Weekly Vulnerabilities Reports > July 30 to August 5, 2018

Overview

342 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 328 products from 112 vendors including Microsoft, Foxitsoftware, Redhat, Debian, and Jenkins. Vulnerabilities are notably categorized as "Cross-site Scripting", "Incorrect Type Conversion or Cast", "Use After Free", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 314 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 90 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 252 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 85 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-05 CVE-2018-14943 Harmonicinc USE of Hard-Coded Credentials vulnerability in Harmonicinc NSG 9000 Firmware

Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.

10.0
2018-08-04 CVE-2018-14933 Nuuo OS Command Injection vulnerability in Nuuo Nvrmini Firmware 2016

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

10.0
2018-08-04 CVE-2018-14417 Softnas OS Command Injection vulnerability in Softnas Cloud

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3.

10.0
2018-07-31 CVE-2018-10592 Yokogawa USE of Hard-Coded Credentials vulnerability in Yokogawa products

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.

10.0
2018-08-03 CVE-2018-14923 Uniview Improper Input Validation vulnerability in Uniview Ezplayer 1.0.6

A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.

9.3
2018-08-01 CVE-2018-10897 RPM Software Management Project
Redhat
Path Traversal vulnerability in multiple products

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files.

9.3
2018-07-31 CVE-2018-7993 Huawei USE After Free vulnerability in Huawei Mate 10 Firmware

HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component.

9.3
2018-08-04 CVE-2018-12483 Ocsinventory NG OS Command Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1

OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability.

9.0
2018-08-03 CVE-2018-1524 IBM Insecure Default Initialization of Resource vulnerability in IBM products

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system.

9.0
2018-07-31 CVE-2016-8628 Redhat Command Injection vulnerability in Redhat Ansible

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller.

9.0
2018-07-31 CVE-2018-12942 Seeddms SQL Injection vulnerability in Seeddms

SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server.

9.0
2018-07-31 CVE-2018-12941 Seeddms Improper Input Validation vulnerability in Seeddms

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality.

9.0
2018-07-30 CVE-2018-9066 Lenovo Improper Input Validation vulnerability in Lenovo Xclarity Administrator

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.

9.0

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-02 CVE-2017-16347 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16346 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16345 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16344 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16343 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16342 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16341 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16340 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16339 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-16338 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-14446 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-14445 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012.

8.0
2018-08-02 CVE-2017-14444 Insteon Buffer Errors vulnerability in Insteon HUB Firmware 1012

An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012.

8.0
2018-08-03 CVE-2018-14928 Matera Information Exposure vulnerability in Matera Banco 1.0.0

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter.

7.8
2018-08-03 CVE-2017-8316 Jetbrains XXE vulnerability in Jetbrains Intellij Idea

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.

7.8
2018-08-02 CVE-2018-3834 Insteon Origin Validation Error vulnerability in Insteon HUB Firmware 1013

An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013.

7.8
2018-08-01 CVE-2018-10916 Lftp Project
Canonical
Opensuse
Improper Input Validation vulnerability in multiple products

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used.

7.8
2018-07-31 CVE-2017-5693 Intel Resource Exhaustion vulnerability in Intel Puma Firmware 5.0/6.0Soc/7.0Soc

Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.

7.8
2018-07-31 CVE-2018-7994 Huawei Missing Release of Resource After Effective Lifetime vulnerability in Huawei products

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability.

7.8
2018-08-01 CVE-2018-3662 Intel Unspecified vulnerability in Intel Saffron Memorybase

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.

7.7
2018-08-05 CVE-2018-14939 Libreoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libreoffice

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

7.5
2018-08-03 CVE-2018-14925 Matera Information Exposure Through AN Error Message vulnerability in Matera Banco 1.0.0

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.

7.5
2018-08-03 CVE-2018-9866 Sonicwall Improper Input Validation vulnerability in Sonicwall Global Management System

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code.

7.5
2018-08-03 CVE-2018-3777 Restforce Encoding Error vulnerability in Restforce

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.

7.5
2018-08-03 CVE-2018-14728 Tecrail Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.1

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.

7.5
2018-08-03 CVE-2018-13416 Spirton XXE vulnerability in Spirton Universal Media Server 7.1.0

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack.

7.5
2018-08-02 CVE-2017-9120 PHP
Netapp
Integer Overflow OR Wraparound vulnerability in multiple products

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

7.5
2018-08-01 CVE-2015-9262 Debian
Canonical
X
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

7.5
2018-08-01 CVE-2018-3881 Focalscope XXE vulnerability in Focalscope 2416

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416.

7.5
2018-08-01 CVE-2016-8640 Pycsw SQL Injection vulnerability in Pycsw

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to.

7.5
2018-08-01 CVE-2016-8620 Haxx Out-Of-Bounds Read vulnerability in Haxx Curl

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.

7.5
2018-08-01 CVE-2016-8619 Haxx Double Free vulnerability in Haxx Curl

The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

7.5
2018-07-31 CVE-2016-8622 Haxx Out-Of-Bounds Write vulnerability in Haxx Libcurl

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`.

7.5
2018-07-31 CVE-2016-8618 Haxx Double Free vulnerability in Haxx Curl

The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

7.5
2018-07-31 CVE-2018-10603 Martem Improper Authentication vulnerability in Martem Telem GW6 Firmware and Telem GWM Firmware

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.

7.5
2018-07-31 CVE-2018-8027 Apache XXE vulnerability in Apache Camel

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

7.5
2018-07-31 CVE-2018-14767 Debian
Kamailio
Improper Input Validation vulnerability in multiple products

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash.

7.5
2018-07-30 CVE-2018-3772 Whereis Project Improper Input Validation vulnerability in Whereis Project Whereis

Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands.

7.5
2018-07-30 CVE-2018-14744 PBC Project USE After Free vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

7.5
2018-08-03 CVE-2018-12989 Pearsonvue Improper Preservation of Permissions vulnerability in Pearsonvue Console 8 and Iqsystem 7

The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.

7.2
2018-08-01 CVE-2018-3672 Intel Unspecified vulnerability in Intel Smart Sound Technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.

7.2
2018-08-01 CVE-2018-3670 Intel Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Intel Smart Sound Technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.

7.2
2018-08-01 CVE-2018-3666 Intel Unspecified vulnerability in Intel Smart Sound Technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.

7.2
2018-08-01 CVE-2016-8641 Nagios Link Following vulnerability in Nagios

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards.

7.2
2018-07-31 CVE-2016-8657 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 5.0.0/6.0.0/6.4.0

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files.

7.2
2018-07-31 CVE-2018-14533 Intenogroup Unspecified vulnerability in Intenogroup Iopsys Firmware

read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.

7.2
2018-07-30 CVE-2017-7482 Linux
Redhat
Debian
Integer Overflow OR Wraparound vulnerability in Linux Kernel

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field.

7.2
2018-08-01 CVE-2018-0397 Cisco
Apple
Unspecified vulnerability in Cisco Advanced Malware Protection FOR Endpoints

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition.

7.1
2018-07-31 CVE-2018-7934 Huawei Improper Input Validation vulnerability in Huawei Mate 10 PRO Firmware

Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures.

7.1

243 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-03 CVE-2017-15358 Charlesproxy Race Condition vulnerability in Charlesproxy Charles

Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.

6.9
2018-08-05 CVE-2018-14959 Weaselcms Project Cross-Site Request Forgery (CSRF) vulnerability in Weaselcms Project Weaselcms 0.3.5

An issue was discovered in WeaselCMS v0.3.5.

6.8
2018-08-05 CVE-2018-14958 Weaselcms Project Cross-Site Request Forgery (CSRF) vulnerability in Weaselcms Project Weaselcms 0.3.5

An issue was discovered in WeaselCMS v0.3.5.

6.8
2018-08-05 CVE-2018-14948 Sound Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sound Project Sound

An issue has been found in dilawar sound through 2017-11-27.

6.8
2018-08-05 CVE-2018-14947 Flowpaper Buffer Errors vulnerability in Flowpaper Pdf2Json 0.69

An issue has been found in PDF2JSON 0.69.

6.8
2018-08-05 CVE-2018-14946 Flowpaper Buffer Errors vulnerability in Flowpaper Pdf2Json 0.69

An issue has been found in PDF2JSON 0.69.

6.8
2018-08-05 CVE-2018-14945 Jpeg Encoder Project Out-Of-Bounds Write vulnerability in Jpeg Encoder Project Jpeg Encoder

An issue has been found in jpeg_encoder through 2015-11-27.

6.8
2018-08-05 CVE-2018-14944 Jpeg Encoder Project Out-Of-Bounds Write vulnerability in Jpeg Encoder Project Jpeg Encoder

An issue has been found in jpeg_encoder through 2015-11-27.

6.8
2018-08-03 CVE-2018-14926 Matera Cross-Site Request Forgery (CSRF) vulnerability in Matera Banco 1.0.0

Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.

6.8
2018-08-03 CVE-2018-14910 Seacms Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61

SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php).

6.8
2018-08-03 CVE-2018-14908 Samsung Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61

Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.

6.8
2018-08-01 CVE-2018-3939 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096.

6.8
2018-08-01 CVE-2018-3924 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096.

6.8
2018-08-01 CVE-2018-0413 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

6.8
2018-08-01 CVE-2018-0391 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable.

6.8
2018-08-01 CVE-2018-3847 Nasa Out-Of-Bounds Write vulnerability in Nasa Cfitsio 3.42

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42.

6.8
2018-08-01 CVE-2016-9583 Redhat
Jasper Project
Oracle
Out-Of-Bounds Read vulnerability in multiple products

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

6.8
2018-08-01 CVE-2016-9580 Uclouvain Integer Overflow OR Wraparound vulnerability in Uclouvain Openjpeg 2.1.2

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

6.8
2018-08-01 CVE-2016-8654 Jasper Project
Debian
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size.

6.8
2018-08-01 CVE-2018-3923 Pl32 Out-Of-Bounds Write vulnerability in Pl32 Photoline 20.54

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54.

6.8
2018-08-01 CVE-2018-3922 Pl32 Out-Of-Bounds Write vulnerability in Pl32 Photoline 20.54

A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54.

6.8
2018-08-01 CVE-2018-3921 Pl32 Out-Of-Bounds Write vulnerability in Pl32 Photoline 20.54

A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54.

6.8
2018-08-01 CVE-2016-9581 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.2

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

6.8
2018-08-01 CVE-2018-1999027 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saltstack

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

6.8
2018-07-31 CVE-2018-14315 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14314 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14313 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14312 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14311 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader.

6.8
2018-07-31 CVE-2018-14310 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096.

6.8
2018-07-31 CVE-2018-14309 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096.

6.8
2018-07-31 CVE-2018-14308 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14307 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14306 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14305 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14304 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14303 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14302 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14301 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14300 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14299 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14298 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14297 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14296 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14295 Foxitsoftware
Microsoft
Integer Overflow OR Wraparound vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096.

6.8
2018-07-31 CVE-2018-14294 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14293 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096.

6.8
2018-07-31 CVE-2018-14292 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14291 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14290 Foxitsoftware
Microsoft
Buffer Errors vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-07-31 CVE-2018-14288 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14287 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14286 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14285 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14284 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14283 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14282 Foxitsoftware
Microsoft
Access of Uninitialized Pointer vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14281 Foxitsoftware
Microsoft
Improper Input Validation vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14280 Foxitsoftware
Microsoft
Improper Input Validation vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14279 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14278 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14277 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14276 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14275 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14274 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14273 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14272 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14271 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14270 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14269 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14268 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14267 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14266 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14265 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14264 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14263 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14262 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14261 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14260 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14259 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14258 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14257 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14256 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14255 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14254 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14253 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14252 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14251 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14250 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14249 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14248 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14247 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14246 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14245 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14244 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14243 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14242 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-14241 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-11623 Foxitsoftware
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-11622 Foxitsoftware
Microsoft
Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049.

6.8
2018-07-31 CVE-2018-11619 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-07-31 CVE-2018-11618 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-07-31 CVE-2018-11617 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935.

6.8
2018-07-31 CVE-2016-8626 Redhat Improper Input Validation vulnerability in Redhat products

A flaw was found in Red Hat Ceph before 0.94.9-8.

6.8
2018-07-31 CVE-2018-14581 RED Gate Improper Input Validation vulnerability in Red-Gate .Net Reflector and Smartassembly

Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.

6.8
2018-07-31 CVE-2018-1638 IBM Improper Authentication vulnerability in IBM API Connect

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios.

6.8
2018-08-04 CVE-2018-14593 Otrs
Debian
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30.
6.5
2018-08-04 CVE-2018-12482 Ocsinventory NG SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1

OCS Inventory 2.4.1 contains multiple SQL injections in the search engine.

6.5
2018-08-03 CVE-2018-5490 Netapp Incorrect Permission Assignment FOR Critical Resource vulnerability in Netapp Clustered Data Ontap

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients.

6.5
2018-08-03 CVE-2018-14911 Ukcms Unrestricted Upload of File With Dangerous Type vulnerability in Ukcms

A file upload vulnerability exists in ukcms v1.1.7 and earlier.

6.5
2018-08-03 CVE-2018-7748 Servicenow Code Injection vulnerability in Servicenow Jakarta

report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.

6.5
2018-08-01 CVE-2018-12468 Microfocus Unrestricted Upload of File With Dangerous Type vulnerability in Microfocus Groupwise

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server.

6.5
2018-08-01 CVE-2018-1595 IBM Unspecified vulnerability in IBM Platform Symphony and Spectrum Symphony

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input.

6.5
2018-08-01 CVE-2016-8648 Redhat Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations.

6.5
2018-07-31 CVE-2018-12940 Seeddms Unrestricted Upload of File With Dangerous Type vulnerability in Seeddms

Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter.

6.5
2018-07-31 CVE-2017-17707 Pleasantsolutions Missing Authorization vulnerability in Pleasantsolutions Pleasant Password Server

Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3.

6.5
2018-07-30 CVE-2018-10847 Prosody Improper Authentication vulnerability in Prosody

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass.

6.5
2018-08-05 CVE-2018-14938 Digitalcorpora
Canonical
Out-Of-Bounds Read vulnerability in multiple products

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha.

6.4
2018-08-04 CVE-2018-14473 Ocsinventory NG XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities.

6.4
2018-08-02 CVE-2018-14847 Mikrotik Path Traversal vulnerability in Mikrotik Routeros

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

6.4
2018-08-03 CVE-2018-14574 Djangoproject
Debian
Canonical
Open Redirect vulnerability in multiple products

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

5.8
2018-08-01 CVE-2016-8609 Redhat Improper Authentication vulnerability in Redhat Keycloak

It was found that the keycloak before 2.3.0 did not implement authentication flow correctly.

5.8
2018-08-01 CVE-2018-1999035 Jenkins Improper Certificate Validation vulnerability in Jenkins Inedo Buildmaster 1.0/1.2/1.3

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.

5.8
2018-08-01 CVE-2018-1999034 Jenkins Improper Certificate Validation vulnerability in Jenkins Inedo Proget

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.

5.8
2018-08-01 CVE-2018-1999025 Jenkins Improper Certificate Validation vulnerability in Jenkins Tracetronic Ecu-Test

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.

5.8
2018-08-01 CVE-2016-9573 Uclouvain
Redhat
Debian
Out-Of-Bounds Read vulnerability in multiple products

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool.

5.8
2018-07-30 CVE-2018-10898 Redhat
Openstack
USE of Hard-Coded Credentials vulnerability in multiple products

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40.

5.8
2018-08-02 CVE-2017-16349 SAP XXE vulnerability in SAP Business Planning and Consolidation

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC.

5.5
2018-08-01 CVE-2018-10894 Redhat Improper Certificate Validation vulnerability in Redhat Keycloak and Single Sign-On

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates.

5.5
2018-08-01 CVE-2018-12467 Opensuse Incorrect Permission Assignment FOR Critical Resource vulnerability in Opensuse Open Build Service

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.

5.5
2018-08-01 CVE-2018-12466 Opensuse Incorrect Permission Assignment FOR Critical Resource vulnerability in Opensuse Open Build Service

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

5.5
2018-07-31 CVE-2018-12939 Seeddms Path Traversal vulnerability in Seeddms

A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a ..

5.5
2018-08-05 CVE-2018-14940 Phpcms Resource Exhaustion vulnerability in PHPcms 9.0

PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.

5.0
2018-08-03 CVE-2018-14927 Matera Path Traversal vulnerability in Matera Banco 1.0.0

Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp.

5.0
2018-08-03 CVE-2018-14912 Cgit Project
Debian
Path Traversal vulnerability in multiple products

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

5.0
2018-08-03 CVE-2018-14907 3CX Information Exposure Through AN Error Message vulnerability in 3CX web Server 15.5.8801.3

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.

5.0
2018-08-03 CVE-2018-14715 Cryptogs USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Cryptogs

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash.

5.0
2018-08-03 CVE-2018-14576 Suncontract Integer Overflow OR Wraparound vulnerability in Suncontract

The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.

5.0
2018-08-03 CVE-2018-14774 Sensiolabs Improper Input Validation vulnerability in Sensiolabs Symfony

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2.

5.0
2018-08-03 CVE-2018-14884 PHP
Netapp
Null Pointer Dereference vulnerability in multiple products

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1.

5.0
2018-08-03 CVE-2018-14883 PHP
Canonical
Debian
Netapp
Out-Of-Bounds Read vulnerability in multiple products

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.

5.0
2018-08-03 CVE-2018-14872 Rincewind Project Improper Input Validation vulnerability in Rincewind Project Rincewind 0.1

An issue was discovered in Rincewind 0.1.

5.0
2018-08-02 CVE-2018-14858 Icmsdev Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms

An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8.

5.0
2018-08-02 CVE-2018-10921 Ttembed Project Integer Overflow OR Wraparound vulnerability in Ttembed Project Ttembed

Certain input files may trigger an integer overflow in ttembed input file processing.

5.0
2018-08-02 CVE-2017-9118 PHP
Netapp
Out-Of-Bounds Read vulnerability in multiple products

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

5.0
2018-08-02 CVE-2018-1336 Apache
Redhat
Canonical
Debian
Infinite Loop vulnerability in multiple products

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.

5.0
2018-08-02 CVE-2018-12448 Navercorp Improper Input Validation vulnerability in Navercorp Whale

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.

5.0
2018-08-01 CVE-2018-8034 Apache
Canonical
Debian
Oracle
Improper Certificate Validation vulnerability in multiple products

The host name verification when using TLS with the WebSocket client was missing.

5.0
2018-08-01 CVE-2018-10618 Davolink USE of Password Hash With Insufficient Computational Effort vulnerability in Davolink Dvw-3200N Firmware

Davolink DVW-3200N all version prior to Version 1.00.06.

5.0
2018-08-01 CVE-2016-9579 Redhat
Canonical
Improper Input Validation vulnerability in Redhat products

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket.

5.0
2018-08-01 CVE-2016-8653 Redhat Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it.

5.0
2018-08-01 CVE-2016-8625 Haxx Improper Input Validation vulnerability in Haxx Curl

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

5.0
2018-08-01 CVE-2016-8623 Haxx USE After Free vulnerability in Haxx Curl

A flaw was found in curl before version 7.51.0.

5.0
2018-08-01 CVE-2016-8615 Haxx 7PK - Security Features vulnerability in Haxx Curl

A flaw was found in curl before version 7.51.

5.0
2018-07-31 CVE-2016-8621 Haxx Out-Of-Bounds Read vulnerability in Haxx Curl

The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.

5.0
2018-07-31 CVE-2016-8624 Haxx Improper Input Validation vulnerability in Haxx Curl

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host.

5.0
2018-07-31 CVE-2016-8614 Redhat KEY Management Errors vulnerability in Redhat Ansible

A flaw was found in Ansible before version 2.2.0.

5.0
2018-07-31 CVE-2018-10607 Martem Resource Exhaustion vulnerability in Martem Telem GW6 Firmware and Telem GWM Firmware

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.

5.0
2018-07-31 CVE-2018-5544 F5 Information Exposure vulnerability in F5 Big-Ip Access Policy Manager

When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.

5.0
2018-07-31 CVE-2018-11338 Intuit Cleartext Transmission of Sensitive Information vulnerability in Intuit Lacerte

Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.

5.0
2018-07-30 CVE-2018-10903 Cryptography
Redhat
Canonical
Improper Input Validation vulnerability in multiple products

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3.

5.0
2018-07-30 CVE-2016-9597 Canonical
Xmlsoft
Debian
HP
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow.

5.0
2018-07-30 CVE-2018-14743 PBC Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-07-30 CVE-2018-14742 PBC Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-07-30 CVE-2018-14741 PBC Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-07-30 CVE-2018-14740 PBC Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-07-30 CVE-2018-14739 PBC Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-07-30 CVE-2018-14738 PBC Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-07-30 CVE-2018-14737 PBC Project Null Pointer Dereference vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-07-30 CVE-2018-14736 PBC Project Out-Of-Bounds Read vulnerability in PBC Project PBC

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02.

5.0
2018-08-02 CVE-2018-2933 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).

4.9
2018-08-01 CVE-2018-1999038 Jenkins Confused Deputy vulnerability in Jenkins Publish Over Cifs

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.

4.9
2018-08-01 CVE-2018-14775 Openbsd Improper Input Validation vulnerability in Openbsd 6.2/6.3

tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.

4.9
2018-07-30 CVE-2018-10883 Debian
Linux
Canonical
Redhat
Out-Of-Bounds Write vulnerability in multiple products

A flaw was found in the Linux kernel's ext4 filesystem.

4.9
2018-08-01 CVE-2018-3650 Intel Improper Input Validation vulnerability in Intel Distribution for Python 2018

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.

4.6
2018-07-30 CVE-2017-7518 Redhat
Canonical
Debian
Linux
Improper Handling of Exceptional Conditions vulnerability in multiple products

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack.

4.6
2018-07-31 CVE-2016-8617 Haxx Out-Of-Bounds Write vulnerability in Haxx Curl

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.

4.4
2018-07-31 CVE-2018-7947 Huawei Improper Authentication vulnerability in Huawei Emily-Al00A Firmware

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability.

4.4
2018-08-05 CVE-2018-14955 Squirrelmail Cross-Site Scripting vulnerability in Squirrelmail

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).

4.3
2018-08-05 CVE-2018-14954 Squirrelmail Cross-Site Scripting vulnerability in Squirrelmail

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.

4.3
2018-08-05 CVE-2018-14953 Squirrelmail Cross-Site Scripting vulnerability in Squirrelmail

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.

4.3
2018-08-05 CVE-2018-14952 Squirrelmail Cross-Site Scripting vulnerability in Squirrelmail

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.

4.3
2018-08-05 CVE-2018-14951 Squirrelmail Cross-Site Scripting vulnerability in Squirrelmail

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.

4.3
2018-08-05 CVE-2018-14950 Squirrelmail Cross-Site Scripting vulnerability in Squirrelmail

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.

4.3
2018-08-03 CVE-2018-14929 Matera Cross-Site Scripting vulnerability in Matera Banco 1.0.0

Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.

4.3
2018-08-03 CVE-2018-14924 Matera Cross-Site Scripting vulnerability in Matera Banco 1.0.0

Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.

4.3
2018-08-03 CVE-2018-14906 3CX Cross-Site Scripting vulnerability in 3CX web Server 15.5.8801.3

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.

4.3
2018-08-03 CVE-2018-14905 3CX Cross-Site Scripting vulnerability in 3CX web Server 15.5.8801.3

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.

4.3
2018-08-03 CVE-2018-14904 Samsung Cross-Site Scripting vulnerability in Samsung Syncthru web Service 4.05.61

Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.

4.3
2018-08-03 CVE-2018-14504 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0.

4.3
2018-08-03 CVE-2018-13055 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.

4.3
2018-08-03 CVE-2018-6590 Broadcom Cross-Site Scripting vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.

4.3
2018-08-03 CVE-2018-14876 Flif Unspecified vulnerability in Flif 0.3

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3.

4.3
2018-08-02 CVE-2018-14851 PHP
Canonical
Debian
Netapp
Out-Of-Bounds Read vulnerability in PHP

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

4.3
2018-08-02 CVE-2018-10922 Ttembed Project Improper Input Validation vulnerability in Ttembed Project Ttembed

An input validation flaw exists in ttembed.

4.3
2018-08-02 CVE-2018-7649 Fibranet Cross-Site Scripting vulnerability in Fibranet Monitorix

Monitorix before 3.10.1 allows XSS via CGI variables.

4.3
2018-08-02 CVE-2018-8037 Apache
Debian
Race Condition vulnerability in multiple products

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user.

4.3
2018-08-02 CVE-2018-8032 Apache
Oracle
Cross-Site Scripting vulnerability in multiple products

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

4.3
2018-08-02 CVE-2018-10920 NIC Improper Input Validation vulnerability in NIC Knot Resolver

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.

4.3
2018-08-02 CVE-2018-14840 Intelliants Cross-Site Scripting vulnerability in Intelliants Subrion 4.2.1

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).

4.3
2018-08-02 CVE-2018-14838 Rejucms Project Cross-Site Scripting vulnerability in Rejucms Project Rejucms 2.1

rejucms 2.1 has stored XSS via the admin/book.php content parameter.

4.3
2018-08-01 CVE-2018-0411 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2018-08-01 CVE-2018-0406 Cisco Cross-Site Scripting vulnerability in Cisco web Security Appliance 10.1.2003/10.5.1269/11.5.0Fcs581

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2018-08-01 CVE-2016-9572 Uclouvain
Debian
Null Pointer Dereference vulnerability in multiple products

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images.

4.3
2018-08-01 CVE-2016-8635 Mozilla
Redhat
KEY Management Errors vulnerability in multiple products

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack.

4.3
2018-08-01 CVE-2016-8616 Haxx Credentials Management vulnerability in Haxx Curl

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections.

4.3
2018-07-31 CVE-2018-14316 Foxitsoftware
Microsoft
Information Exposure vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096.

4.3
2018-07-31 CVE-2018-14289 Foxitsoftware
Microsoft
Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096.

4.3
2018-07-31 CVE-2018-11621 Foxitsoftware
Microsoft
Information Exposure vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049.

4.3
2018-07-31 CVE-2018-11620 Foxitsoftware
Microsoft
Information Exposure vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049.

4.3
2018-07-31 CVE-2016-8613 Theforeman Cross-Site Scripting vulnerability in Theforeman Foreman 1.5.1

A flaw was found in foreman 1.5.1.

4.3
2018-07-31 CVE-2018-10609 Martem Cross-Site Scripting vulnerability in Martem Telem GW6 Firmware and Telem GWM Firmware

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.

4.3
2018-07-31 CVE-2017-13652 Netapp Improper Input Validation vulnerability in Netapp Oncommand Insight

NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.

4.3
2018-07-31 CVE-2018-7992 Huawei Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Huawei products

Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability.

4.3
2018-07-31 CVE-2018-12944 Seeddms Cross-Site Scripting vulnerability in Seeddms

Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.

4.3
2018-07-31 CVE-2018-12943 Seeddms Cross-Site Scripting vulnerability in Seeddms

Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2018-07-31 CVE-2017-17174 Huawei Cryptographic Issues vulnerability in Huawei products

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability.

4.3
2018-07-31 CVE-2018-8020 Debian
Apache
Improper Certificate Validation vulnerability in multiple products

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses.

4.3
2018-07-31 CVE-2018-8019 Debian
Apache
Improper Certificate Validation vulnerability in multiple products

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses.

4.3
2018-07-31 CVE-2018-1718 IBM Cross-Site Scripting vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting.

4.3
2018-07-30 CVE-2018-3773 Metascraper Project Cross-Site Scripting vulnerability in Metascraper Project Metascraper

There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2.

4.3
2018-07-30 CVE-2018-13280 Synology USE of Insufficiently Random Values vulnerability in Synology Diskstation Manager

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

4.3
2018-08-05 CVE-2018-14942 Harmonicinc Path Traversal vulnerability in Harmonicinc NSG 9000 Firmware

Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data.

4.0
2018-08-05 CVE-2018-14941 Harmonicinc Information Exposure vulnerability in Harmonicinc NSG 9000

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.

4.0
2018-08-03 CVE-2018-14773 Sensiolabs
Debian
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2.
4.0
2018-08-03 CVE-2018-5489 Netapp Incorrect Authorization vulnerability in Netapp 7-Mode Transition Tool

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users.

4.0
2018-08-02 CVE-2018-3109 Oracle Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.2/12.2.1.3

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder).

4.0
2018-08-02 CVE-2018-14836 Subrion Improper Privilege Management vulnerability in Subrion CMS 4.2.1

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.

4.0
2018-08-01 CVE-2018-1999040 Jenkins Information Exposure vulnerability in Jenkins Kubernetes

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

4.0
2018-08-01 CVE-2018-1999039 Jenkins Server-Side Request Forgery (SSRF) vulnerability in Jenkins Confluence Publisher

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.

4.0
2018-08-01 CVE-2018-1999037 Jenkins Improper Input Validation vulnerability in Jenkins Resource Disposer

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.

4.0
2018-08-01 CVE-2018-1999036 Jenkins Information Exposure Through LOG Files vulnerability in Jenkins SSH Agent

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

4.0
2018-08-01 CVE-2018-1999033 Anchore Information Exposure vulnerability in Anchore Container Image Scanner

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration.

4.0
2018-08-01 CVE-2018-1999032 Agiletestware Improper Privilege Management vulnerability in Agiletestware Pangolin Connector for Testrail 2.1

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.

4.0
2018-08-01 CVE-2018-1999031 Jenkins Information Exposure vulnerability in Jenkins Meliora Testlab

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.

4.0
2018-08-01 CVE-2018-1999030 Jenkins Information Exposure vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus)

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

4.0
2018-08-01 CVE-2018-1999028 Jenkins Information Exposure vulnerability in Jenkins Accurev

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

4.0
2018-08-01 CVE-2018-1999026 Jenkins Server-Side Request Forgery (SSRF) vulnerability in Jenkins Tracetronic Ecu-Test

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.

4.0
2018-07-31 CVE-2016-8631 Redhat Improper Input Validation vulnerability in Redhat Openshift 3.0/3.3

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes.

4.0
2018-07-31 CVE-2016-8611 Openstack Improper Input Validation vulnerability in Openstack Glance

A vulnerability was found in Openstack Glance.

4.0
2018-07-31 CVE-2018-5543 F5 Insufficiently Protected Credentials vulnerability in F5 Big-Ip Controller

The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container.

4.0
2018-07-31 CVE-2017-17708 Pleasantsolutions Incorrect Authorization vulnerability in Pleasantsolutions Pleasant Password Server

Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3.

4.0
2018-07-30 CVE-2018-9064 Lenovo Unspecified vulnerability in Lenovo Xclarity Administrator

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.

4.0

37 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-01 CVE-2018-10896 Canonical Unspecified vulnerability in Canonical Cloud-Init

The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys.

3.6
2018-08-05 CVE-2018-14937 Mylittleforum Cross-Site Scripting vulnerability in Mylittleforum MY Little Forum 2.4.12

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.

3.5
2018-08-05 CVE-2018-14936 Mylittleforum Cross-Site Scripting vulnerability in Mylittleforum MY Little Forum 2.4.12

The Add page option in my little forum 2.4.12 allows XSS via the Title field.

3.5
2018-08-04 CVE-2018-14541 Readymadeb2Bscript Cross-Site Scripting vulnerability in Readymadeb2Bscript Basic B2B 2.0.0

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.

3.5
2018-08-04 CVE-2018-14497 Tendacn Cross-Site Scripting vulnerability in Tendacn D152 Firmware

Tenda D152 ADSL routers allow XSS via a crafted SSID.

3.5
2018-08-03 CVE-2018-12607 Gitlab Cross-Site Scripting vulnerability in Gitlab

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1.

3.5
2018-08-03 CVE-2018-12606 Gitlab Cross-Site Scripting vulnerability in Gitlab

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1.

3.5
2018-08-03 CVE-2018-12605 Gitlab Cross-Site Scripting vulnerability in Gitlab

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6.

3.5
2018-08-03 CVE-2018-14877 Weaselcms Project Cross-Site Scripting vulnerability in Weaselcms Project Weaselcms 0.3.5

An issue was discovered in WeaselCMS v0.3.5.

3.5
2018-08-03 CVE-2018-14873 Rincewind Project Cross-Site Scripting vulnerability in Rincewind Project Rincewind 0.1

An issue was discovered in Rincewind 0.1.

3.5
2018-08-02 CVE-2017-6215 Paypal Cross-Site Scripting vulnerability in Paypal PHP Permissions SDK

paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.

3.5
2018-08-02 CVE-2017-6213 Paypal Cross-Site Scripting vulnerability in Paypal PHP Invoice SDK

paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.

3.5
2018-08-02 CVE-2018-1155 Tenable Cross-Site Scripting vulnerability in Tenable Securitycenter

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area.

3.5
2018-08-02 CVE-2018-1554 IBM Cross-Site Scripting vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.

3.5
2018-08-02 CVE-2018-3108 Oracle Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.2/12.2.1.3

Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service).

3.5
2018-08-02 CVE-2018-14835 Subrion Cross-Site Scripting vulnerability in Subrion CMS 4.2.1

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.

3.5
2018-08-01 CVE-2018-0408 Cisco Cross-Site Scripting vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2018-08-01 CVE-2018-0407 Cisco Cross-Site Scripting vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2018-08-01 CVE-2018-14777 Dleviet Cross-Site Scripting vulnerability in Dleviet Datalife Engine 13.0/9.7

An issue was discovered in DataLife Engine (DLE) through 13.0.

3.5
2018-08-01 CVE-2016-8608 Redhat Cross-Site Scripting vulnerability in Redhat products

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor.

3.5
2018-08-01 CVE-2018-1999029 Jenkins Cross-Site Scripting vulnerability in Jenkins Shelve Project

A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

3.5
2018-08-01 CVE-2016-8639 Theforeman
Redhat
Cross-Site Scripting vulnerability in multiple products

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name.

3.5
2018-08-01 CVE-2016-8634 Theforeman Cross-Site Scripting vulnerability in Theforeman Foreman 1.14.0

A vulnerability was found in foreman 1.14.0.

3.5
2018-08-01 CVE-2018-14776 Clickstudios Cross-Site Scripting vulnerability in Clickstudios Passwordstate 8.3

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document.

3.5
2018-07-31 CVE-2018-14432 Debian
Redhat
Openstack
Information Exposure vulnerability in multiple products

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects.

3.5
2018-07-30 CVE-2018-9065 Lenovo Cleartext Storage of Sensitive Information vulnerability in Lenovo Xclarity Administrator

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.

3.5
2018-07-30 CVE-2017-7514 Redhat Cross-Site Scripting vulnerability in Redhat Satellite

A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0.

3.5
2018-08-02 CVE-2018-1154 Tenable Unspecified vulnerability in Tenable Securitycenter

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access.

3.3
2018-08-01 CVE-2018-10624 Johnsoncontrols 7PK - Errors vulnerability in Johnsoncontrols Bcpro and Metasys System

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

3.3
2018-08-01 CVE-2018-11050 Dell Cleartext Transmission of Sensitive Information vulnerability in Dell EMC Networker

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component.

3.3
2018-08-01 CVE-2016-8651 Redhat Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform

An input validation flaw was found in the way OpenShift 3 handles requests for images.

2.7
2018-08-01 CVE-2018-3671 Intel Unspecified vulnerability in Intel Saffron Memorybase

Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.

2.7
2018-08-01 CVE-2018-3663 Intel Unspecified vulnerability in Intel Saffron Memorybase

Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.

2.7
2018-08-01 CVE-2017-5692 Intel Out-Of-Bounds Read vulnerability in Intel Graphics Driver

Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack.

2.1
2018-08-01 CVE-2018-1999041 Jenkins Information Exposure vulnerability in Jenkins Tinfoil Security

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.

2.1
2018-08-01 CVE-2016-8637 Dracut Project Information Exposure vulnerability in Dracut Project Dracut

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates.

2.1
2018-07-31 CVE-2018-7957 Huawei Incorrect Authorization vulnerability in Huawei Victoria-Al00 Firmware Victoriaal008.0.0.336A(C00)

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability.

2.1