Weekly Vulnerabilities Reports > August 20 to 26, 2018

Overview

235 new vulnerabilities reported during this period, including 36 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 228 products from 129 vendors including Canonical, Samsung, Debian, Redhat, and Xkbcommon. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Information Exposure", "Improper Input Validation", and "NULL Pointer Dereference".

  • 199 reported vulnerabilities are remotely exploitables.
  • 17 reported vulnerabilities have public exploit available.
  • 67 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 169 reported vulnerabilities are exploitable by an anonymous user.
  • Canonical has the most reported vulnerabilities, with 29 reported vulnerabilities.
  • Samsung has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

36 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-26 CVE-2011-2767 Apache
Debian
Redhat
Canonical
Code Injection vulnerability in multiple products

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

10.0
2018-08-24 CVE-2018-3786 Eggjs OS Command Injection vulnerability in Eggjs Egg-Scripts

A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.

10.0
2018-08-24 CVE-2017-12577 Planex Use of Hard-coded Credentials vulnerability in Planex Cs-Qr20 Firmware and Smacam Night Vision

An issue was discovered on the PLANEX CS-QR20 1.30.

10.0
2018-08-24 CVE-2017-12574 Planex Use of Hard-coded Credentials vulnerability in Planex Cs-W50Hd Firmware

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720.

10.0
2018-08-24 CVE-2017-11563 Dlink Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dlink Eyeon Baby Monitor Firmware 1.08.1

D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability.

10.0
2018-08-24 CVE-2018-1722 IBM Unspecified vulnerability in IBM Security Access Manager 9.0.4.0/9.0.5.0

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running.

10.0
2018-08-23 CVE-2018-15808 Posim Use of Hard-coded Credentials vulnerability in Posim EVO 15.13

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user.

10.0
2018-08-21 CVE-2018-6692 Belkin Out-of-bounds Write vulnerability in Belkin Wemo Insight Smart Plug Firmware

Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.

10.0
2018-08-20 CVE-2018-14078 Wi2Be Improper Authentication vulnerability in Wi2Be Smart HP WMT R1.2.20201400922

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).

10.0
2018-08-22 CVE-2018-11776 Apache Improper Input Validation vulnerability in Apache Struts

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

9.3
2018-08-20 CVE-2016-7048 Postgresql Improper Access Control vulnerability in Postgresql

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

9.3
2018-08-20 CVE-2018-15573 Reprisesoftware Unrestricted Upload of File with Dangerous Type vulnerability in Reprisesoftware Reprise License Manager

** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2.

9.3
2018-08-26 CVE-2018-15877 Plainview Activity Monitor Project OS Command Injection vulnerability in Plainview Activity Monitor Project Plainview Activity Monitor

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.

9.0
2018-08-24 CVE-2018-15728 Couchbase Code Injection vulnerability in Couchbase Server

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091.

9.0
2018-08-24 CVE-2017-12576 Planex Exposure of Resource to Wrong Sphere vulnerability in Planex Cs-Qr20 Firmware 1.30

An issue was discovered on the PLANEX CS-QR20 1.30.

9.0
2018-08-24 CVE-2017-12573 Planex Unspecified vulnerability in Planex Cs-W50Hd Firmware

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720.

9.0
2018-08-24 CVE-2017-11564 Dlink Out-of-bounds Write vulnerability in Dlink Eyeon Baby Monitor Firmware 1.08.1

The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework.

9.0
2018-08-24 CVE-2018-11061 EMC Unspecified vulnerability in EMC RSA Netwitness and RSA Security Analytics

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product.

9.0
2018-08-23 CVE-2018-3880 Samsung Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3872 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3866 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3856 Samsung Argument Injection or Modification vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-1156 Mikrotik Out-of-bounds Write vulnerability in Mikrotik Routeros

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface.

9.0
2018-08-23 CVE-2018-3925 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3919 Samsung Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3917 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack.

9.0
2018-08-23 CVE-2018-3905 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3903 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack.

9.0
2018-08-23 CVE-2018-3902 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3878 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3867 Samsung Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.

9.0
2018-08-23 CVE-2018-3863 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack.

9.0
2018-08-23 CVE-2017-16337 Insteon Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insteon HUB 2245-222 Firmware 1012

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data.

9.0
2018-08-23 CVE-2017-14455 Insteon Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insteon HUB 2245-222 Firmware 1012

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data.

9.0
2018-08-23 CVE-2017-14453 Insteon Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insteon HUB 2245-222 Firmware 1012

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data.

9.0
2018-08-20 CVE-2018-15553 Telus OS Command Injection vulnerability in Telus Actiontec T2200H Firmware T2200H31.128L.03

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.

9.0

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-23 CVE-2018-3832 Insteon Unrestricted Upload of File with Dangerous Type vulnerability in Insteon HUB 2245-222 Firmware 1013

An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013.

8.5
2018-08-23 CVE-2017-16348 Insteon Improper Authentication vulnerability in Insteon HUB Firmware 1012

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012.

7.8
2018-08-21 CVE-2017-17312 Huawei Improper Input Validation vulnerability in Huawei products

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products.

7.8
2018-08-21 CVE-2017-17311 Huawei Improper Input Validation vulnerability in Huawei products

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products.

7.8
2018-08-26 CVE-2018-15888 Aspcms Improper Input Validation vulnerability in Aspcms 2.5.6

An issue was discovered in ASPCMS 2.5.6.

7.5
2018-08-24 CVE-2017-9821 Npci Use of Hard-coded Credentials vulnerability in Npci Bharat Interface for Money (Bhim) 1.3

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.

7.5
2018-08-24 CVE-2017-9820 Npci Improper Authentication vulnerability in Npci Bharat Interface for Money (Bhim) 1.3

The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.

7.5
2018-08-24 CVE-2017-9819 Npci Improper Authentication vulnerability in Npci Bharat Interface for Money (Bhim) 1.3

The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.

7.5
2018-08-24 CVE-2018-14600 X ORG
Canonical
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in libX11 through 1.6.5.

7.5
2018-08-24 CVE-2018-14599 X ORG
Canonical
Debian
Fedoraproject
Off-by-one Error vulnerability in multiple products

An issue was discovered in libX11 through 1.6.5.

7.5
2018-08-23 CVE-2018-14786 BD Improper Authentication vulnerability in BD products

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.

7.5
2018-08-21 CVE-2018-15601 Elefantcms Improper Input Validation vulnerability in Elefantcms 2.0.3

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.

7.5
2018-08-20 CVE-2017-16748 Tridium Improper Authentication vulnerability in Tridium Niagara and Niagara AX Framework

An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.

7.5
2018-08-20 CVE-2015-5243 Phpwhois Project Code Injection vulnerability in PHPwhois Project PHPwhois

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

7.5
2018-08-20 CVE-2018-1000226 Cobblerd Incorrect Permission Assignment for Critical Resource vulnerability in Cobblerd Cobbler

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting.

7.5
2018-08-20 CVE-2018-1000221 Pkgconf Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pkgconf 1.5.0/1.5.1/1.5.2

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow.

7.5
2018-08-20 CVE-2018-1000217 Cjson Project Use After Free vulnerability in Cjson Project Cjson

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE.

7.5
2018-08-20 CVE-2018-1000653 Zzcms SQL Injection vulnerability in Zzcms

zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx.

7.5
2018-08-20 CVE-2018-1000652 Jabref XXE vulnerability in Jabref

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning.

7.5
2018-08-20 CVE-2018-1000651 Gchq XXE vulnerability in Gchq Stroom

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning.

7.5
2018-08-20 CVE-2018-1000644 Eclipse XXE vulnerability in Eclipse Rdf4J

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning.

7.5
2018-08-20 CVE-2018-1000641 Yeswiki Deserialization of Untrusted Data vulnerability in Yeswiki 201210221/201310171/201603171

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.

7.5
2018-08-22 CVE-2018-14801 Philips Use of Hard-coded Credentials vulnerability in Philips products

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.

7.2
2018-08-22 CVE-2017-2627 Redhat
Openstack
Path Traversal vulnerability in multiple products

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11.

7.2
2018-08-20 CVE-2018-1000635 Openmicroscopy Information Exposure vulnerability in Openmicroscopy Omero

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it.

7.2
2018-08-21 CVE-2018-15607 Imagemagick Resource Exhaustion vulnerability in Imagemagick 7.0.811

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails.

7.1
2018-08-20 CVE-2018-1000654 GNU Unspecified vulnerability in GNU Libtasn1 4.12/4.13

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed.

7.1

143 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-23 CVE-2018-3912 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack.

6.9
2018-08-25 CVE-2018-15851 Flexocms Project Cross-Site Request Forgery (CSRF) vulnerability in Flexocms Project Flexo CMS 0.1.6

An issue was discovered in Flexo CMS v0.1.6.

6.8
2018-08-25 CVE-2018-15850 Redaxo Cross-Site Request Forgery (CSRF) vulnerability in Redaxo CMS 4.7.2

An issue was discovered in REDAXO CMS 4.7.2.

6.8
2018-08-25 CVE-2018-15848 Portfoliocms Project Cross-Site Request Forgery (CSRF) vulnerability in Portfoliocms Project Portfoliocms 1.0.5

An issue was discovered in portfolioCMS 1.0.5.

6.8
2018-08-25 CVE-2018-15846 Fledrcms Project Cross-Site Request Forgery (CSRF) vulnerability in Fledrcms Project Fledrcms

An issue was discovered in fledrCMS through 2014-02-03.

6.8
2018-08-25 CVE-2018-15845 Gleezcms Cross-Site Request Forgery (CSRF) vulnerability in Gleezcms Gleez CMS 1.2.0

There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.

6.8
2018-08-25 CVE-2018-15844 Damicms Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0

An issue was discovered in DamiCMS 6.0.0.

6.8
2018-08-24 CVE-2018-15576 Hazzardweb Deserialization of Untrusted Data vulnerability in Hazzardweb Easylogin PRO

An issue was discovered in EasyLogin Pro through 1.3.0.

6.8
2018-08-23 CVE-2018-14797 Emerson Uncontrolled Search Path Element vulnerability in Emerson Deltav Distributed Control System

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

6.8
2018-08-23 CVE-2018-1157 Mikrotik Resource Exhaustion vulnerability in Mikrotik Routeros

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability.

6.8
2018-08-23 CVE-2018-15685 Electronjs Insecure Default Initialization of Resource vulnerability in Electronjs Electron

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.

6.8
2018-08-22 CVE-2018-5238 Symantec Uncontrolled Search Path Element vulnerability in Symantec Norton Power Eraser and Symdiag

Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

6.8
2018-08-22 CVE-2018-10884 Redhat Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py.

6.8
2018-08-20 CVE-2018-12579 Oxid Esales Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0.

6.8
2018-08-20 CVE-2018-1000223 Surina Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Surina Soundtouch

soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution.

6.8
2018-08-20 CVE-2018-1000222 Libgd
Canonical
Debian
Double Free vulnerability in multiple products

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution .

6.8
2018-08-20 CVE-2018-1000216 Cjson Project Double Free vulnerability in Cjson Project Cjson

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE.

6.8
2018-08-20 CVE-2018-1000639 Latexdraw Project XXE vulnerability in Latexdraw Project Latexdraw

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce.

6.8
2018-08-20 CVE-2018-1000637 Nongnu
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution.

6.8
2018-08-20 CVE-2018-15568 Tp5Cms Project Cross-Site Request Forgery (CSRF) vulnerability in Tp5Cms Project Tp5Cms 20170315/20170525

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.

6.8
2018-08-20 CVE-2018-15565 Simple CMS Project Cross-Site Request Forgery (CSRF) vulnerability in Simple-Cms Project Simple CMS 20140311

An issue was discovered in daveismyname simple-cms through 2014-03-11.

6.8
2018-08-20 CVE-2018-15564 Simple CMS Project Cross-Site Request Forgery (CSRF) vulnerability in Simple-Cms Project Simple CMS 20140311

An issue was discovered in daveismyname simple-cms through 2014-03-11.

6.8
2018-08-24 CVE-2018-1699 IBM SQL Injection vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection.

6.5
2018-08-23 CVE-2017-14452 Insteon Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insteon HUB Firmware 1012

An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012.

6.5
2018-08-23 CVE-2018-8028 Apache Missing Authorization vulnerability in Apache Sentry

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1.

6.5
2018-08-23 CVE-2018-3879 Samsung SQL Injection vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.

6.5
2018-08-22 CVE-2018-10858 Debian
Canonical
Samba
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.

6.5
2018-08-21 CVE-2018-15481 Ucopia OS Command Injection vulnerability in Ucopia Wireless Appliance Firmware

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder.

6.5
2018-08-21 CVE-2018-14795 Emerson Path Traversal vulnerability in Emerson Deltav

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

6.5
2018-08-20 CVE-2017-16744 Tridium Path Traversal vulnerability in Tridium Niagara and Niagara AX Framework

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.

6.5
2018-08-20 CVE-2018-1000650 Librehealth SQL Injection vulnerability in Librehealth EHR 2.0.0

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries.

6.5
2018-08-20 CVE-2018-1000649 Librehealth Incorrect Permission Assignment for Critical Resource vulnerability in Librehealth EHR 2.0.0

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution.

6.5
2018-08-20 CVE-2018-1000648 Librehealth Improper Privilege Management vulnerability in Librehealth EHR 2.0.0

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution.

6.5
2018-08-20 CVE-2018-1000646 Librehealth Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.

6.5
2018-08-20 CVE-2018-1000634 Openmicroscopy Improper Privilege Management vulnerability in Openmicroscopy Omero

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator.

6.5
2018-08-24 CVE-2018-3909 Samsung HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

6.4
2018-08-24 CVE-2018-3907 Samsung HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

6.4
2018-08-25 CVE-2018-15852 Technicolor Resource Exhaustion vulnerability in Technicolor Tc7200.20 Firmware

** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof.

6.1
2018-08-24 CVE-2018-11502 Moderator LOG Notes Project Cross-Site Request Forgery (CSRF) vulnerability in Moderator LOG Notes Project Moderator LOG Notes 1.1

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB.

5.8
2018-08-24 CVE-2018-15536 Tecrail Path Traversal vulnerability in Tecrail Responsive Filemanager

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.

5.8
2018-08-22 CVE-2018-11758 Apache XXE vulnerability in Apache Cayenne

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2.

5.8
2018-08-22 CVE-2017-7513 Redhat Improper Certificate Validation vulnerability in Redhat Satellite

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields.

5.8
2018-08-21 CVE-2018-14793 Emerson Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Emerson Deltav

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.

5.8
2018-08-23 CVE-2018-1999045 Jenkins Improper Authentication vulnerability in Jenkins

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.

5.5
2018-08-20 CVE-2018-1000647 Librehealth Improper Input Validation vulnerability in Librehealth EHR 2.0.0

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service.

5.5
2018-08-26 CVE-2018-15885 Ovation Improper Input Validation vulnerability in Ovation Findme 1.410831

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose.

5.0
2018-08-26 CVE-2017-18345 Joomanager Project Information Exposure vulnerability in Joomanager Project Joomanager

The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.

5.0
2018-08-26 CVE-2018-15876 Ajax Bootmodal Login Project Improper Input Validation vulnerability in Ajax Bootmodal Login Project Ajax Bootmodal Login 1.4.3

An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress.

5.0
2018-08-25 CVE-2018-15869 Hashicorp Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Packer

An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.

5.0
2018-08-24 CVE-2018-11654 Seasofsolutions Information Exposure vulnerability in Seasofsolutions IP Camera Firmware

Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.

5.0
2018-08-24 CVE-2018-11653 Seasofsolutions Information Exposure vulnerability in Seasofsolutions IP Camera Firmware

Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.

5.0
2018-08-24 CVE-2017-9818 Npci Weak Password Requirements vulnerability in Npci Bharat Interface for Money (Bhim) 1.3

The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.

5.0
2018-08-24 CVE-2018-15535 Tecrail Path Traversal vulnerability in Tecrail Responsive Filemanager

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.

5.0
2018-08-24 CVE-2018-14598 X ORG
Canonical
Debian
Fedoraproject
Improper Input Validation vulnerability in multiple products

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5.

5.0
2018-08-24 CVE-2017-12575 Aterm Missing Authentication for Critical Function vulnerability in Aterm Wg2600Hp2 Firmware 1.0.2

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2.

5.0
2018-08-24 CVE-2018-11749 Puppet Cleartext Transmission of Sensitive Information vulnerability in Puppet

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server.

5.0
2018-08-23 CVE-2018-15822 Ffmpeg Reachable Assertion vulnerability in Ffmpeg

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

5.0
2018-08-23 CVE-2018-3911 Samsung HTTP Response Splitting vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

5.0
2018-08-23 CVE-2003-1605 Haxx Credentials Management vulnerability in Haxx Curl

curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.

5.0
2018-08-23 CVE-2018-1999043 Jenkins Missing Release of Resource after Effective Lifetime vulnerability in Jenkins

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.

5.0
2018-08-23 CVE-2018-1999042 Jenkins Deserialization of Untrusted Data vulnerability in Jenkins

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

5.0
2018-08-23 CVE-2018-3833 Insteon Unspecified vulnerability in Insteon HUB 2245-222 Firmware 1013

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013.

5.0
2018-08-21 CVE-2018-15669 Bloop Unspecified vulnerability in Bloop Airmail 3 3.5.9

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS.

5.0
2018-08-21 CVE-2018-15668 Bloop Information Exposure vulnerability in Bloop Airmail 3 3.5.9

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS.

5.0
2018-08-21 CVE-2018-15667 Airmailapp Improper Authentication vulnerability in Airmailapp Airmail 3.3.5.9

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS.

5.0
2018-08-21 CVE-2018-15534 Geutebrueck Information Exposure vulnerability in Geutebrueck RE Porter 16 Firmware

Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.

5.0
2018-08-21 CVE-2018-7166 Nodejs Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nodejs Node.Js

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory.

5.0
2018-08-21 CVE-2018-12115 Nodejs
Redhat
Out-of-bounds Write vulnerability in Nodejs Node.Js

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`.

5.0
2018-08-21 CVE-2018-15599 Debian
Dropbear SSH Project
Information Exposure vulnerability in multiple products

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

5.0
2018-08-21 CVE-2018-15598 Traefik Improper Authentication vulnerability in Traefik

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.

5.0
2018-08-20 CVE-2018-14020 Paymorrow Unspecified vulnerability in Paymorrow 1.0.0/1.0.2/2.0.0

An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop.

5.0
2018-08-20 CVE-2018-1517 IBM
Redhat
Improper Input Validation vulnerability in multiple products

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data.

5.0
2018-08-20 CVE-2018-14079 Wi2Be Information Exposure vulnerability in Wi2Be Smart HP WMT R1.2.20201400922

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.

5.0
2018-08-20 CVE-2018-14077 Wi2Be Unspecified vulnerability in Wi2Be Smart HP WMT R1.2.20201400922

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg.

5.0
2018-08-20 CVE-2018-1000224 Godotengine Incorrect Conversion between Numeric Types vulnerability in Godotengine Godot

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6.

5.0
2018-08-20 CVE-2018-1000215 Cjson Project Missing Release of Resource after Effective Lifetime vulnerability in Cjson Project Cjson

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS).

5.0
2018-08-20 CVE-2018-1000656 Palletsprojects
Netapp
Improper Input Validation vulnerability in multiple products

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service.

5.0
2018-08-20 CVE-2018-1000632 Dom4J Project
Debian
Oracle
Redhat
Netapp
XML Injection (aka Blind XPath Injection) vulnerability in multiple products

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.

5.0
2018-08-20 CVE-2018-5243 Symantec Resource Exhaustion vulnerability in Symantec Encryption Management Server

The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit.

5.0
2018-08-20 CVE-2011-2765 Pyro Project Link Following vulnerability in Pyro Project Pyro

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root.

5.0
2018-08-20 CVE-2018-15560 Python Integer Overflow or Wraparound vulnerability in Python Pycryptodome

PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.

5.0
2018-08-23 CVE-2018-6558 Google Unspecified vulnerability in Google Fscrypt

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).

4.9
2018-08-24 CVE-2018-15499 Gearsoftware Race Condition vulnerability in Gearsoftware Gearaspiwdm 2.2.5.0

GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it.

4.7
2018-08-25 CVE-2018-15857 Xkbcommon
Canonical
Use After Free vulnerability in multiple products

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.

4.6
2018-08-23 CVE-2018-15807 Posim Use of Insufficiently Random Values vulnerability in Posim EVO 15.13

POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature.

4.6
2018-08-23 CVE-2018-14791 Emerson Improper Privilege Management vulnerability in Emerson Deltav Distributed Control System

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.

4.6
2018-08-22 CVE-2018-14799 Philips Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Philips products

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user.

4.6
2018-08-22 CVE-2018-14789 Phillips Unquoted Search Path or Element vulnerability in Phillips Intellispace Cardiovascular and Xcelera

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.

4.6
2018-08-22 CVE-2018-14787 Phillips Improper Privilege Management vulnerability in Phillips Intellispace Cardiovascular and Xcelera

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions.

4.6
2018-08-21 CVE-2018-10902 Debian
Canonical
Linux
Redhat
Double Free vulnerability in multiple products

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file.

4.6
2018-08-20 CVE-2018-1000657 Rust Lang Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rust-Lang Rust

Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published..

4.6
2018-08-22 CVE-2018-5235 Symantec Uncontrolled Search Path Element vulnerability in Symantec Norton Utilities

Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

4.4
2018-08-21 CVE-2018-6557 Canonical Link Following vulnerability in Canonical Ubuntu Linux 18.04/18.10

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files.

4.4
2018-08-26 CVE-2018-15602 Zyxel Cross-site Scripting vulnerability in Zyxel Vmg3312 B10B Firmware

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.

4.3
2018-08-25 CVE-2018-15849 Portfoliocms Project Cross-Site Request Forgery (CSRF) vulnerability in Portfoliocms Project Portfoliocms 1.0.5

An issue was discovered in portfolioCMS 1.0.5.

4.3
2018-08-25 CVE-2018-15847 Puppycms Cross-site Scripting vulnerability in Puppycms 5.1

An issue was discovered in puppyCMS 5.1.

4.3
2018-08-25 CVE-2018-15875 Dlink Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

4.3
2018-08-25 CVE-2018-15874 Dlink Cross-site Scripting vulnerability in Dlink Dir-615 Firmware 20.07

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.

4.3
2018-08-25 CVE-2018-15871 Libming Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12.

4.3
2018-08-25 CVE-2018-15870 Libming Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12.

4.3
2018-08-24 CVE-2018-15605 Phpmyadmin Cross-site Scripting vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin before 4.8.3.

4.3
2018-08-24 CVE-2018-15120 Gnome
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

4.3
2018-08-24 CVE-2018-1755 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC).

4.3
2018-08-22 CVE-2017-2575 Libbpg Project NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7

A vulnerability was found while fuzzing libbpg 0.9.7.

4.3
2018-08-22 CVE-2016-9605 Cobbler Project Cross-site Scripting vulnerability in Cobbler Project Cobbler 2.6.111

A flaw was found in cobbler software component version 2.6.11-1.

4.3
2018-08-22 CVE-2018-1139 Samba
Canonical
Redhat
Insufficiently Protected Credentials vulnerability in multiple products

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled.

4.3
2018-08-22 CVE-2018-10845 GNU
Redhat
Canonical
Fedoraproject
Debian
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.

4.3
2018-08-22 CVE-2018-10844 GNU
Redhat
Canonical
Fedoraproject
Debian
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.

4.3
2018-08-21 CVE-2018-15671 Hdfgroup Resource Exhaustion vulnerability in Hdfgroup Hdf5 1.10.2

An issue was discovered in the HDF HDF5 1.10.2 library.

4.3
2018-08-21 CVE-2018-15670 Bloop Improper Input Validation vulnerability in Bloop Airmail 3.3.5.9

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS.

4.3
2018-08-21 CVE-2018-15660 Olacabs Unspecified vulnerability in Olacabs Olamoney 1.9.0

** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android.

4.3
2018-08-21 CVE-2018-15533 Geutebrueck Cross-site Scripting vulnerability in Geutebrueck RE Porter 16 Firmware

A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.

4.3
2018-08-21 CVE-2018-15528 Javasystemsolutions Cross-site Scripting vulnerability in Javasystemsolutions SSO Plugin 4.0.13.1

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT.

4.3
2018-08-21 CVE-2017-17305 Huawei Cryptographic Issues vulnerability in Huawei products

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations.

4.3
2018-08-21 CVE-2018-15603 Victor CMS Project Cross-site Scripting vulnerability in Victor CMS Project Victor CMS 20180510

An issue was discovered in Victor CMS through 2018-05-10.

4.3
2018-08-21 CVE-2018-0501 Canonical
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.

4.3
2018-08-20 CVE-2018-1656 IBM
Redhat
Oracle
Path Traversal vulnerability in multiple products

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files.

4.3
2018-08-20 CVE-2018-1000225 Cobblerd Cross-site Scripting vulnerability in Cobblerd Cobbler

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin..

4.3
2018-08-20 CVE-2018-1000655 Jsish NULL Pointer Dereference vulnerability in Jsish 2.4.65

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault.

4.3
2018-08-20 CVE-2018-1000642 Flightairmap Cross-site Scripting vulnerability in Flightairmap

FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information.

4.3
2018-08-20 CVE-2018-1000640 Villagedefrance Cross-site Scripting vulnerability in Villagedefrance Opencart-Overclocked

OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service.

4.3
2018-08-20 CVE-2018-1000638 1234N Cross-site Scripting vulnerability in 1234N Minicms 1.1

MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.

4.3
2018-08-20 CVE-2018-1000636 Jerryscript NULL Pointer Dereference vulnerability in Jerryscript 1.0

JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793.

4.3
2018-08-20 CVE-2018-15574 Reprisesoftware Cross-site Scripting vulnerability in Reprisesoftware Reprise License Manager

** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2.

4.3
2018-08-20 CVE-2018-15569 Mylittleforum Cross-Site Request Forgery (CSRF) vulnerability in Mylittleforum MY Little Forum 2.4.12

my little forum 2.4.12 allows CSRF for deletion of users.

4.3
2018-08-20 CVE-2018-15567 Cmsuno Project Cross-site Scripting vulnerability in Cmsuno Project Cmsuno

CMSUno before 1.5.3 has XSS via the title field.

4.3
2018-08-20 CVE-2018-15566 Tp5Cms Project Cross-site Scripting vulnerability in Tp5Cms Project Tp5Cms 20170315/20170525

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.

4.3
2018-08-20 CVE-2018-15559 Xiuno Cross-site Scripting vulnerability in Xiuno Xiunobbs 4.0.4

The editor in Xiuno BBS 4.0.4 allows stored XSS.

4.3
2018-08-26 CVE-2018-15833 Vanillaforums Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

4.0
2018-08-24 CVE-2018-11065 RSA SQL Injection vulnerability in RSA Archer

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability.

4.0
2018-08-23 CVE-2018-1159 Mikrotik Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mikrotik Routeros

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability.

4.0
2018-08-23 CVE-2018-1158 Mikrotik Uncontrolled Recursion vulnerability in Mikrotik Routeros

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability.

4.0
2018-08-23 CVE-2018-1999047 Jenkins Incorrect Authorization vulnerability in Jenkins

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.

4.0
2018-08-23 CVE-2018-1999046 Jenkins Information Exposure vulnerability in Jenkins

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.

4.0
2018-08-23 CVE-2018-1999044 Jenkins Infinite Loop vulnerability in Jenkins

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

4.0
2018-08-23 CVE-2018-15804 Mapr Unspecified vulnerability in Mapr

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier.

4.0
2018-08-23 CVE-2018-15748 Dell Weak Password Requirements vulnerability in Dell products

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage.

4.0
2018-08-22 CVE-2017-2635 Redhat NULL Pointer Dereference vulnerability in Redhat Libvirt 2.5.0/3.0.0

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives.

4.0
2018-08-22 CVE-2018-10919 Canonical
Debian
Samba
Information Exposure vulnerability in multiple products

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks.

4.0
2018-08-22 CVE-2018-10918 Canonical
Samba
NULL Pointer Dereference vulnerability in multiple products

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer.

4.0
2018-08-22 CVE-2017-2662 Theforeman Improper Privilege Management vulnerability in Theforeman Katello 3.4.5

A flaw was found in Foreman's katello plugin version 3.4.5.

4.0
2018-08-20 CVE-2018-1000645 Librehealth Information Exposure vulnerability in Librehealth EHR

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server.

4.0
2018-08-20 CVE-2018-1000633 Openmicroscopy Information Exposure vulnerability in Openmicroscopy Omero

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed.

4.0

29 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-08-25 CVE-2018-15843 GET Simple Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.14

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.

3.5
2018-08-25 CVE-2018-15842 Wolfcms Cross-site Scripting vulnerability in Wolfcms Wolf CMS 0.8.3.1

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.

3.5
2018-08-24 CVE-2018-14059 Pimcore Cross-site Scripting vulnerability in Pimcore

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.

3.5
2018-08-22 CVE-2018-1599 IBM Improper Input Validation vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim.

3.5
2018-08-20 CVE-2018-1394 IBM Cross-site Scripting vulnerability in IBM products

Multiple IBM Rational products are vulnerable to cross-site scripting.

3.5
2018-08-20 CVE-2017-1753 IBM Code Injection vulnerability in IBM products

Multiple IBM Rational products are vulnerable to HTML injection.

3.5
2018-08-20 CVE-2018-1000219 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.1.4

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML..

3.5
2018-08-20 CVE-2018-1000218 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.1.4

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML..

3.5
2018-08-20 CVE-2018-15570 Bijiadao Cross-site Scripting vulnerability in Bijiadao Waimai Super CMS 20150505

In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.

3.5
2018-08-22 CVE-2017-7528 Redhat CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection.

3.3
2018-08-22 CVE-2018-1140 Samba Improper Input Validation vulnerability in Samba

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server.

3.3
2018-08-21 CVE-2018-10932 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Lldptool

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed.

3.3
2018-08-21 CVE-2018-15661 Olacabs Information Exposure vulnerability in Olacabs OLA Money 1.9.0

** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android.

2.6
2018-08-25 CVE-2018-15864 Xkbcommon
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.

2.1
2018-08-25 CVE-2018-15863 Xkbcommon
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.

2.1
2018-08-25 CVE-2018-15862 Xkbcommon
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.

2.1
2018-08-25 CVE-2018-15861 Xkbcommon
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

2.1
2018-08-25 CVE-2018-15859 Xkbcommon
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.

2.1
2018-08-25 CVE-2018-15858 Xkbcommon
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.

2.1
2018-08-25 CVE-2018-15856 Xkbcommon
Canonical
Infinite Loop vulnerability in multiple products

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.

2.1
2018-08-25 CVE-2018-15855 Xkbcommon Project
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.

2.1
2018-08-25 CVE-2018-15854 Xkbcommon Project
Canonical
NULL Pointer Dereference vulnerability in multiple products

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.

2.1
2018-08-25 CVE-2018-15853 Xkbcommon
Canonical
Resource Exhaustion vulnerability in multiple products

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

2.1
2018-08-23 CVE-2018-15809 Accupos Incorrect Permission Assignment for Critical Resource vulnerability in Accupos 2017.8

AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path.

2.1
2018-08-20 CVE-2018-14023 Signal Information Exposure vulnerability in Signal Signal-Desktop

Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.

2.1
2018-08-20 CVE-2015-5160 Libvirt
Redhat
Information Exposure vulnerability in multiple products

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

2.1
2018-08-20 CVE-2018-15594 Debian
Canonical
Linux
Information Exposure vulnerability in multiple products

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.

2.1
2018-08-20 CVE-2018-15572 Debian
Canonical
Linux
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
2.1
2018-08-22 CVE-2018-10846 GNU
Redhat
Canonical
Fedoraproject
Debian
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.

1.9