Npm-Test-Sqlite3-Trunk

The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings.

9.3
2018-06-04 CVE-2016-10694 Alto Saxophone Project Cryptographic Issues vulnerability in Alto-Saxophone Project Alto-Saxophone

alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows.

9.3
2018-06-04 CVE-2016-10693 PM2 Kafka Project Cryptographic Issues vulnerability in Pm2-Kafka Project Pm2-Kafka 1.0.0

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10692 Haxeshim Project Cryptographic Issues vulnerability in Haxeshim Project Haxeshim

haxeshim haxe shim to deal with coexisting versions.

9.3
2018-06-04 CVE-2016-10691 Windows Seleniumjar Project Cryptographic Issues vulnerability in Windows-Seleniumjar Project Windows-Seleniumjar 2.48.2

windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10690 Openframe Ascii Image Project Cryptographic Issues vulnerability in Openframe-Ascii-Image Project Openframe-Ascii-Image 0.1.0

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim.

9.3
2018-06-04 CVE-2016-10689 Windows Iedriver Project Cryptographic Issues vulnerability in Windows-Iedriver Project Windows-Iedriver 2.48.0

The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10688 Haxe Cryptographic Issues vulnerability in Haxe

Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10687 Windows Selenium Chromedriver Project Cryptographic Issues vulnerability in Windows-Selenium-Chromedriver Project Windows-Selenium-Chromedriver 0.1.0

windows-selenium-chromedriver is a module that downloads the Selenium Jar file.

9.3
2018-06-04 CVE-2016-10686 FIS Sass ALL Project Cryptographic Issues vulnerability in Fis-Sass-All Project Fis-Sass-All 0.2.0

fis-sass-all is another libsass wrapper for node.

9.3
2018-06-04 CVE-2016-10685 PK APP Wonderbox Project Cryptographic Issues vulnerability in Pk-App-Wonderbox Project Pk-App-Wonderbox 1.0.0

pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10684 Healthcenter Project Cryptographic Issues vulnerability in Healthcenter Project Healthcenter 3.0.3

healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10683 Hujiang Cryptographic Issues vulnerability in Hujiang Arcanist 0.0.1

arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10678 Serc JS Project Cryptographic Issues vulnerability in Serc.Js Project Serc.Js 0.0.1

serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10677 Google Closure Tools Latest Project Cryptographic Issues vulnerability in Google-Closure-Tools-Latest Project Google-Closure-Tools-Latest 0.1.0/0.1.1

google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10676 RS Brightcove Project Cryptographic Issues vulnerability in Rs-Brightcove Project Rs-Brightcove 0.0.1/0.0.2

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10675 Libsbmlsim Project Cryptographic Issues vulnerability in Libsbmlsim Project Libsbmlsim 0.0.1/0.0.2

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10672 Cloudpub Redis Project Cryptographic Issues vulnerability in Cloudpub-Redis Project Cloudpub-Redis 2.4.5

cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10671 Mystem Wrapper Project Cryptographic Issues vulnerability in Mystem-Wrapper Project Mystem-Wrapper 0.1.0/0.2.0

mystem-wrapper is a Yandex mystem app wrapper module.

9.3
2018-06-04 CVE-2016-10670 Windows Seleniumjar Mirror Project Cryptographic Issues vulnerability in Windows-Seleniumjar-Mirror Project Windows-Seleniumjar-Mirror 2.52.0/2.52.1

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10669 Soci Project Cryptographic Issues vulnerability in Soci Project Soci 0.0.1

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10668 Libsbml Project Cryptographic Issues vulnerability in Libsbml Project Libsbml 0.0.1/0.0.2

libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10667 Selenium Portal Project Cryptographic Issues vulnerability in Selenium-Portal Project Selenium-Portal 0.0.10/0.0.11/0.0.12

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10665 Herbivore Project Cryptographic Issues vulnerability in Herbivore Project Herbivore 0.0.1/0.0.2/0.0.3

herbivore is a packet sniffing and crafting library.

9.3
2018-06-04 CVE-2016-10664 Mystem Project Cryptographic Issues vulnerability in Mystem Project Mystem

mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10663 Wixtoolset Project Missing Encryption of Sensitive Data vulnerability in Node-Wixtoolset Project Node-Wixtoolset 1.0.0

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10662 Tomita Project Cryptographic Issues vulnerability in Tomita Project Tomita

tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10661 Phantomjs Cheniu Project Cryptographic Issues vulnerability in Phantomjs-Cheniu Project Phantomjs-Cheniu

phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10660 FIS Parser Sass BIN Project Cryptographic Issues vulnerability in Fis-Parser-Sass-Bin Project Fis-Parser-Sass-Bin

fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries.

9.3
2018-06-04 CVE-2016-10657 CO CLI Installer Project Cryptographic Issues vulnerability in Co-Cli-Installer Project Co-Cli-Installer

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10656 QBS Project Cryptographic Issues vulnerability in QBS Project QBS

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms.

9.3
2018-06-04 CVE-2016-10655 Clang Extra Project Cryptographic Issues vulnerability in Clang-Extra Project Clang-Extra

The clang-extra module installs LLVM's clang-extra tools.

9.3
2018-06-04 CVE-2016-10653 XD Testing Project Cryptographic Issues vulnerability in Xd-Testing Project Xd-Testing

xd-testing is a testing library for cross-device (XD) web applications.

9.3
2018-06-04 CVE-2016-10651 Webdriver Launcher Project Cryptographic Issues vulnerability in Webdriver-Launcher Project Webdriver-Launcher

webdriver-launcher is a Node.js Selenium Webdriver Launcher.

9.3
2018-06-04 CVE-2016-10649 Frames Compiler Project Cryptographic Issues vulnerability in Frames-Compiler Project Frames-Compiler

frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

9.3
2018-06-04 CVE-2016-10648 Marionette Socket Host Project Cryptographic Issues vulnerability in Marionette-Socket-Host Project Marionette-Socket-Host

marionette-socket-host is a marionette-js-runner host for sending actions over a socket.

9.3
2018-06-04 CVE-2016-10647 Node AIR SDK Project Cryptographic Issues vulnerability in Node-Air-Sdk Project Node-Air-Sdk

node-air-sdk is an AIR SDK for nodejs.

9.3
2018-06-04 CVE-2016-10646 Resourcehacker Project Cryptographic Issues vulnerability in Resourcehacker Project Resourcehacker

resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor).

9.3
2018-06-04 CVE-2016-10645 Grunt Images Project Cryptographic Issues vulnerability in Grunt-Images Project Grunt-Images

grunt-images is a grunt plugin for processing images.

9.3
2018-06-04 CVE-2016-10644 Slimerjs Edge Project Cryptographic Issues vulnerability in Slimerjs-Edge Project Slimerjs-Edge

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs.

9.3
2018-06-04 CVE-2016-10643 Jstestdriver Project Cryptographic Issues vulnerability in Jstestdriver Project Jstestdriver

jstestdriver is a wrapper for Google's jstestdriver.

9.3
2018-06-04 CVE-2016-10642 Cmake Project Cryptographic Issues vulnerability in Cmake Project Cmake

cmake installs the cmake x86 linux binaries.

9.3
2018-06-04 CVE-2016-10640 Geohey Cryptographic Issues vulnerability in Geohey Node-Thulac

node-thulac is a node binding for thulac.

9.3
2018-06-04 CVE-2016-10639 Redis Srvr Project Cryptographic Issues vulnerability in Redis-Srvr Project Redis-Srvr

redis-srvr is a npm wrapper for redis-server.

9.3
2018-06-04 CVE-2016-10638 JS Given Project Cryptographic Issues vulnerability in Js-Given Project Js-Given

js-given is a JavaScript frontend to jgiven.

9.3
2018-06-04 CVE-2016-10637 Haxe Cryptographic Issues vulnerability in Haxe Haxe-Dev

haxe-dev is a cross-platform toolkit.

9.3
2018-06-04 CVE-2016-10636 Grunt Ccompiler Project Cryptographic Issues vulnerability in Grunt-Ccompiler Project Grunt-Ccompiler

grunt-ccompiler is a Closure Compiler Grunt Plugin.

9.3
2018-06-07 CVE-2018-0274 Cisco OS Command Injection vulnerability in Cisco Network Services Orchestrator

A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user.

9.0

66 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-06-08 CVE-2014-0594 Opensuse Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.

8.8
2018-06-07 CVE-2018-3758 Express Cart Project Unrestricted Upload of File with Dangerous Type vulnerability in Express-Cart Project Express-Cart

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.

8.8
2018-06-07 CVE-2011-0467 Suse SQL Injection vulnerability in Suse Studio Onsite and Studio Onsite Appliance

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection.

8.8
2018-06-07 CVE-2018-3720 Assign Deep Project Unspecified vulnerability in Assign-Deep Project Assign-Deep

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

8.8
2018-06-07 CVE-2018-3719 Mixin Deep Project Improper Input Validation vulnerability in Mixin-Deep Project Mixin-Deep

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

8.8
2018-06-04 CVE-2018-3853 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 9.0.1.1049

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049.

8.8
2018-06-08 CVE-2018-4249 Apple Integer Overflow or Wraparound vulnerability in Apple products

An issue was discovered in certain Apple products.

7.8
2018-06-08 CVE-2014-5220 Opensuse
Mdadm Project
Command Injection vulnerability in multiple products

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

7.8
2018-06-07 CVE-2018-0316 Cisco Improper Handling of Exceptional Conditions vulnerability in Cisco IP Phone Firmware 11.1(2)

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition.

7.8
2018-06-07 CVE-2017-6779 Cisco Resource Exhaustion vulnerability in Cisco products

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.

7.8
2018-06-05 CVE-2018-6662 Mcafee OS Command Injection vulnerability in Mcafee Management of Native Encryption

Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.

7.8
2018-06-04 CVE-2016-8390 Cryptic Apps Out-of-bounds Write vulnerability in Cryptic-Apps Hopper Disassembler 3.11.20

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20.

7.8
2018-06-08 CVE-2018-4230 Apple Race Condition vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.6
2018-06-08 CVE-2018-4228 Apple Race Condition vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.6
2018-06-06 CVE-2018-5845 Google Use After Free vulnerability in Google Android

A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

7.6
2018-06-10 CVE-2018-12088 S3Ql Project Improper Input Validation vulnerability in S3Ql Project S3Ql

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files.

7.5
2018-06-08 CVE-2018-12065 Creatiwity Improper Input Validation vulnerability in Creatiwity Witycms 0.6.2

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.

7.5
2018-06-08 CVE-2018-12064 Tinyexr Project Out-of-bounds Read vulnerability in Tinyexr Project Tinyexr 0.9.5

tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.

7.5
2018-06-08 CVE-2018-12055 Schools Alert Management Script Project SQL Injection vulnerability in Schools Alert Management Script Project Schools Alert Management Script

Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.

7.5
2018-06-08 CVE-2018-12052 Schools Alert Management Script Project SQL Injection vulnerability in Schools Alert Management Script Project Schools Alert Management Script

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.

7.5
2018-06-08 CVE-2018-12051 Schools Alert Management Script Project Unrestricted Upload of File with Dangerous Type vulnerability in Schools Alert Management Script Project Schools Alert Management Script

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.

7.5
2018-06-08 CVE-2018-9246 Pgobject Util Dbadmin Project
Ledgersmb
Improper Encoding or Escaping of Output vulnerability in multiple products

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function.

7.5
2018-06-08 CVE-2018-12045 Dedecms Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.

7.5
2018-06-08 CVE-2018-11229 Crestron OS Command Injection vulnerability in Crestron Toolbox Protocol Firmware

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).

7.5
2018-06-07 CVE-2018-12039 Joyplus CMS Project SQL Injection vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring.

7.5
2018-06-07 CVE-2018-12031 Eaton Path Traversal vulnerability in Eaton Intelligent Power Manager 1.6

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

7.5
2018-06-07 CVE-2018-0321 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system.

7.5
2018-06-07 CVE-2018-0320 Cisco SQL Injection vulnerability in Cisco products

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.

7.5
2018-06-07 CVE-2018-0296 Cisco Path Traversal vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

7.5
2018-06-07 CVE-2018-3737 Joyent Incorrect Regular Expression vulnerability in Joyent Sshpk

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

7.5
2018-06-07 CVE-2018-3732 Resolve Path Project Path Traversal vulnerability in Resolve-Path Project Resolve-Path

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.

7.5
2018-06-07 CVE-2018-3731 Public JS Project Path Traversal vulnerability in Public.Js Project Public.Js 0.1.2

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

7.5
2018-06-07 CVE-2018-3730 Mcstatic Project Path Traversal vulnerability in Mcstatic Project Mcstatic 0.0.20

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

7.5
2018-06-07 CVE-2018-3729 Localhost NOW Project Path Traversal vulnerability in Localhost-Now Project Localhost-Now 1.0.1

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

7.5
2018-06-07 CVE-2018-3727 626 Project Path Traversal vulnerability in 626 Project 626 1.1.1

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

7.5
2018-06-07 CVE-2018-3725 Hekto Project Path Traversal vulnerability in Hekto Project Hekto 0.2.0

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

7.5
2018-06-07 CVE-2018-3711 Fastify Allocation of Resources Without Limits or Throttling vulnerability in Fastify

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.

7.5
2018-06-07 CVE-2017-16226 Static Eval Project Improper Input Validation vulnerability in Static-Eval Project Static-Eval

The static-eval module is intended to evaluate statically-analyzable expressions.

7.5
2018-06-07 CVE-2017-16151 Electronjs Code Injection vulnerability in Electronjs Electron

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron.

7.5
2018-06-07 CVE-2017-16082 Node Postgres Code Injection vulnerability in Node-Postgres PG

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name.

7.5
2018-06-06 CVE-2018-3852 Onssi Improper Input Validation vulnerability in Onssi Ocularis 5.5.0.242

An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242.

7.5
2018-06-06 CVE-2017-7931 ABB Improper Authentication vulnerability in ABB IP Gateway Firmware

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.

7.5
2018-06-05 CVE-2018-11586 Searchblox Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

7.5
2018-06-05 CVE-2018-10966 Gamerpolls Use of Hard-coded Credentials vulnerability in Gamerpolls 0.4.6

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js.

7.5
2018-06-05 CVE-2018-10813 Aprendecondedos Use of Hard-coded Credentials vulnerability in Aprendecondedos Dedos-Web 1.0

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub.

7.5
2018-06-05 CVE-2016-9488 Manageengine SQL Injection vulnerability in Manageengine Applications Manager 12.0/13.0

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities.

7.5
2018-06-05 CVE-2018-11743 Mruby
Debian
Access of Uninitialized Pointer vulnerability in multiple products

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.

7.5
2018-06-05 CVE-2018-1000180 Bouncycastle
Debian
Oracle
Netapp
Redhat
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.

7.5
2018-06-05 CVE-2018-11722 Wuzhicms SQL Injection vulnerability in Wuzhicms 4.1.0

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.

7.5
2018-06-05 CVE-2018-11554 Yzmcms Information Exposure vulnerability in Yzmcms

The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.

7.5
2018-06-05 CVE-2018-11736 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck

An issue was discovered in Pluck before 4.7.7-dev2.

7.5
2018-06-04 CVE-2017-16042 Growl Project OS Command Injection vulnerability in Growl Project Growl

Growl adds growl notification support to nodejs.

7.5
2018-06-04 CVE-2018-10611 GE Improper Authentication vulnerability in GE MDS Pulsenet

Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.

7.5
2018-06-04 CVE-2016-1000343 Bouncycastle
Debian
Cryptographic Issues vulnerability in multiple products

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values.

7.5
2018-06-07 CVE-2018-0352 Cisco Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Wide Area Application Services 6.2(3)

A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root.

7.2
2018-06-07 CVE-2017-6294 Google Out-of-bounds Write vulnerability in Google Android

In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ.

7.2
2018-06-07 CVE-2017-6292 Google Out-of-bounds Write vulnerability in Google Android

In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed.

7.2
2018-06-07 CVE-2017-6290 Google Integer Overflow or Wraparound vulnerability in Google Android

In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed.

7.2
2018-06-06 CVE-2017-18154 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

7.2
2018-06-05 CVE-2017-1350 IBM Unspecified vulnerability in IBM Infosphere Information Server

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls.

7.2
2018-06-08 CVE-2018-4253 Apple Out-of-bounds Read vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.1
2018-06-08 CVE-2018-4251 Apple Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.1
2018-06-08 CVE-2018-4171 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.1
2018-06-07 CVE-2017-16129 Superagent Project Resource Exhaustion vulnerability in Superagent Project Superagent

The HTTP client module superagent is vulnerable to ZIP bomb attacks.

7.1
2018-06-06 CVE-2018-3562 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

7.1
2018-06-04 CVE-2017-16026 Request Project Improper Input Validation vulnerability in Request Project Request

Request is an http client.

7.1

380 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-06-09 CVE-2018-12085 Liblouis
Canonical
Opensuse
Out-of-bounds Write vulnerability in multiple products

Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

6.8
2018-06-08 CVE-2018-4246 Apple
Microsoft
Canonical
Incorrect Type Conversion or Cast vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4237 Apple Unspecified vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4233 Apple
Microsoft
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4222 Apple
Microsoft
Canonical
Out-of-bounds Read vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4219 Apple Incorrect Type Conversion or Cast vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4218 Apple
Microsoft
Canonical
Use After Free vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4215 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4214 Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4211 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4206 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4204 Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4201 Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4200 Apple
Microsoft
Canonical
Use After Free vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-4199 Apple
Microsoft
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2018-06-08 CVE-2018-8925 Synology Cross-Site Request Forgery (CSRF) vulnerability in Synology Photo Station

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.

6.8
2018-06-07 CVE-2018-12036 Owasp Path Traversal vulnerability in Owasp Dependency-Check

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

6.8
2018-06-07 CVE-2018-1514 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Robotic Process Automation With Automation Anywhere 10.0

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2018-06-06 CVE-2017-7906 ABB Cross-Site Request Forgery (CSRF) vulnerability in ABB IP Gateway Firmware

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

6.8
2018-06-05 CVE-2017-7635 Qnap Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.

6.8
2018-06-04 CVE-2016-10673 Ipip Cryptographic Issues vulnerability in Ipip Ipip-Coffee 1.0.7/1.0.9

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks.

6.8
2018-06-04 CVE-2016-10654 Sfml Project Cryptographic Issues vulnerability in Sfml Project Sfml 0.0.1/0.0.2/0.0.3

sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

6.8
2018-06-04 CVE-2016-10652 Prebuild Lwip Project Cryptographic Issues vulnerability in Prebuild-Lwip Project Prebuild-Lwip

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation.

6.8
2018-06-04 CVE-2016-10641 Node Bsdiff Android Project Cryptographic Issues vulnerability in Node-Bsdiff-Android Project Node-Bsdiff-Android

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

6.8
2018-06-04 CVE-2018-11710 Openmpt Out-of-bounds Write vulnerability in Openmpt Libopenmpt

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.

6.8
2018-06-04 CVE-2018-11696 Sass Lang NULL Pointer Dereference vulnerability in Sass-Lang Libsass

An issue was discovered in LibSass through 3.5.4.

6.8
2018-06-04 CVE-2018-11695 Sass Lang NULL Pointer Dereference vulnerability in Sass-Lang Libsass

An issue was discovered in LibSass <3.5.3.

6.8
2018-06-04 CVE-2018-11694 Sass Lang NULL Pointer Dereference vulnerability in Sass-Lang Libsass

An issue was discovered in LibSass through 3.5.4.

6.8
2018-06-04 CVE-2018-11685 Liblouis
Canonical
Opensuse
Out-of-bounds Write vulnerability in multiple products

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.

6.8
2018-06-04 CVE-2018-11684 Liblouis
Canonical
Opensuse
Out-of-bounds Write vulnerability in multiple products

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.

6.8
2018-06-04 CVE-2018-11683 Liblouis
Canonical
Opensuse
Out-of-bounds Write vulnerability in multiple products

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

6.8
2018-06-08 CVE-2013-3703 Opensuse Permission Issues vulnerability in Opensuse Open Build Service

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.

6.5
2018-06-08 CVE-2018-8926 Synology Unspecified vulnerability in Synology Photo Station

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

6.5
2018-06-08 CVE-2018-1453 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Identity Manager 7.0/7.0.1

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment.

6.5
2018-06-08 CVE-2017-12078 Synology Command Injection vulnerability in Synology Router Manager

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

6.5
2018-06-08 CVE-2017-12075 Synology Command Injection vulnerability in Synology Diskstation Manager

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

6.5
2018-06-07 CVE-2018-0336 Cisco Missing Authorization vulnerability in Cisco Prime Collaboration 12.1

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level.

6.5
2018-06-07 CVE-2018-6670 Mcafee XXE vulnerability in Mcafee Common Catalog 2.0.0

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.

6.5
2018-06-07 CVE-2018-7689 Opensuse Missing Authorization vulnerability in Opensuse Open Build Service

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

6.5
2018-06-07 CVE-2018-7688 Opensuse Missing Authorization vulnerability in Opensuse Open Build Service

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.

6.5
2018-06-07 CVE-2018-0322 Cisco Missing Authorization vulnerability in Cisco products

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device.

6.5
2018-06-07 CVE-2018-0317 Cisco Missing Authorization vulnerability in Cisco products

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges.

6.5
2018-06-07 CVE-2018-3723 Defaults Deep Project Improper Input Validation vulnerability in Defaults-Deep Project Defaults-Deep

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

6.5
2018-06-07 CVE-2018-3722 Merge Deep Project Unspecified vulnerability in Merge-Deep Project Merge-Deep

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

6.5
2018-06-07 CVE-2018-3721 Lodash
Netapp
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
6.5
2018-06-07 CVE-2018-3715 Glance Project Path Traversal vulnerability in Glance Project Glance

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.

6.5
2018-06-07 CVE-2018-3714 Node SRV Project Path Traversal vulnerability in Node-Srv Project Node-Srv

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.

6.5
2018-06-07 CVE-2018-3713 Angular Http Server Project Path Traversal vulnerability in Angular-Http-Server Project Angular-Http-Server

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.

6.5
2018-06-06 CVE-2018-1265 Pivotal Software
Cloudfoundry
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers.

6.5
2018-06-05 CVE-2018-10058 Cgminer Project
Bfgminer
Out-of-bounds Write vulnerability in multiple products

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.

6.5
2018-06-05 CVE-2018-1000189 Jenkins Unspecified vulnerability in Jenkins Absint Astree

A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.

6.5
2018-06-05 CVE-2018-1332 Apache Information Exposure vulnerability in Apache Storm

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

6.5
2018-06-05 CVE-2018-7943 Huawei Improper Authentication vulnerability in Huawei products

There is an authentication bypass vulnerability in some Huawei servers.

6.5
2018-06-05 CVE-2018-1252 RSA SQL Injection vulnerability in RSA web Threat Detection

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications.

6.5
2018-06-04 CVE-2017-16021 Garycourt Unspecified vulnerability in Garycourt Uri-Js

uri-js is a module that tries to fully implement RFC 3986.

6.5
2018-06-04 CVE-2018-10615 GE Path Traversal vulnerability in GE MDS Pulsenet

Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.

6.5
2018-06-08 CVE-2018-12053 Schools Alert Management Script Project Path Traversal vulnerability in Schools Alert Management Script Project Schools Alert Management Script

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.

6.4
2018-06-07 CVE-2018-12015 Canonical
Debian
Perl
Archive
Apple
Netapp
Link Following vulnerability in multiple products

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

6.4
2018-06-07 CVE-2018-3739 Https Proxy Agent Project Out-of-bounds Read vulnerability in Https-Proxy-Agent Project Https-Proxy-Agent

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g.

6.4
2018-06-07 CVE-2018-3735 Bracket Template Project Cross-site Scripting vulnerability in Bracket-Template Project Bracket-Template

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template

6.1
2018-06-07 CVE-2018-3726 Crud File Server Project Cross-site Scripting vulnerability in Crud-File-Server Project Crud-File-Server

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

6.1
2018-06-04 CVE-2017-16009 AG Grid Cross-site Scripting vulnerability in Ag-Grid

ag-grid is an advanced data grid that is library agnostic.

6.1
2018-06-04 CVE-2016-9042 NTP
Freebsd
HPE
Siemens
Improper Input Validation vulnerability in multiple products

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9.

5.9
2018-06-07 CVE-2018-0334 Cisco Improper Certificate Validation vulnerability in Cisco Anyconnect Secure Mobility Client 4.6(100)

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files.

5.8
2018-06-07 CVE-2017-16224 ST Project Open Redirect vulnerability in ST Project ST

st is a module for serving static files.

5.8
2018-06-05 CVE-2018-11740 Sleuthkit Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT

An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

5.8
2018-06-05 CVE-2018-11739 Sleuthkit Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

5.8
2018-06-05 CVE-2018-11738 Sleuthkit Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

5.8
2018-06-05 CVE-2018-11737 Sleuthkit Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.

5.8
2018-06-04 CVE-2016-1000352 Bouncycastle Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode.

5.8
2018-06-04 CVE-2016-1000344 Bouncycastle Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode.

5.8
2018-06-04 CVE-2017-1748 IBM Open Redirect vulnerability in IBM Connections 5.0.0.0/5.5.0.0/6.0

IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

5.8
2018-06-04 CVE-2018-11698 Sass Lang Out-of-bounds Read vulnerability in Sass-Lang Libsass

An issue was discovered in LibSass through 3.5.4.

5.8
2018-06-04 CVE-2018-11697 Sass Lang Out-of-bounds Read vulnerability in Sass-Lang Libsass

An issue was discovered in LibSass through 3.5.4.

5.8
2018-06-04 CVE-2018-11693 Sass Lang Out-of-bounds Read vulnerability in Sass-Lang Libsass

An issue was discovered in LibSass through 3.5.4.

5.8
2018-06-08 CVE-2012-0433 Crowbar Project Information Exposure vulnerability in Crowbar Project Crowbar 1.0

The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data.

5.5
2018-06-07 CVE-2018-3738 Protobufjs Project Incorrect Regular Expression vulnerability in Protobufjs Project Protobufjs

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

5.5
2018-06-06 CVE-2018-1456 IBM XXE vulnerability in IBM products

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-06-05 CVE-2018-1000197 Jenkins Incorrect Authorization vulnerability in Jenkins Black Duck HUB

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.

5.5
2018-06-05 CVE-2018-1000194 Jenkins
Oracle
Path Traversal vulnerability in multiple products

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.

5.5
2018-06-05 CVE-2018-1000188 Jenkins Server-Side Request Forgery (SSRF) vulnerability in Jenkins CAS

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

5.5
2018-06-05 CVE-2018-1000184 Jenkins Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

5.5
2018-06-05 CVE-2018-1000182 Jenkins Server-Side Request Forgery (SSRF) vulnerability in Jenkins GIT

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

5.5
2018-06-05 CVE-2018-8008 Apache Path Traversal vulnerability in Apache Storm

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames.

5.5
2018-06-08 CVE-2018-10505 Trendmicro Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver.

5.4
2018-06-08 CVE-2018-10359 Trendmicro Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver.

5.4
2018-06-08 CVE-2018-10358 Trendmicro Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver.

5.4
2018-06-07 CVE-2018-3717 Sencha Cross-site Scripting vulnerability in Sencha Connect

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.

5.4
2018-06-07 CVE-2018-3716 Simplehttpserver Project Cross-site Scripting vulnerability in Simplehttpserver Project Simplehttpserver

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

5.4
2018-06-05 CVE-2018-10601 Philips Out-of-bounds Write vulnerability in Philips products

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

5.4
2018-06-05 CVE-2018-10597 Philips Out-of-bounds Write vulnerability in Philips products

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

5.4
2018-06-08 CVE-2011-4190 Suse Cryptographic Issues vulnerability in Suse products

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20.

5.3
2018-06-07 CVE-2018-3718 Zeit Unspecified vulnerability in Zeit Serve

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

5.3
2018-06-07 CVE-2017-16137 Debug Project Resource Exhaustion vulnerability in Debug Project Debug

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.

5.3
2018-06-08 CVE-2018-4192 Apple
Microsoft
Race Condition vulnerability in Apple products

An issue was discovered in certain Apple products.

5.1
2018-06-07 CVE-2018-1547 IBM Unspecified vulnerability in IBM Robotic Process Automation With Automation Anywhere 10.0

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export.

5.1
2018-06-08 CVE-2018-12020 Redhat
Canonical
Debian
Gnupg
Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option.

5.0
2018-06-08 CVE-2018-4227 Apple Cleartext Transmission of Sensitive Information vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

5.0
2018-06-08 CVE-2018-4221 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

5.0
2018-06-08 CVE-2018-4184 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.0
2018-06-08 CVE-2018-11409 Splunk Information Exposure vulnerability in Splunk

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.

5.0
2018-06-08 CVE-2018-12054 Schools Alert Management Script Project Path Traversal vulnerability in Schools Alert Management Script Project Schools Alert Management Script

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

5.0
2018-06-08 CVE-2018-12046 Dedecms Improper Input Validation vulnerability in Dedecms 5.5/5.6/5.7

DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.

5.0
2018-06-08 CVE-2018-12041 Mediatek Improper Input Validation vulnerability in Mediatek Awus036Nh Firmware 5.1.25.0

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0.

5.0
2018-06-07 CVE-2018-0333 Cisco Protection Mechanism Failure vulnerability in Cisco Firepower Management Center 6.2.2

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies.

5.0
2018-06-07 CVE-2018-0332 Cisco Unspecified vulnerability in Cisco IP Phone Firmware and Unified IP Phone Firmware

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

5.0
2018-06-07 CVE-2018-0329 Cisco Use of Hard-coded Credentials vulnerability in Cisco Wide Area Application Services 6.2(3)/6.4(1)

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP.

5.0
2018-06-07 CVE-2018-12042 Roxyfileman Path Traversal vulnerability in Roxyfileman Roxy Fileman

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.

5.0
2018-06-07 CVE-2018-12016 Gnome Unspecified vulnerability in Gnome Epiphany

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

5.0
2018-06-07 CVE-2018-0353 Cisco Unspecified vulnerability in Cisco web Security Appliance

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections.

5.0
2018-06-07 CVE-2018-0319 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.

5.0
2018-06-07 CVE-2018-0318 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.

5.0
2018-06-07 CVE-2018-3724 General File Server Project Path Traversal vulnerability in General-File-Server Project General-File-Server

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.

5.0
2018-06-07 CVE-2017-16225 Aegir Project Information Exposure vulnerability in Aegir Project Aegir

aegir is a module to help automate JavaScript project management.

5.0
2018-06-07 CVE-2017-16223 Nodeaaaaa Project Path Traversal vulnerability in Nodeaaaaa Project Nodeaaaaa

nodeaaaaa is a static file server.

5.0
2018-06-07 CVE-2017-16222 Elding Project Path Traversal vulnerability in Elding Project Elding 1.0.0

elding is a simple web server.

5.0
2018-06-07 CVE-2017-16221 YZT Project Path Traversal vulnerability in YZT Project YZT 1.4.0

yzt is a simple file server.

5.0
2018-06-07 CVE-2017-16220 Wind MVC Project Path Traversal vulnerability in Wind-Mvc Project Wind-Mvc

wind-mvc is an mvc framework.

5.0
2018-06-07 CVE-2017-16219 Yttivy Project Path Traversal vulnerability in Yttivy Project Yttivy

yttivy is a static file server.

5.0
2018-06-07 CVE-2017-16218 Dgard8 Lab6 Project Path Traversal vulnerability in Dgard8.Lab6 Project Dgard8.Lab6

dgard8.lab6 is a static file server.

5.0
2018-06-07 CVE-2017-16217 Webrtc Experiment Path Traversal vulnerability in Webrtc-Experiment Fbr-Client

fbr-client sends files through sockets via socket.io and webRTC.

5.0
2018-06-07 CVE-2017-16216 Tencent Server Project Path Traversal vulnerability in Tencent-Server Project Tencent-Server

tencent-server is a simple web server.

5.0
2018-06-07 CVE-2017-16215 Sgqserve Project Path Traversal vulnerability in Sgqserve Project Sgqserve

sgqserve is a simple file server.

5.0
2018-06-07 CVE-2017-16214 Peiserver Project Path Traversal vulnerability in Peiserver Project Peiserver

peiserver is a static file server.

5.0
2018-06-07 CVE-2017-16213 Mfrserver Project Path Traversal vulnerability in Mfrserver Project Mfrserver

mfrserver is a simple file server.

5.0
2018-06-07 CVE-2017-16212 LTT Project Path Traversal vulnerability in LTT Project LTT

ltt is a static file server.

5.0
2018-06-07 CVE-2017-16211 Lessindex Project Path Traversal vulnerability in Lessindex Project Lessindex

lessindex is a static file server.

5.0
2018-06-07 CVE-2017-16210 JN JJ Server Project Path Traversal vulnerability in JN JJ Server Project JN JJ Server

jn_jj_server is a static file server.

5.0
2018-06-07 CVE-2017-16209 Enserver Project Path Traversal vulnerability in Enserver Project Enserver

enserver is a simple web server.

5.0
2018-06-07 CVE-2017-16208 Dmmcquay Lab6 Project Path Traversal vulnerability in Dmmcquay.Lab6 Project Dmmcquay.Lab6

dmmcquay.lab6 is a REST server.

5.0
2018-06-07 CVE-2017-16207 Discordi JS Project Unspecified vulnerability in Discordi.Js Project Discordi.Js 0.0.1

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.

5.0
2018-06-07 CVE-2017-16206 Coffescript Project Information Exposure vulnerability in Coffescript Project Coffescript 1.0.1

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

5.0
2018-06-07 CVE-2017-16205 Coffescript Project Information Exposure vulnerability in Coffescript Project Coffescript 1.0.1

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

5.0
2018-06-07 CVE-2017-16204 Jquey Project Information Exposure vulnerability in Jquey Project Jquey 1.0.1

The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

5.0
2018-06-07 CVE-2017-16203 Coffescript Project Information Exposure vulnerability in Coffescript Project Coffescript 1.0.1

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

5.0
2018-06-07 CVE-2017-16202 Cofeescript Project Information Exposure vulnerability in Cofeescript Project Cofeescript 0.0.1

The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

5.0
2018-06-07 CVE-2017-16201 Zjjserver Project Path Traversal vulnerability in Zjjserver Project Zjjserver 1.0.0

zjjserver is a static file server.

5.0
2018-06-07 CVE-2017-16200 UV TJ Demo Project Path Traversal vulnerability in Uv-Tj-Demo Project Uv-Tj-Demo 1.0.0

uv-tj-demo is a static file server.

5.0
2018-06-07 CVE-2017-16199 Susu SUM Project Path Traversal vulnerability in Susu-Sum Project Susu-Sum 1.0.0

susu-sum is a static file server.

5.0
2018-06-07 CVE-2017-16198 Ritp Project Path Traversal vulnerability in Ritp Project Ritp

ritp is a static web server.

5.0
2018-06-07 CVE-2017-16197 Qinserve Project Path Traversal vulnerability in Qinserve Project Qinserve 1.0.0

qinserve is a static file server.

5.0
2018-06-07 CVE-2017-16196 Quickserver Project Path Traversal vulnerability in Quickserver Project Quickserver 1.0.0/1.0.1/1.1.0

quickserver is a simple static file server.

5.0
2018-06-07 CVE-2017-16195 Pytservce Project Path Traversal vulnerability in Pytservce Project Pytservce 1.0.0

pytservce is a static file server.

5.0
2018-06-07 CVE-2017-16194 Picard Project Path Traversal vulnerability in Picard Project Picard 0.3.0/0.3.1

picard is a micro framework.

5.0
2018-06-07 CVE-2017-16193 Mfrs Project Path Traversal vulnerability in Mfrs Project Mfrs 1.0.0

mfrs is a static file server.

5.0
2018-06-07 CVE-2017-16192 Getcityapi Yoehoehne Project Path Traversal vulnerability in Getcityapi.Yoehoehne Project Getcityapi.Yoehoehne 0.0.1

getcityapi.yoehoehne is a web server.

5.0
2018-06-07 CVE-2017-16191 Cypserver Project Path Traversal vulnerability in Cypserver Project Cypserver 1.0.0

cypserver is a static file server.

5.0
2018-06-07 CVE-2017-16190 Dcdcdcdcdc Project Path Traversal vulnerability in Dcdcdcdcdc Project Dcdcdcdcdc 1.0.0

dcdcdcdcdc is a static file server.

5.0
2018-06-07 CVE-2017-16189 Sly07 Project Path Traversal vulnerability in Sly07 Project Sly07 0.1.2

sly07 is an API for censoring text.

5.0
2018-06-07 CVE-2017-16188 Reecerver Project Path Traversal vulnerability in Reecerver Project Reecerver 0.1.1/0.1.2

reecerver is a web server.

5.0
2018-06-07 CVE-2017-16187 Open Device Project Path Traversal vulnerability in Open-Device Project Open-Device

open-device creates a web interface for any device.

5.0
2018-06-07 CVE-2017-16186 360Class Jansenhm Project Path Traversal vulnerability in 360Class.Jansenhm Project 360Class.Jansenhm 0.1.1

360class.jansenhm is a static file server.

5.0
2018-06-07 CVE-2017-16185 Uekw1511Server Project Path Traversal vulnerability in Uekw1511Server Project Uekw1511Server 1.0.0/1.0.1

uekw1511server is a static file server.

5.0
2018-06-07 CVE-2017-16184 Scott Blanch Weather APP Project Path Traversal vulnerability in Scott-Blanch-Weather-App Project Scott-Blanch-Weather-App 1.0.0

scott-blanch-weather-app is a sample Node.js app using Express 4.

5.0
2018-06-07 CVE-2017-16183 Iter Server Project Path Traversal vulnerability in Iter-Server Project Iter-Server 1.0.0

iter-server is a static file server.

5.0
2018-06-07 CVE-2017-16182 Serverxxx Project Path Traversal vulnerability in Serverxxx Project Serverxxx 1.0.0

serverxxx is a static file server.

5.0
2018-06-07 CVE-2017-16181 Wintiwebdev Project Path Traversal vulnerability in Wintiwebdev Project Wintiwebdev 1.0.0

wintiwebdev is a static file server.

5.0
2018-06-07 CVE-2017-16180 Serverabc Project Path Traversal vulnerability in Serverabc Project Serverabc 1.0.0

serverabc is a static file server.

5.0
2018-06-07 CVE-2017-16179 Dasafio Project Path Traversal vulnerability in Dasafio Project Dasafio 1.2.0

dasafio is a web server.

5.0
2018-06-07 CVE-2017-16178 Intsol Package Project Path Traversal vulnerability in Intsol-Package Project Intsol-Package 1.0.0

intsol-package is a file server.

5.0
2018-06-07 CVE-2017-16177 Chatbyvista Project Path Traversal vulnerability in Chatbyvista Project Chatbyvista 0.1.0

chatbyvista is a file server.

5.0
2018-06-07 CVE-2017-16176 Jansenstuffpleasework Project Path Traversal vulnerability in Jansenstuffpleasework Project Jansenstuffpleasework 0.1.1

jansenstuffpleasework is a file server.

5.0
2018-06-07 CVE-2017-16175 Ewgaddis Lab6 Project Path Traversal vulnerability in Ewgaddis.Lab6 Project Ewgaddis.Lab6 0.1.1

ewgaddis.lab6 is a file server.

5.0
2018-06-07 CVE-2017-16174 Whispercast Project Path Traversal vulnerability in Whispercast Project Whispercast 0.1.0

whispercast is a file server.

5.0
2018-06-07 CVE-2017-16173 Utahcityfinder Project Path Traversal vulnerability in Utahcityfinder Project Utahcityfinder 0.0.1

utahcityfinder constructs lists of Utah cities with a certain prefix.

5.0
2018-06-07 CVE-2017-16172 Section2 Madisonjbrooks12 Project Path Traversal vulnerability in Section2.Madisonjbrooks12 Project Section2.Madisonjbrooks12 0.1.1

section2.madisonjbrooks12 is a simple web server.

5.0
2018-06-07 CVE-2017-16171 Hcbserver Project Path Traversal vulnerability in Hcbserver Project Hcbserver 1.0.0

hcbserver is a static file server.

5.0
2018-06-07 CVE-2017-16170 Liuyaserver Project Path Traversal vulnerability in Liuyaserver Project Liuyaserver 1.0.0

liuyaserver is a static file server.

5.0
2018-06-07 CVE-2017-16169 Looppake Project Path Traversal vulnerability in Looppake Project Looppake 3.0.0

looppake is a simple http server.

5.0
2018-06-07 CVE-2017-16168 Wffserve Project Path Traversal vulnerability in Wffserve Project Wffserve 1.0.0

wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

5.0
2018-06-07 CVE-2017-16167 Yyooopack Project Path Traversal vulnerability in Yyooopack Project Yyooopack 3.0.0

yyooopack is a simple file server.

5.0
2018-06-07 CVE-2017-16166 Byucslabsix Project Path Traversal vulnerability in Byucslabsix Project Byucslabsix 0.0.5

byucslabsix is an http server.

5.0
2018-06-07 CVE-2017-16165 Calmquist Static Server Project Path Traversal vulnerability in Calmquist.Static-Server Project Calmquist.Static-Server 0.1.1

calmquist.static-server is a static file server.

5.0
2018-06-07 CVE-2017-16164 Desafio Project Path Traversal vulnerability in Desafio Project Desafio 1.0.0/1.1.0

desafio is a simple web server.

5.0
2018-06-07 CVE-2017-16163 Dylmomo Project Path Traversal vulnerability in Dylmomo Project Dylmomo 1.0.0

dylmomo is a simple file server.

5.0
2018-06-07 CVE-2017-16162 22Lixian Project Path Traversal vulnerability in 22Lixian Project 22Lixian 1.0.0

22lixian is a simple file server.

5.0
2018-06-07 CVE-2017-16161 Shenliru Project Path Traversal vulnerability in Shenliru Project Shenliru 1.0.0/1.2.0

shenliru is a simple file server.

5.0
2018-06-07 CVE-2017-16160 11Xiaoli Project Path Traversal vulnerability in 11Xiaoli Project 11Xiaoli 1.1.0

11xiaoli is a simple file server.

5.0
2018-06-07 CVE-2017-16159 Caolilinode Project Path Traversal vulnerability in Caolilinode Project Caolilinode 1.0.0

caolilinode is a simple file server.

5.0
2018-06-07 CVE-2017-16158 Dcserver Project Path Traversal vulnerability in Dcserver Project Dcserver 1.0.0

dcserver is a static file server.

5.0
2018-06-07 CVE-2017-16157 Censorify Tanisjr Project Path Traversal vulnerability in Censorify.Tanisjr Project Censorify.Tanisjr 0.1.2/0.1.3/0.1.4

censorify.tanisjr is a simple web server and API RESTful service.

5.0
2018-06-07 CVE-2017-16156 Myprolyz Project Path Traversal vulnerability in Myprolyz Project Myprolyz 1.0.0/1.1.0

myprolyz is a static file server.

5.0
2018-06-07 CVE-2017-16155 Fast Http CLI Project Path Traversal vulnerability in Fast-Http-Cli Project Fast-Http-Cli

fast-http-cli is the command line interface for fast-http, a simple web server.

5.0
2018-06-07 CVE-2017-16154 Earlybird Project Path Traversal vulnerability in Earlybird Project Earlybird

earlybird is a web server module for early development.

5.0
2018-06-07 CVE-2017-16152 Static Html Server Project Path Traversal vulnerability in Static-Html-Server Project Static-Html-Server 0.1.0/0.1.1/0.1.2

static-html-server is a static file server.

5.0
2018-06-07 CVE-2017-16150 Wanggoujing123 Project Path Traversal vulnerability in Wanggoujing123 Project Wanggoujing123

wanggoujing123 is a simple webserver.

5.0
2018-06-07 CVE-2017-16149 Zwserver Project Path Traversal vulnerability in Zwserver Project Zwserver 0.1.0/0.1.1

zwserver is a weather web server.

5.0
2018-06-07 CVE-2017-16148 Serve46 Project Path Traversal vulnerability in Serve46 Project Serve46 1.0.0

serve46 is a static file server.

5.0
2018-06-07 CVE-2017-16147 Shit Server Project Path Traversal vulnerability in Shit-Server Project Shit-Server 1.0.0

shit-server is a file server.

5.0
2018-06-07 CVE-2017-16146 Mockserve Project Path Traversal vulnerability in Mockserve Project Mockserve

mockserve is a file server.

5.0
2018-06-07 CVE-2017-16145 Sspa Project Path Traversal vulnerability in Sspa Project Sspa 0.1.0

sspa is a server dedicated to single-page apps.

5.0
2018-06-07 CVE-2017-16144 Myserver Alexcthomas18 Project Path Traversal vulnerability in Myserver.Alexcthomas18 Project Myserver.Alexcthomas18 0.0.1

myserver.alexcthomas18 is a file server.

5.0
2018-06-07 CVE-2017-16143 Commentapp Stetsonwood Project Path Traversal vulnerability in Commentapp.Stetsonwood Project Commentapp.Stetsonwood 0.0.1

commentapp.stetsonwood is an http server.

5.0
2018-06-07 CVE-2017-16142 Infraserver Project Path Traversal vulnerability in Infraserver Project Infraserver 0.0.1

infraserver is a RESTful server.

5.0
2018-06-07 CVE-2017-16141 Lab6Drewfusbyu Project Path Traversal vulnerability in Lab6Drewfusbyu Project Lab6Drewfusbyu 0.1.1

lab6drewfusbyu is an http server.

5.0
2018-06-07 CVE-2017-16140 Lab6 Brit95 Project Path Traversal vulnerability in Lab6.Brit95 Project Lab6.Brit95 0.1.1

lab6.brit95 is a file server.

5.0
2018-06-07 CVE-2017-16139 Jikes Project Path Traversal vulnerability in Jikes Project Jikes 0.0.1

jikes is a file server.

5.0
2018-06-07 CVE-2017-16138 Mime Project Resource Exhaustion vulnerability in Mime Project Mime

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

5.0
2018-06-07 CVE-2017-16136 Expressjs Resource Exhaustion vulnerability in Expressjs Method-Override

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it.

5.0
2018-06-07 CVE-2017-16135 Serverzyy Project Path Traversal vulnerability in Serverzyy Project Serverzyy 1.0.0

serverzyy is a static file server.

5.0
2018-06-07 CVE-2017-16134 Http Static Simple Project Path Traversal vulnerability in Http Static Simple Project Http Static Simple 0.1.1

http_static_simple is an http server.

5.0
2018-06-07 CVE-2017-16133 Goserv Project Path Traversal vulnerability in Goserv Project Goserv 1.0.0

goserv is an http server.

5.0
2018-06-07 CVE-2017-16132 Simple NPM Registry Project Path Traversal vulnerability in Simple-Npm-Registry Project Simple-Npm-Registry 0.0.1/0.0.3/0.0.4

simple-npm-registry is a local npm package cache.

5.0
2018-06-07 CVE-2017-16131 Unicorn List Project Path Traversal vulnerability in Unicorn-List Project Unicorn-List

unicorn-list is a web framework.

5.0
2018-06-07 CVE-2017-16130 Exxxxxxxxxxx Project Path Traversal vulnerability in Exxxxxxxxxxx Project Exxxxxxxxxxx 1.0.0/1.0.2

exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide.

5.0
2018-06-07 CVE-2017-16126 Botbait Project Information Exposure vulnerability in Botbait Project Botbait 1.0.0/1.0.1/2.0.0

The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem.

5.0
2018-06-07 CVE-2017-16125 Rtcmulticonnection Client Project Path Traversal vulnerability in Rtcmulticonnection-Client Project Rtcmulticonnection-Client

rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager.

5.0
2018-06-07 CVE-2017-16124 Node Server Forfront Project Path Traversal vulnerability in Node-Server-Forfront Project Node-Server-Forfront

node-server-forfront is a simple static file server.

5.0
2018-06-07 CVE-2017-16123 Welcomyzt Project Path Traversal vulnerability in Welcomyzt Project Welcomyzt 1.0.0/1.1.0

welcomyzt is a simple file server.

5.0
2018-06-07 CVE-2017-16122 Cuciuci Project Path Traversal vulnerability in Cuciuci Project Cuciuci 1.0.0/1.1.0

cuciuci is a simple fileserver.

5.0
2018-06-07 CVE-2017-16121 Datachannel Client Project Path Traversal vulnerability in Datachannel-Client Project Datachannel-Client 1.0.0/1.0.1/1.0.2

datachannel-client is a signaling implementation for DataChannel.js.

5.0
2018-06-07 CVE-2017-16120 Liyujing Project Path Traversal vulnerability in Liyujing Project Liyujing 1.0.0/1.1.0

liyujing is a static file server.

5.0
2018-06-07 CVE-2017-16119 Fresh Project Resource Exhaustion vulnerability in Fresh Project Fresh

Fresh is a module used by the Express.js framework for HTTP response freshness testing.

5.0
2018-06-07 CVE-2017-16118 Forwarded Project Resource Exhaustion vulnerability in Forwarded Project Forwarded 0.1.0/0.1.1

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header.

5.0
2018-06-07 CVE-2017-16117 Slug Project Resource Exhaustion vulnerability in Slug Project Slug

slug is a module to slugify strings, even if they contain unicode.

5.0
2018-06-07 CVE-2017-16116 String Project Resource Exhaustion vulnerability in String Project String

The string module is a module that provides extra string operations.

5.0
2018-06-07 CVE-2017-16115 Timespan Project Resource Exhaustion vulnerability in Timespan Project Timespan

The timespan module is vulnerable to regular expression denial of service.

5.0
2018-06-07 CVE-2017-16114 Marked Project Resource Exhaustion vulnerability in Marked Project Marked

The marked module is vulnerable to a regular expression denial of service.

5.0
2018-06-07 CVE-2017-16113 Parsejson Project Improper Input Validation vulnerability in Parsejson Project Parsejson 0.0.1/0.0.2/0.0.3

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.

5.0
2018-06-07 CVE-2017-16111 Content Project Resource Exhaustion vulnerability in Content Project Content

The content module is a module to parse HTTP Content-* headers.

5.0
2018-06-07 CVE-2017-16110 Weather Swlyons Project Path Traversal vulnerability in Weather.Swlyons Project Weather.Swlyons

weather.swlyons is a simple web server for weather updates.

5.0
2018-06-07 CVE-2017-16109 Easyquick Project Path Traversal vulnerability in Easyquick Project Easyquick 0.1.1

easyquick is a simple web server.

5.0
2018-06-07 CVE-2017-16108 Gaoxiaotingtingting Project Path Traversal vulnerability in Gaoxiaotingtingting Project Gaoxiaotingtingting

gaoxiaotingtingting is an HTTP server.

5.0
2018-06-07 CVE-2017-16107 Pooledwebsocket Project Path Traversal vulnerability in Pooledwebsocket Project Pooledwebsocket

pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

5.0
2018-06-07 CVE-2017-16106 Tmock Project Path Traversal vulnerability in Tmock Project Tmock

tmock is a static file server.

5.0
2018-06-07 CVE-2017-16105 Serverwzl Project Path Traversal vulnerability in Serverwzl Project Serverwzl

serverwzl is a simple http server.

5.0
2018-06-07 CVE-2017-16104 Citypredict Whauwiller Project Path Traversal vulnerability in Citypredict.Whauwiller Project Citypredict.Whauwiller

citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

5.0
2018-06-07 CVE-2017-16103 Serveryztyzt Project Path Traversal vulnerability in Serveryztyzt Project Serveryztyzt

serveryztyzt is a simple http server.

5.0
2018-06-07 CVE-2017-16102 Serverhuwenhui Project Path Traversal vulnerability in Serverhuwenhui Project Serverhuwenhui

serverhuwenhui is a simple http server.

5.0
2018-06-07 CVE-2017-16101 Serverwg Project Path Traversal vulnerability in Serverwg Project Serverwg

serverwg is a simple http server.

5.0
2018-06-07 CVE-2017-16099 NO Case Project Resource Exhaustion vulnerability in No-Case Project No-Case

The no-case module is vulnerable to regular expression denial of service.

5.0
2018-06-07 CVE-2017-16098 Charset Project Resource Exhaustion vulnerability in Charset Project Charset

charset 1.0.0 and below are vulnerable to regular expression denial of service.

5.0
2018-06-07 CVE-2017-16097 Tiny Http Project Path Traversal vulnerability in Tiny-Http Project Tiny-Http

tiny-http is a simple http server.

5.0
2018-06-07 CVE-2017-16096 Serveryaozeyan Project Path Traversal vulnerability in Serveryaozeyan Project Serveryaozeyan

serveryaozeyan is a simple HTTP server.

5.0
2018-06-07 CVE-2017-16095 Serverliujiayi1 Project Path Traversal vulnerability in Serverliujiayi1 Project Serverliujiayi1

serverliujiayi1 is a simple http server.

5.0
2018-06-07 CVE-2017-16094 Iter Http Project Path Traversal vulnerability in Iter-Http Project Iter-Http

iter-http is a server for static files.

5.0
2018-06-07 CVE-2017-16093 Cyber JS Project Path Traversal vulnerability in Cyber-Js Project Cyber-Js

cyber-js is a simple http server.

5.0
2018-06-07 CVE-2017-16092 Sencisho Project Path Traversal vulnerability in Sencisho Project Sencisho

Sencisho is a simple http server for local development.

5.0
2018-06-07 CVE-2017-16091 Xtalk Project Path Traversal vulnerability in Xtalk Project Xtalk

xtalk helps your browser talk to nodex, a simple web framework.

5.0
2018-06-07 CVE-2017-16090 FSK Server Project Path Traversal vulnerability in Fsk-Server Project Fsk-Server

fsk-server is a simple http server.

5.0
2018-06-07 CVE-2017-16089 Serverlyr Project Path Traversal vulnerability in Serverlyr Project Serverlyr

serverlyr is a simple http server.

5.0
2018-06-07 CVE-2017-16086 UA Parser Project Resource Exhaustion vulnerability in Ua-Parser Project Ua-Parser

ua-parser is a port of Browserscope's user agent parser.

5.0
2018-06-07 CVE-2017-16085 Tinyserver2 Project Path Traversal vulnerability in Tinyserver2 Project Tinyserver2 0.5.0/0.5.1/0.5.2

tinyserver2 is a webserver for static files.

5.0
2018-06-07 CVE-2017-16084 List N Stream Project Path Traversal vulnerability in List-N-Stream Project List-N-Stream

list-n-stream is a server for static files to list and stream local videos.

5.0
2018-06-07 CVE-2017-16083 Node Simple Router Path Traversal vulnerability in Node-Simple-Router

node-simple-router is a minimalistic router for Node.

5.0
2018-06-07 CVE-2017-16081 Cross ENV JS Project Information Exposure vulnerability in Cross-Env.Js Project Cross-Env.Js

cross-env.js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16080 Nodesass Project Information Exposure vulnerability in Nodesass Project Nodesass

nodesass was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16079 SMB Project Information Exposure vulnerability in SMB Project SMB

smb was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16078 Shadowsock Project Information Exposure vulnerability in Shadowsock Project Shadowsock

shadowsock was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16077 Mongose Project Information Exposure vulnerability in Mongose Project Mongose

mongose was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16076 Proxy JS Project Information Exposure vulnerability in Proxy.Js Project Proxy.Js

proxy.js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16075 Http Proxy JS Project Information Exposure vulnerability in Http-Proxy.Js Project Http-Proxy.Js

http-proxy.js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16074 Crossenv Project Information Exposure vulnerability in Crossenv Project Crossenv

crossenv was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16073 Noderequest Project Information Exposure vulnerability in Noderequest Project Noderequest

noderequest was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16072 Nodemailer JS Project Information Exposure vulnerability in Nodemailer.Js Project Nodemailer.Js

nodemailer.js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16071 Nodemailer JS Project Information Exposure vulnerability in Nodemailer-Js Project Nodemailer-Js

nodemailer-js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16070 Nodecaffe Project Information Exposure vulnerability in Nodecaffe Project Nodecaffe

nodecaffe was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16069 Nodeffmpeg Project Information Exposure vulnerability in Nodeffmpeg Project Nodeffmpeg

nodeffmpeg was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16068 Ffmepg Project Information Exposure vulnerability in Ffmepg Project Ffmepg

ffmepg was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16067 Node Opencv Project Information Exposure vulnerability in Node-Opencv Project Node-Opencv

node-opencv was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16066 Opencv JS Project Information Exposure vulnerability in Opencv.Js Project Opencv.Js

opencv.js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16065 Openssl JS Project Information Exposure vulnerability in Openssl.Js Project Openssl.Js

openssl.js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16064 Node Openssl Project Information Exposure vulnerability in Node-Openssl Project Node-Openssl

node-openssl was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16063 Node Opensl Project Information Exposure vulnerability in Node-Opensl Project Node-Opensl

node-opensl was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16060 Babelcli Project Information Exposure vulnerability in Babelcli Project Babelcli

babelcli was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16059 Mssql Node Project Information Exposure vulnerability in Mssql-Node Project Mssql-Node

mssql-node was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16058 Gruntcli Project Information Exposure vulnerability in Gruntcli Project Gruntcli

gruntcli was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16057 Nodemssql Project Information Exposure vulnerability in Nodemssql Project Nodemssql

nodemssql was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-07 CVE-2017-16056 Mssql JS Project Information Exposure vulnerability in Mssql.Js Project Mssql.Js

mssql.js was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-06 CVE-2018-7510 Beaconmedaes Insufficiently Protected Credentials vulnerability in Beaconmedaes Scroll Medical AIR Systems Firmware

In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.

5.0
2018-06-06 CVE-2017-7933 ABB Insufficiently Protected Credentials vulnerability in ABB IP Gateway Firmware

In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.

5.0
2018-06-06 CVE-2018-1000203 Soarlabs Unspecified vulnerability in Soarlabs Soarcoin

Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed.

5.0
2018-06-06 CVE-2017-1474 IBM Information Exposure vulnerability in IBM products

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users.

5.0
2018-06-06 CVE-2018-11813 IJG Excessive Iteration vulnerability in IJG Libjpeg 9C

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

5.0
2018-06-05 CVE-2017-7639 Qnap Improper Authentication vulnerability in Qnap NAS Proxy Server

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly.

5.0
2018-06-05 CVE-2017-7654 Eclipse
Debian
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker.

5.0
2018-06-05 CVE-2018-1000181 IBM Information Exposure vulnerability in IBM Kitura

Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure.

5.0
2018-06-05 CVE-2018-11678 Monstra Improper Input Validation vulnerability in Monstra CMS 3.0.4

plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.

5.0
2018-06-04 CVE-2017-12092 Rockwellautomation Information Exposure vulnerability in Rockwellautomation Micrologix 1400 B Firmware

An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before.

5.0
2018-06-04 CVE-2017-16055 Sqlserver Project Information Exposure vulnerability in Sqlserver Project Sqlserver

`sqlserver` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16054 Nodefabric Project Information Exposure vulnerability in Nodefabric Project Nodefabric

`nodefabric` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16053 Fabric JS Project Information Exposure vulnerability in Fabric-Js Project Fabric-Js

`fabric-js` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16052 Node Fabric Project Information Exposure vulnerability in Node-Fabric Project Node-Fabric

`node-fabric` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16051 Sqliter Project Information Exposure vulnerability in Sqliter Project Sqliter

`sqliter` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16050 Sqlite JS Project Information Exposure vulnerability in Sqlite.Js Project Sqlite.Js

`sqlite.js` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16049 Nodesqlite Project Information Exposure vulnerability in Nodesqlite Project Nodesqlite

`nodesqlite` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16048 Node Sqlite Project Information Exposure vulnerability in Node-Sqlite Project Node-Sqlite

`node-sqlite` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16046 Mariadb Unspecified vulnerability in Mariadb 2.13.0

`mariadb` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16045 Jquery JS Project Information Exposure vulnerability in Jquery.Js Project Jquery.Js

`jquery.js` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16044 D3 JS Project Information Exposure vulnerability in D3.Js Project D3.Js

`d3.js` was a malicious module published with the intent to hijack environment variables.

5.0
2018-06-04 CVE-2017-16039 Hftp Project Path Traversal vulnerability in Hftp Project Hftp

`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

5.0
2018-06-04 CVE-2017-16038 F2E Server Project Path Traversal vulnerability in F2E-Server Project F2E-Server

`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

5.0
2018-06-04 CVE-2017-16037 Gomeplus H5 Proxy Project Path Traversal vulnerability in Gomeplus-H5-Proxy Project Gomeplus-H5-Proxy

`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.

5.0
2018-06-04 CVE-2017-16036 Badjs Sourcemap Server Project Path Traversal vulnerability in Badjs-Sourcemap-Server Project Badjs-Sourcemap-Server

`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`.

5.0
2018-06-04 CVE-2017-16031 Socket Use of Insufficiently Random Values vulnerability in Socket Socket.Io

Socket.io is a realtime application framework that provides communication via websockets.

5.0
2018-06-04 CVE-2017-16030 Useragent Project Unspecified vulnerability in Useragent Project Useragent

Useragent is used to parse useragent headers.

5.0
2018-06-04 CVE-2017-16029 Hostr Project Path Traversal vulnerability in Hostr Project Hostr

hostr is a simple web server that serves up the contents of the current directory.

5.0
2018-06-04 CVE-2017-16028 Randomatic Project Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Randomatic Project Randomatic

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native.

5.0
2018-06-04 CVE-2017-16023 Decamelize Project Improper Input Validation vulnerability in Decamelize Project Decamelize 1.1.0/1.1.1

Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase.

5.0
2018-06-04 CVE-2017-16014 Http Proxy Project 7PK - Errors vulnerability in Http-Proxy Project Http-Proxy

Http-proxy is a proxying library.

5.0
2018-06-04 CVE-2017-16013 Hapijs Improper Input Validation vulnerability in Hapijs Hapi

hapi is a web and services application framework.

5.0
2018-06-04 CVE-2017-16005 Joyent Improper Verification of Cryptographic Signature vulnerability in Joyent Http-Signature

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme".

5.0
2018-06-04 CVE-2018-1600 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Bigfix Platform

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors.

5.0
2018-06-04 CVE-2018-11712 Webkitgtk Improper Certificate Validation vulnerability in Webkitgtk Webkitgtk+ 2.20.0/2.20.1

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

5.0
2018-06-04 CVE-2018-10613 GE XXE vulnerability in GE MDS Pulsenet

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.

5.0
2018-06-04 CVE-2016-1000342 Bouncycastle
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification.

5.0
2018-06-04 CVE-2016-1000340 Bouncycastle Data Processing Errors vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???).

5.0
2018-06-04 CVE-2016-1000339 Bouncycastle
Debian
Cryptographic Issues vulnerability in multiple products

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine.

5.0
2018-06-06 CVE-2018-1268 Cloudfoundry Improper Input Validation vulnerability in Cloudfoundry Loggregator

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests.

4.9
2018-06-05 CVE-2018-1000200 Linux NULL Pointer Dereference vulnerability in Linux Kernel 4.14/4.15/4.16

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes.

4.9
2018-06-07 CVE-2018-0338 Cisco Incorrect Authorization vulnerability in Cisco Unified Computing System

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system.

4.6
2018-06-07 CVE-2018-10619 Rockwellautomation Unquoted Search Path or Element vulnerability in Rockwellautomation Factorytalk Linx Gateway and Rslinx Classic

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

4.6
2018-06-08 CVE-2018-4250 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4247 Apple Improper Input Validation vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4240 Apple Improper Input Validation vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4232 Apple
Microsoft
Canonical
Unspecified vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4205 Apple Improper Input Validation vulnerability in Apple Safari

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4202 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4198 Apple Improper Input Validation vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4190 Apple
Microsoft
Canonical
Insufficiently Protected Credentials vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4188 Apple
Microsoft
Improper Input Validation vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4187 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4159 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-4141 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2018-06-08 CVE-2018-9182 Lynxtechnology Cross-site Scripting vulnerability in Lynxtechnology Twonky Server

Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.

4.3
2018-06-08 CVE-2018-9177 Lynxtechnology Cross-site Scripting vulnerability in Lynxtechnology Twonky Server

Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.

4.3
2018-06-08 CVE-2018-12047 Ximdex Cross-site Scripting vulnerability in Ximdex 4.0

xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.

4.3
2018-06-07 CVE-2018-0357 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings 1.3.5

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

4.3
2018-06-07 CVE-2018-0356 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings T32

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

4.3
2018-06-07 CVE-2018-0355 Cisco Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Unified Communications Manager

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system.

4.3
2018-06-07 CVE-2018-0354 Cisco Cross-site Scripting vulnerability in Cisco Unity Connection 12.5

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

4.3
2018-06-07 CVE-2018-0339 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.126)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.

4.3
2018-06-07 CVE-2018-12043 Getsymphony Cross-site Scripting vulnerability in Getsymphony Symphony 2.7.6

content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.

4.3
2018-06-06 CVE-2017-1476 IBM Information Exposure vulnerability in IBM products

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2018-06-06 CVE-2018-11553 Sgin Cross-site Scripting vulnerability in Sgin Xiangyun Platform 9.4.10

SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php.

4.3
2018-06-05 CVE-2018-1000195 Jenkins
Oracle
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.

4.3
2018-06-05 CVE-2017-7636 Qnap Cross-site Scripting vulnerability in Qnap NAS Proxy Server

Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.

4.3
2018-06-05 CVE-2018-1454 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2018-06-05 CVE-2018-1432 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page.

4.3
2018-06-05 CVE-2016-9490 Manageengine Cross-site Scripting vulnerability in Manageengine Applications Manager 12.0/13.0

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability.

4.3
2018-06-05 CVE-2018-11735 Ximdex Cross-site Scripting vulnerability in Ximdex 4.0

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.

4.3
2018-06-04 CVE-2016-1000346 Bouncycastle
Debian
Key Management Errors vulnerability in multiple products

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated.

4.3
2018-06-04 CVE-2016-1000345 Bouncycastle
Debian
7PK - Time and State vulnerability in multiple products

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack.

4.3
2018-06-04 CVE-2017-16043 Shout Project Injection vulnerability in Shout Project Shout

Shout is an IRC client.

4.3
2018-06-04 CVE-2017-16041 Ikst Project Cleartext Transmission of Sensitive Information vulnerability in Ikst Project Ikst

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

4.3
2018-06-04 CVE-2017-16025 Hapijs Improper Authentication vulnerability in Hapijs NES

Nes is a websocket extension library for hapi.

4.3
2018-06-04 CVE-2017-16022 Morris JS Project Cross-site Scripting vulnerability in Morris.Js Project Morris.Js 0.5.0

Morris.js creates an svg graph, with labels that appear when hovering over a point.

4.3
2018-06-04 CVE-2017-16019 Gitbook Cross-site Scripting vulnerability in Gitbook

GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc).

4.3
2018-06-04 CVE-2017-16018 Restify Cross-site Scripting vulnerability in Restify

Restify is a framework for building REST APIs.

4.3
2018-06-04 CVE-2017-16017 Punkave Cross-site Scripting vulnerability in Punkave Sanitize-Html

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.

4.3
2018-06-04 CVE-2017-16016 Punkave Cross-site Scripting vulnerability in Punkave Sanitize-Html

Sanitize-html is a library for scrubbing html input of malicious values.

4.3
2018-06-04 CVE-2017-16015 Forms Project Cross-site Scripting vulnerability in Forms Project Forms

Forms is a library for easily creating HTML forms.

4.3
2018-06-04 CVE-2017-16008 I18Next Cross-site Scripting vulnerability in I18Next

i18next is a language translation framework.

4.3
2018-06-04 CVE-2017-16007 Cisco Unspecified vulnerability in Cisco Node-Jose

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers.

4.3
2018-06-04 CVE-2017-16006 Remarkable Project Cross-site Scripting vulnerability in Remarkable Project Remarkable

Remarkable is a markdown parser.

4.3
2018-06-04 CVE-2017-0931 Html Janitor Project Cross-site Scripting vulnerability in Html-Janitor Project Html-Janitor 2.0.2

html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.

4.3
2018-06-04 CVE-2017-0928 Theguardian External Control of Critical State Data vulnerability in Theguardian Html-Janitor 2.0.2

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

4.3
2018-06-04 CVE-2018-11713 Webkitgtk
Gnome
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections.
4.3
2018-06-04 CVE-2018-11709 Gvectors Cross-site Scripting vulnerability in Gvectors Wpforo Forum

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

4.3
2018-06-04 CVE-2016-1000341 Bouncycastle
Debian
7PK - Time and State vulnerability in multiple products

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack.

4.3
2018-06-08 CVE-2018-1281 Apache Information Exposure vulnerability in Apache Mxnet

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables.

4.0
2018-06-08 CVE-2018-8916 Synology Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

4.0
2018-06-08 CVE-2017-1405 IBM Insufficient Verification of Data Authenticity vulnerability in IBM Security Identity Manager 7.0/7.0.1

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code.

4.0
2018-06-07 CVE-2018-3712 Zeit Path Traversal vulnerability in Zeit Serve

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.

4.0
2018-06-06 CVE-2018-1269 Cloudfoundry Improper Handling of Exceptional Conditions vulnerability in Cloudfoundry Loggregator

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests.

4.0
2018-06-06 CVE-2018-10198 Otrs Information Exposure vulnerability in Otrs

An issue was discovered in OTRS 6.0.x before 6.0.7.

4.0
2018-06-06 CVE-2017-1480 IBM Information Exposure Through Log Files vulnerability in IBM products

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user.

4.0
2018-06-05 CVE-2018-10057 Bfgminer
Cgminer Project
Path Traversal vulnerability in multiple products

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

4.0
2018-06-05 CVE-2018-1000198 Jenkins XXE vulnerability in Jenkins Black Duck HUB

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.

4.0
2018-06-05 CVE-2018-1000196 Jenkins Information Exposure vulnerability in Jenkins Gitlab Hook

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g.

4.0
2018-06-05 CVE-2018-1000193 Jenkins
Oracle
Injection vulnerability in multiple products

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.

4.0
2018-06-05 CVE-2018-1000192 Jenkins
Oracle
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
4.0
2018-06-05 CVE-2018-1000191 Jenkins Information Exposure vulnerability in Jenkins Synopsys Detect

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.0
2018-06-05 CVE-2018-1000190 Jenkins Information Exposure vulnerability in Jenkins Black Duck HUB

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.0
2018-06-05 CVE-2018-1000187 Jenkins Information Exposure vulnerability in Jenkins Kubernetes

A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.

4.0
2018-06-05 CVE-2018-1000186 Jenkins Information Exposure vulnerability in Jenkins Github Pull Request Builder

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.0
2018-06-05 CVE-2018-1000185 Jenkins Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github Branch Source

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

4.0
2018-06-05 CVE-2018-1000183 Jenkins Information Exposure vulnerability in Jenkins Github

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.0
2018-06-04 CVE-2017-16024 Sync Exec Project
Nodejs
Information Exposure vulnerability in multiple products

The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9.

4.0
2018-06-04 CVE-2017-0930 Augustine Project Path Traversal vulnerability in Augustine Project Augustine 0.2.3

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.

4.0

25 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-06-04 CVE-2017-18285 Burp Project
Gentoo
Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.

3.6
2018-06-04 CVE-2017-18284 Burp Project
Gentoo
Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.

3.6
2018-06-07 CVE-2018-0340 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager

A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

3.5
2018-06-07 CVE-2018-0149 Cisco Cross-site Scripting vulnerability in Cisco Integrated Management Controller Supervisor 2.1(0.2)/2.2(0.2)

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2018-06-05 CVE-2018-1000202 Jenkins Cross-site Scripting vulnerability in Jenkins Groovy Postbuild

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

3.5
2018-06-05 CVE-2017-7653 Eclipse
Debian
Improper Input Validation vulnerability in multiple products

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8.

3.5
2018-06-05 CVE-2018-8924 Synology Cross-site Scripting vulnerability in Synology Office

Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.

3.5
2018-06-05 CVE-2018-8923 Synology Cross-site Scripting vulnerability in Synology File Station

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.

3.5
2018-06-05 CVE-2017-18286 Nzedb Cross-site Scripting vulnerability in Nzedb 0.7.3.3

nZEDb v0.7.3.3 has XSS in the 404 error page.

3.5
2018-06-04 CVE-2018-11715 Recent Threads Project Cross-site Scripting vulnerability in Recent Threads Project Recent Threads

The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.

3.5
2018-06-07 CVE-2018-0263 Cisco Insecure Default Initialization of Resource vulnerability in Cisco Meeting Server

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system.

3.3
2018-06-05 CVE-2018-10599 Philips Information Exposure vulnerability in Philips products

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.

2.9
2018-06-08 CVE-2018-4252 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4244 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4239 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4238 Apple Incorrect Permission Assignment for Critical Resource vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4235 Apple Injection vulnerability in Apple products

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4226 Apple
Microsoft
Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4225 Apple
Microsoft
Improper Input Validation vulnerability in Apple products

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4224 Apple
Microsoft
Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-4223 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

2.1
2018-06-08 CVE-2018-12066 Bird Project Resource Exhaustion vulnerability in Bird Project Bird

BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.

2.1
2018-06-07 CVE-2018-0335 Cisco Information Exposure Through Log Files vulnerability in Cisco Prime Collaboration 12.2

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data.

2.1
2018-06-08 CVE-2018-10506 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Officescan 11.0/Xg

A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver.

1.9
2018-06-05 CVE-2018-3691 Intel Unspecified vulnerability in Intel Integrated Performance Primitives Cryptography

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.

1.9