Weekly Vulnerabilities Reports > September 17 to 23, 2018

Overview

301 new vulnerabilities reported during this period, including 39 critical vulnerabilities and 156 high severity vulnerabilities. This weekly summary report vulnerabilities in 276 products from 129 vendors including Google, Qualcomm, Canonical, Debian, and Foscam. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Out-of-bounds Write", "Out-of-bounds Read", and "Information Exposure".

  • 199 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 82 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 167 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 54 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

39 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-21 CVE-2018-3877 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.

9.9
2018-09-21 CVE-2018-3874 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.

9.9
2018-09-21 CVE-2018-3873 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.

9.9
2018-09-22 CVE-2018-17334 Libsvg2 Project Out-of-bounds Write vulnerability in Libsvg2 Project Libsvg2

An issue was discovered in libsvg2 through 2012-10-19.

9.8
2018-09-22 CVE-2018-17333 Libsvg2 Project Out-of-bounds Write vulnerability in Libsvg2 Project Libsvg2

An issue was discovered in libsvg2 through 2012-10-19.

9.8
2018-09-21 CVE-2018-17317 Fruitywifi Project OS Command Injection vulnerability in Fruitywifi Project Fruitywifi 2.1

FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.

9.8
2018-09-21 CVE-2018-17174 Nmealib Project Out-of-bounds Write vulnerability in Nmealib Project Nmealib 0.5.3

A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3.

9.8
2018-09-21 CVE-2018-17173 LG Code Injection vulnerability in LG Supersign CMS 2.5

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

9.8
2018-09-21 CVE-2018-17141 Debian
Hylafax
Out-of-bounds Write vulnerability in multiple products

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

9.8
2018-09-21 CVE-2018-16822 Seacms SQL Injection vulnerability in Seacms 6.64

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.

9.8
2018-09-21 CVE-2013-4451 Gitolite Permissions, Privileges, and Access Controls vulnerability in Gitolite

gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.

9.8
2018-09-21 CVE-2018-16281 Deiser Unspecified vulnerability in Deiser Profields-Project Custom Fields

The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.

9.8
2018-09-21 CVE-2018-11241 Softcase Unspecified vulnerability in Softcase T-Router Firmware 20112017

An issue was discovered on SoftCase T-Router build 20112017 devices.

9.8
2018-09-21 CVE-2018-11240 Softcase Incorrect Permission Assignment for Critical Resource vulnerability in Softcase T-Router Firmware 20112017

An issue was discovered on SoftCase T-Router build 20112017 devices.

9.8
2018-09-21 CVE-2018-14643 Theforeman Unspecified vulnerability in Theforeman Foreman

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman.

9.8
2018-09-21 CVE-2018-17298 Enalean Weak Password Recovery Mechanism for Forgotten Password vulnerability in Enalean Tuleap

An issue was discovered in Enalean Tuleap before 10.5.

9.8
2018-09-20 CVE-2018-14592 Cwjoomla SQL Injection vulnerability in Cwjoomla products

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.

9.8
2018-09-20 CVE-2018-14829 Rockwellautomation Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior.

9.8
2018-09-20 CVE-2018-17254 Arkextensions SQL Injection vulnerability in Arkextensions JCK Editor 6.4.4

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

9.8
2018-09-20 CVE-2018-11287 Qualcomm Improper Input Validation vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.

9.8
2018-09-20 CVE-2017-18314 Qualcomm Unspecified vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ.

9.8
2018-09-20 CVE-2018-17243 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Opmanager

Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.

9.8
2018-09-20 CVE-2018-17232 Slack Archivebot Project SQL Injection vulnerability in Slack Archivebot Project Slack Archivebot

SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute().

9.8
2018-09-19 CVE-2018-17228 Nmap4J Project OS Command Injection vulnerability in Nmap4J Project Nmap4J 1.1.0

nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.

9.8
2018-09-19 CVE-2017-2877 Foscam Improper Handling of Exceptional Conditions vulnerability in Foscam C1 Firmware 2.52.2.43

A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

9.8
2018-09-19 CVE-2018-17207 Snapcreek Code Injection vulnerability in Snapcreek Duplicator

An issue was discovered in Snap Creek Duplicator before 1.2.42.

9.8
2018-09-19 CVE-2018-12242 Symantec Improper Authentication vulnerability in Symantec Messaging Gateway

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

9.8
2018-09-19 CVE-2018-1149 Nuuo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nuuo Nvrmini2 Firmware

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

9.8
2018-09-18 CVE-2018-17111 Coinlancer Unspecified vulnerability in Coinlancer

The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability.

9.8
2018-09-18 CVE-2018-16669 Circontrol Insufficiently Protected Credentials vulnerability in Circontrol Open Charge Point Protocol 1.0.0

An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products.

9.8
2018-09-18 CVE-2018-1000802 Python
Debian
Canonical
Opensuse
Command Injection vulnerability in multiple products

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive.

9.8
2018-09-18 CVE-2018-17153 Western Digital Improper Authentication vulnerability in Western Digital products

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability.

9.8
2018-09-18 CVE-2018-16957 Oracle Use of Hard-coded Credentials vulnerability in Oracle Webcenter Interaction 10.3.3

The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password.

9.8
2018-09-17 CVE-2018-11780 Apache
Pdfinfo Project
Debian
Canonical
Code Injection vulnerability in multiple products

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

9.8
2018-09-17 CVE-2018-17137 Prezi Unspecified vulnerability in Prezi Next 1.3.101.11

Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.

9.8
2018-09-17 CVE-2018-17136 Zzcms SQL Injection vulnerability in Zzcms 8.3

zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.

9.8
2018-09-17 CVE-2018-17126 Chshcms Code Injection vulnerability in Chshcms Cscms 4.1

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.

9.8
2018-09-17 CVE-2018-17110 Tecdiary SQL Injection vulnerability in Tecdiary Simple POS 4.0.24

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.

9.8
2018-09-19 CVE-2017-2875 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

9.1

156 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-23 CVE-2018-17403 Phonepe Unspecified vulnerability in Phonepe 3.0.6/3.3.26

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge.

8.8
2018-09-23 CVE-2018-17401 Phonepe Weak Password Recovery Mechanism for Forgotten Password vulnerability in Phonepe 3.0.6/3.3.26

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature.

8.8
2018-09-23 CVE-2018-17366 Mcms Project Cross-Site Request Forgery (CSRF) vulnerability in Mcms Project Mcms 4.6.5

An issue was discovered in MCMS 4.6.5.

8.8
2018-09-21 CVE-2018-15612 Avaya Cross-Site Request Forgery (CSRF) vulnerability in Avaya Orchestration Designer 7.1

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings.

8.8
2018-09-21 CVE-2018-3894 Samsung Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.

8.8
2018-09-21 CVE-2018-3876 Samsung Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.

8.8
2018-09-21 CVE-2018-17293 Webassembly Virtual Machine Project NULL Pointer Dereference vulnerability in Webassembly Virtual Machine Project Webassembly Virtual Machine

An issue was discovered in WAVM before 2018-09-16.

8.8
2018-09-20 CVE-2018-16752 Linknet USA Insecure Default Initialization of Resource vulnerability in Linknet-Usa Lw-N605R Firmware 12.20.2.1486

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp.

8.8
2018-09-20 CVE-2018-16282 Moxa OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.2

A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.

8.8
2018-09-20 CVE-2018-15832 Ubisoft Improper Input Validation vulnerability in Ubisoft Uplay 63.0.5699.0

upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code.

8.8
2018-09-20 CVE-2018-6504 Microfocus Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Arcsight Management Center

A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81.

8.8
2018-09-20 CVE-2018-3865 Samsung Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

8.8
2018-09-20 CVE-2018-3864 Samsung Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

8.8
2018-09-20 CVE-2018-1674 IBM SQL Injection vulnerability in IBM products

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection.

8.8
2018-09-20 CVE-2018-11982 Qualcomm Double Free vulnerability in Qualcomm products

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

8.8
2018-09-19 CVE-2018-3831 Elastic Information Exposure vulnerability in Elastic Elasticsearch

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API.

8.8
2018-09-19 CVE-2018-17208 Linksys OS Command Injection vulnerability in Linksys Velop Firmware 1.1.2.187020

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface).

8.8
2018-09-19 CVE-2018-16785 Dedecms XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

8.8
2018-09-19 CVE-2018-12243 Symantec XXE vulnerability in Symantec Messaging Gateway

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser.

8.8
2018-09-19 CVE-2018-11891 Google Improper Validation of Array Index vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.

8.8
2018-09-18 CVE-2018-16515 Matrix
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

8.8
2018-09-18 CVE-2018-11786 Apache Improper Privilege Management vulnerability in Apache Karaf

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access.

8.8
2018-09-18 CVE-2018-16952 Oracle Cross-Site Request Forgery (CSRF) vulnerability in Oracle Webcenter Interaction 10.3.3

The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design.

8.8
2018-09-17 CVE-2018-14630 Moodle Code Injection vulnerability in Moodle

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution.

8.8
2018-09-17 CVE-2018-1223 Pivotal Information Exposure Through Log Files vulnerability in Pivotal Cloud Foundry Container Runtime

Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs.

8.8
2018-09-17 CVE-2018-1198 Pivotal Software Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Cloud Cache

Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs.

8.8
2018-09-17 CVE-2018-11088 Pivotal Software Unspecified vulnerability in Pivotal Software Pivotal Application Service

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges.

8.8
2018-09-17 CVE-2018-11086 Pivotal Software Unspecified vulnerability in Pivotal Software Pivotal Application Service

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges.

8.8
2018-09-17 CVE-2016-9045 Processmaker Deserialization of Untrusted Data vulnerability in Processmaker 3.0.1.7

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community.

8.8
2018-09-17 CVE-2018-17139 Ultimatefosters Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatefosters Ultimatepos 2.5

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.

8.8
2018-09-21 CVE-2018-16793 Microsoft Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2010

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

8.6
2018-09-18 CVE-2018-16794 Microsoft Server-Side Request Forgery (SSRF) vulnerability in Microsoft Active Directory Federation Services

Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.

8.6
2018-09-21 CVE-2018-3915 Samsung Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

8.2
2018-09-21 CVE-2018-3906 Samsung Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub.

8.2
2018-09-23 CVE-2018-17364 Otcms Race Condition vulnerability in Otcms 3.61

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.

8.1
2018-09-23 CVE-2018-17341 Bigtreecms Improper Authentication vulnerability in Bigtreecms Bigtree CMS 4.2.23

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.

8.1
2018-09-19 CVE-2018-3827 Elastic Information Exposure Through Log Files vulnerability in Elastic Azure Repository

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin.

8.1
2018-09-19 CVE-2017-2855 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

8.1
2018-09-18 CVE-2018-11787 Apache Improper Authentication vulnerability in Apache Karaf

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it.

8.1
2018-09-17 CVE-2017-2857 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

8.1
2018-09-17 CVE-2017-2856 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

8.1
2018-09-17 CVE-2017-2854 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

8.1
2018-09-18 CVE-2018-11294 Google Improper Input Validation vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories.

8.0
2018-09-23 CVE-2018-17407 TUG
Canonical
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21.

7.8
2018-09-23 CVE-2018-17338 Pdfalto Project Out-of-bounds Write vulnerability in Pdfalto Project Pdfalto 0.1/0.2

An issue has been found in pdfalto through 0.2.

7.8
2018-09-22 CVE-2018-17336 Freedesktop
Canonical
Use of Externally-Controlled Format String vulnerability in multiple products

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

7.8
2018-09-21 CVE-2018-14891 Vectra Unspecified vulnerability in Vectra Cognito

Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.

7.8
2018-09-21 CVE-2018-14889 Apache Improper Input Validation vulnerability in Apache Couchdb

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.

7.8
2018-09-21 CVE-2018-3914 Samsung Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

7.8
2018-09-21 CVE-2018-1711 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks.

7.8
2018-09-21 CVE-2018-1710 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.1/10.5/11.1

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.

7.8
2018-09-20 CVE-2018-11292 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows.

7.8
2018-09-20 CVE-2018-11285 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.

7.8
2018-09-20 CVE-2018-11277 Qualcomm Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time.

7.8
2018-09-20 CVE-2018-11269 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

7.8
2018-09-20 CVE-2018-11268 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

7.8
2018-09-20 CVE-2018-11267 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.

7.8
2018-09-20 CVE-2017-18280 Qualcomm Unspecified vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function.

7.8
2018-09-19 CVE-2018-17183 Debian
Canonical
Artifex
Redhat
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
7.8
2018-09-19 CVE-2018-3573 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur.

7.8
2018-09-19 CVE-2018-11904 Google NULL Pointer Dereference vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable.

7.8
2018-09-19 CVE-2018-11903 Google Improper Validation of Array Index vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.

7.8
2018-09-19 CVE-2018-11902 Google Improper Validation of Array Index vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.

7.8
2018-09-19 CVE-2018-11898 Google Out-of-bounds Read vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum.

7.8
2018-09-19 CVE-2018-11897 Google Out-of-bounds Read vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.

7.8
2018-09-19 CVE-2018-11895 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.

7.8
2018-09-19 CVE-2018-11894 Google Integer Overflow or Wraparound vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW.

7.8
2018-09-19 CVE-2018-11893 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow.

7.8
2018-09-19 CVE-2018-11889 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free.

7.8
2018-09-19 CVE-2018-11886 Google Integer Overflow or Wraparound vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function.

7.8
2018-09-19 CVE-2018-11883 Google Improper Validation of Array Index vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table.

7.8
2018-09-19 CVE-2018-11878 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.

7.8
2018-09-19 CVE-2018-17182 Linux
Canonical
Debian
Netapp
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel through 4.18.8.

7.8
2018-09-18 CVE-2017-3912 Mcafee Improper Authentication vulnerability in Mcafee Application and Change Control 6.2.0/7.0.1

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

7.8
2018-09-18 CVE-2018-11869 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.

7.8
2018-09-18 CVE-2018-11868 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.

7.8
2018-09-18 CVE-2018-11863 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.

7.8
2018-09-18 CVE-2018-11860 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.

7.8
2018-09-18 CVE-2018-11852 Google Out-of-bounds Write vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.

7.8
2018-09-18 CVE-2018-11851 Google Out-of-bounds Write vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.

7.8
2018-09-18 CVE-2018-11843 Google Use After Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.

7.8
2018-09-18 CVE-2018-11842 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory.

7.8
2018-09-18 CVE-2018-11840 Google Double Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.

7.8
2018-09-18 CVE-2018-11836 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.

7.8
2018-09-18 CVE-2018-11832 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow.

7.8
2018-09-18 CVE-2018-11827 Google Improper Validation of Array Index vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.

7.8
2018-09-18 CVE-2018-11826 Google Integer Overflow or Wraparound vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.

7.8
2018-09-18 CVE-2018-11302 Google Improper Input Validation vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN.

7.8
2018-09-18 CVE-2018-11301 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.

7.8
2018-09-18 CVE-2018-11300 Google Use After Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario.

7.8
2018-09-18 CVE-2018-11299 Google Improper Validation of Array Index vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.

7.8
2018-09-18 CVE-2018-11298 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated.

7.8
2018-09-18 CVE-2018-11297 Google Out-of-bounds Read vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW.

7.8
2018-09-18 CVE-2018-11296 Google Out-of-bounds Write vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur.

7.8
2018-09-18 CVE-2018-11295 Google Out-of-bounds Write vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host .

7.8
2018-09-18 CVE-2018-11286 Google Use After Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue occurs

7.8
2018-09-18 CVE-2018-11281 Google Use After Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use.

7.8
2018-09-18 CVE-2018-11276 Google Double Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.

7.8
2018-09-18 CVE-2018-11274 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large.

7.8
2018-09-18 CVE-2018-11273 Google Double Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource.

7.8
2018-09-18 CVE-2018-11270 Google Double Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code.

7.8
2018-09-18 CVE-2018-11265 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment.

7.8
2018-09-18 CVE-2017-15828 Google Integer Overflow or Wraparound vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow.

7.8
2018-09-18 CVE-2017-15825 Google Out-of-bounds Read vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur.

7.8
2018-09-18 CVE-2017-15818 Google Integer Overflow or Wraparound vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size.

7.8
2018-09-17 CVE-2017-2777 Iceni Integer Overflow or Wraparound vulnerability in Iceni Argus 6.6.05

An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05.

7.8
2018-09-17 CVE-2018-11781 Apache
Redhat
Debian
Canonical
Code Injection vulnerability in multiple products

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

7.8
2018-09-21 CVE-2018-12169 Intel
Lenovo
Improper Authentication vulnerability in multiple products

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

7.6
2018-09-22 CVE-2018-17332 Libsvg2 Project Missing Release of Resource after Effective Lifetime vulnerability in Libsvg2 Project Libsvg2

An issue was discovered in libsvg2 through 2012-10-19.

7.5
2018-09-21 CVE-2018-17050 Polyai Project Integer Overflow or Wraparound vulnerability in Polyai Project Polyai

The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

7.5
2018-09-21 CVE-2018-14732 Webpack JS Improper Input Validation vulnerability in Webpack.Js Webpack-Dev-Server

An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6.

7.5
2018-09-21 CVE-2018-14731 Parceljs Information Exposure vulnerability in Parceljs Parcel

An issue was discovered in HMRServer.js in Parcel parcel-bundler.

7.5
2018-09-21 CVE-2018-14730 Browserify HOT Module Replacement Project Information Exposure vulnerability in Browserify-Hot Module Replacement Project Browserify-Hot Module Replacement

An issue was discovered in Browserify-HMR.

7.5
2018-09-21 CVE-2018-12511 Substratum Integer Overflow or Wraparound vulnerability in Substratum

In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.

7.5
2018-09-21 CVE-2018-14645 Haproxy
Canonical
Redhat
Out-of-bounds Read vulnerability in multiple products

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2.

7.5
2018-09-21 CVE-2018-17297 Hutool Path Traversal vulnerability in Hutool

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.

7.5
2018-09-21 CVE-2018-17283 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Opmanager

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.

7.5
2018-09-20 CVE-2018-6505 HP Unspecified vulnerability in HP Arcsight Management Center 2.0/2.9.1

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81.

7.5
2018-09-20 CVE-2018-14827 Rockwellautomation Resource Exhaustion vulnerability in Rockwellautomation Rslinx

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior.

7.5
2018-09-20 CVE-2018-14821 Rockwellautomation Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior.

7.5
2018-09-20 CVE-2018-14796 Tec4Data Missing Authentication for Critical Function vulnerability in Tec4Data Smartcooler Firmware

Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack.

7.5
2018-09-20 CVE-2018-6500 HP Path Traversal vulnerability in HP Arcsight Management Center 2.0/2.9.1

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81.

7.5
2018-09-20 CVE-2018-5837 Qualcomm Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected.

7.5
2018-09-20 CVE-2018-11291 Qualcomm Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.

7.5
2018-09-20 CVE-2018-11290 Qualcomm Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.

7.5
2018-09-19 CVE-2018-17231 Telegram Reachable Assertion vulnerability in Telegram Desktop 1.3.14

Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.

7.5
2018-09-19 CVE-2018-3828 Elastic Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability.

7.5
2018-09-19 CVE-2017-2876 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

7.5
2018-09-19 CVE-2018-17205 Openvswitch
Redhat
Canonical
Reachable Assertion vulnerability in multiple products

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c.

7.5
2018-09-19 CVE-2017-2878 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

7.5
2018-09-19 CVE-2017-1794 IBM Resource Exhaustion vulnerability in IBM Tivoli Monitoring

IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth.

7.5
2018-09-19 CVE-2018-11761 Apache
Oracle
XXE vulnerability in multiple products

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion.

7.5
2018-09-19 CVE-2018-17144 Bitcoinknots
Bitcoin
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input.
7.5
2018-09-18 CVE-2018-17071 Lucky9 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Lucky9 Lucky9Io

The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number.

7.5
2018-09-18 CVE-2018-16820 Monstra Path Traversal vulnerability in Monstra 3.0.4

admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.

7.5
2018-09-18 CVE-2018-13982 Smarty
Debian
Path Traversal vulnerability in multiple products

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization.

7.5
2018-09-18 CVE-2018-11071 EMC Improper Input Validation vulnerability in EMC Isilon Onefs and Isilonsd Edge

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability.

7.5
2018-09-18 CVE-2018-17176 Neatorobotics Authentication Bypass by Capture-replay vulnerability in Neatorobotics products

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices.

7.5
2018-09-17 CVE-2017-2874 Foscam Unspecified vulnerability in Foscam C1 Firmware 2.52.2.43

An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

7.5
2018-09-17 CVE-2018-17143 Golang
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.

7.5
2018-09-17 CVE-2018-17142 Golang
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.

7.5
2018-09-17 CVE-2018-17127 Asus NULL Pointer Dereference vulnerability in Asus Gt-Ac5300 Firmware 3.0.0.4.384.21140/3.0.0.4.384.32738

blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.

7.5
2018-09-17 CVE-2018-17125 Chshcms Path Traversal vulnerability in Chshcms Cscms 4.1

CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.

7.5
2018-09-19 CVE-2018-1150 Nuuo Unspecified vulnerability in Nuuo Nvrmini2 Firmware

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.

7.3
2018-09-21 CVE-2018-16784 Dedecms XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7

DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.

7.2
2018-09-19 CVE-2017-2873 Foscam OS Command Injection vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

7.2
2018-09-17 CVE-2017-2872 Foscam Improper Authentication vulnerability in Foscam C1 Firmware 2.52.2.43

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

7.2
2018-09-17 CVE-2018-17134 Phpmywind Code Injection vulnerability in PHPmywind 5.5

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.

7.2
2018-09-17 CVE-2018-17133 Phpmywind Code Injection vulnerability in PHPmywind 5.5

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.

7.2
2018-09-17 CVE-2018-17132 Phpmywind Code Injection vulnerability in PHPmywind 5.5

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.

7.2
2018-09-17 CVE-2018-17131 Phpmywind Code Injection vulnerability in PHPmywind 5.5

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.

7.2
2018-09-18 CVE-2018-6690 Mcafee Origin Validation Error vulnerability in Mcafee Application Change Control

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.

7.1
2018-09-18 CVE-2018-11278 Google Out-of-bounds Read vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers.

7.1
2018-09-23 CVE-2018-17400 Phonepe Unspecified vulnerability in Phonepe 3.0.6/3.3.26

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application.

7.0
2018-09-19 CVE-2018-5905 Google Race Condition vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.

7.0
2018-09-18 CVE-2018-11818 Google Use After Free vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl.

7.0

105 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-18 CVE-2018-7929 Huawei Incorrect Authorization vulnerability in Huawei Mate RS Firmware 9.1.0.321(C786E320R1P1T8)

Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability.

6.8
2018-09-21 CVE-2018-3913 Samsung Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.

6.7
2018-09-21 CVE-2018-17294 Liblouis
Canonical
Opensuse
Out-of-bounds Read vulnerability in multiple products

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

6.5
2018-09-21 CVE-2018-17292 Webassembly Virtual Machine Project Out-of-bounds Read vulnerability in Webassembly Virtual Machine Project Webassembly Virtual Machine

An issue was discovered in WAVM before 2018-09-16.

6.5
2018-09-20 CVE-2018-17282 Exiv2 NULL Pointer Dereference vulnerability in Exiv2 0.26

An issue was discovered in Exiv2 v0.26.

6.5
2018-09-20 CVE-2018-6503 HP Unspecified vulnerability in HP Arcsight Management Center 2.0/2.9.1

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81.

6.5
2018-09-20 CVE-2018-6501 HP Unspecified vulnerability in HP Arcsight Management Center 2.0/2.9.1

Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81.

6.5
2018-09-20 CVE-2018-5871 Qualcomm Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.

6.5
2018-09-20 CVE-2018-17237 Hdfgroup Divide By Zero vulnerability in Hdfgroup Hdf5

A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero.

6.5
2018-09-20 CVE-2018-17236 Mp4V2 Project Use After Free vulnerability in Mp4V2 Project Mp4V2 2.1.0

The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.

6.5
2018-09-20 CVE-2018-17235 Mp4V2 Project Out-of-bounds Read vulnerability in Mp4V2 Project Mp4V2 2.1.0

The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.

6.5
2018-09-20 CVE-2018-17234 Hdfgroup Missing Release of Resource after Effective Lifetime vulnerability in Hdfgroup Hdf5

Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

6.5
2018-09-20 CVE-2018-17233 Hdfgroup Divide By Zero vulnerability in Hdfgroup Hdf5

A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero.

6.5
2018-09-19 CVE-2018-17230 Exiv2 Out-of-bounds Write vulnerability in Exiv2 0.26

Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.

6.5
2018-09-19 CVE-2018-17229 Exiv2 Out-of-bounds Write vulnerability in Exiv2 0.26

Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.

6.5
2018-09-19 CVE-2018-3826 Elastic Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API.

6.5
2018-09-19 CVE-2018-1782 IBM Unspecified vulnerability in IBM Spectrum Scale 5.0.1.0/5.0.1.1

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system.

6.5
2018-09-18 CVE-2018-16225 Qbeecam
Swisscom
Cleartext Transmission of Sensitive Information vulnerability in multiple products

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.

6.5
2018-09-18 CVE-2018-11084 Cloudfoundry Unspecified vulnerability in Cloudfoundry Garden-Runc

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes.

6.5
2018-09-18 CVE-2018-13398 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Fisheye

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.

6.5
2018-09-18 CVE-2018-16956 Oracle Improper Input Validation vulnerability in Oracle Webcenter Interaction 10.3.3

The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests.

6.5
2018-09-17 CVE-2018-14320 Podofo Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Podofo Project Podofo

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo.

6.5
2018-09-17 CVE-2017-14443 Insteon Information Exposure vulnerability in Insteon HUB 2245-222 Firmware 1012

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012.

6.5
2018-09-19 CVE-2018-14792 WE CON Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con PLC Editor 1.3.3U

WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.

6.3
2018-09-23 CVE-2018-17361 Weaselcms Project Cross-site Scripting vulnerability in Weaselcms Project Weaselcms 0.3.6

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.

6.1
2018-09-22 CVE-2018-17322 Yunucms Cross-site Scripting vulnerability in Yunucms 1.1.4

Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.

6.1
2018-09-22 CVE-2018-17321 Seacms Cross-site Scripting vulnerability in Seacms 6.64

An issue was discovered in SeaCMS 6.64.

6.1
2018-09-21 CVE-2018-17320 Ucms Project Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.6

An issue was discovered in UCMS 1.4.6.

6.1
2018-09-21 CVE-2018-17003 Limesurvey Cross-site Scripting vulnerability in Limesurvey 3.14.7

In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.

6.1
2018-09-21 CVE-2018-17002 Ricoh Cross-site Scripting vulnerability in Ricoh MP 2001Sp Firmware

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

6.1
2018-09-21 CVE-2018-17001 Ricoh Cross-site Scripting vulnerability in Ricoh SP 4510Sf Firmware

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

6.1
2018-09-21 CVE-2018-16965 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.9/7.90/8.0

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.

6.1
2018-09-21 CVE-2018-16833 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0.271

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.

6.1
2018-09-21 CVE-2018-15613 Avaya Cross-site Scripting vulnerability in Avaya Aura Orchestration Designer

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user.

6.1
2018-09-21 CVE-2018-9282 Subsonic Cross-site Scripting vulnerability in Subsonic 6.1.1

An XSS issue was discovered in Subsonic Media Server 6.1.1.

6.1
2018-09-21 CVE-2018-14691 Subsonic Cross-site Scripting vulnerability in Subsonic 6.1.1

An issue was discovered in Subsonic 6.1.1.

6.1
2018-09-21 CVE-2018-14690 Subsonic Cross-site Scripting vulnerability in Subsonic 6.1.1

An issue was discovered in Subsonic 6.1.1.

6.1
2018-09-21 CVE-2018-14689 Subsonic Cross-site Scripting vulnerability in Subsonic 6.1.1

An issue was discovered in Subsonic 6.1.1.

6.1
2018-09-21 CVE-2018-14688 Subsonic Cross-site Scripting vulnerability in Subsonic 6.1.1

An issue was discovered in Subsonic 6.1.1.

6.1
2018-09-21 CVE-2018-16786 Dedecms Cross-site Scripting vulnerability in Dedecms 5.7

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.

6.1
2018-09-20 CVE-2018-6502 HP Cross-site Scripting vulnerability in HP Arcsight Management Center 2.0/2.9.1

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81.

6.1
2018-09-19 CVE-2018-3830 Elastic
Redhat
Cross-site Scripting vulnerability in multiple products

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1
2018-09-19 CVE-2018-3824 Elastic Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability.

6.1
2018-09-18 CVE-2018-15546 Accusoft Cross-site Scripting vulnerability in Accusoft Prizmdoc

Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file.

6.1
2018-09-18 CVE-2017-6913 Open Xchange Cross-site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.

6.1
2018-09-18 CVE-2018-16955 Oracle Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS).

6.1
2018-09-18 CVE-2018-16954 Oracle Open Redirect vulnerability in Oracle Webcenter Interaction 10.3.3

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.

6.1
2018-09-18 CVE-2018-16953 Oracle Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3

The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS).

6.1
2018-09-17 CVE-2018-14631 Moodle Cross-site Scripting vulnerability in Moodle

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered.

6.1
2018-09-17 CVE-2018-17113 Easycms Cross-site Scripting vulnerability in Easycms 1.5

App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.

6.1
2018-09-21 CVE-2018-13111 Wanscam Improper Input Validation vulnerability in Wanscam Hw0021 Firmware

There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras.

5.9
2018-09-21 CVE-2018-8023 Apache Information Exposure vulnerability in Apache Mesos

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT).

5.9
2018-09-19 CVE-2018-3825 Elastic Insecure Default Initialization of Resource vulnerability in Elastic Cloud Enterprise

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters.

5.9
2018-09-19 CVE-2018-11762 Apache Path Traversal vulnerability in Apache Tika

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.

5.9
2018-09-18 CVE-2018-14641 Linux Improper Input Validation vulnerability in Linux Kernel 4.19

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment().

5.9
2018-09-18 CVE-2018-11293 Google Out-of-bounds Read vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw.

5.7
2018-09-23 CVE-2018-17360 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.31.1

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.

5.5
2018-09-23 CVE-2018-17359 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.31.1

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.

5.5
2018-09-23 CVE-2018-17358 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.31.1

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.

5.5
2018-09-21 CVE-2013-7203 Gitolite Information Exposure vulnerability in Gitolite

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.

5.5
2018-09-21 CVE-2018-16597 Linux
Netapp
Opensuse
Incorrect Authorization vulnerability in multiple products

An issue was discovered in the Linux kernel before 4.8.

5.5
2018-09-21 CVE-2018-1685 IBM Information Exposure vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system.

5.5
2018-09-20 CVE-2017-18301 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.

5.5
2018-09-19 CVE-2018-8017 Apache Infinite Loop vulnerability in Apache Tika

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

5.5
2018-09-19 CVE-2018-3574 Google Improper Input Validation vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.

5.5
2018-09-18 CVE-2018-11280 Google Improper Input Validation vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input.

5.5
2018-09-18 CVE-2018-11275 Google Information Exposure vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.

5.5
2018-09-18 CVE-2017-15844 Google Out-of-bounds Read vulnerability in Google Android

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.

5.5
2018-09-21 CVE-2018-14890 Vectra Cross-site Scripting vulnerability in Vectra Cognito

Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.

5.4
2018-09-21 CVE-2018-17302 Espocrm Cross-site Scripting vulnerability in Espocrm 5.3.6

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.

5.4
2018-09-21 CVE-2018-17301 Espocrm Cross-site Scripting vulnerability in Espocrm 5.3.6

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.

5.4
2018-09-19 CVE-2018-3823 Elastic Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability.

5.4
2018-09-19 CVE-2018-16607 Opmantek Cross-site Scripting vulnerability in Opmantek Open-Audit 2.2.7

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.

5.4
2018-09-18 CVE-2018-16958 Oracle Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Webcenter Interaction 10.3.3

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.

5.4
2018-09-17 CVE-2018-17140 VMS Studio Cross-site Scripting vulnerability in Vms-Studio Quizlord 1.0.1/2.0

The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.

5.4
2018-09-17 CVE-2018-17138 Nickelpro Cross-site Scripting vulnerability in Nickelpro Jibu PRO 1.6/1.7

The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.

5.4
2018-09-17 CVE-2018-17130 Phpmywind Cross-site Scripting vulnerability in PHPmywind 5.5

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,

5.4
2018-09-17 CVE-2018-17128 Mybb Cross-site Scripting vulnerability in Mybb

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.

5.4
2018-09-23 CVE-2018-17404 SBI Information Exposure vulnerability in SBI Buddy 1.41/1.42

The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth.

5.3
2018-09-23 CVE-2018-17402 Phonepe Information Exposure vulnerability in Phonepe 3.0.6/3.3.26

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number.

5.3
2018-09-23 CVE-2018-17368 Publiccms Unspecified vulnerability in Publiccms 4.0.180825

An issue was discovered in PublicCMS V4.0.180825.

5.3
2018-09-21 CVE-2018-16821 Seacms Unrestricted Upload of File with Dangerous Type vulnerability in Seacms 6.64

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.

5.3
2018-09-19 CVE-2018-3829 Elastic Authentication Bypass by Spoofing vulnerability in Elastic Cloud Enterprise

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token.

5.3
2018-09-19 CVE-2017-2879 Foscam Classic Buffer Overflow vulnerability in Foscam C1 Firmware 2.52.2.43

An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

5.3
2018-09-18 CVE-2018-6693 Mcafee Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mcafee products

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier.

5.3
2018-09-18 CVE-2018-16671 Circontrol Information Exposure vulnerability in Circontrol Circarlife Scada

An issue was discovered in CIRCONTROL CirCarLife before 4.3.

5.3
2018-09-18 CVE-2018-16670 Circontrol Improper Authentication vulnerability in Circontrol Circarlife Scada

An issue was discovered in CIRCONTROL CirCarLife before 4.3.

5.3
2018-09-18 CVE-2018-16668 Circontrol Improper Authentication vulnerability in Circontrol Circarlife Scada

An issue was discovered in CIRCONTROL CirCarLife before 4.3.

5.3
2018-09-18 CVE-2018-17178 Neatorobotics Unspecified vulnerability in Neatorobotics products

An issue was discovered on Neato Botvac Connected 2.2.0 devices.

5.3
2018-09-18 CVE-2018-17175 Marshmallow Project Unspecified vulnerability in Marshmallow Project Marshmallow

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only").

5.3
2018-09-18 CVE-2018-14642 Redhat Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform and Undertow

An information leak vulnerability was found in Undertow.

5.3
2018-09-18 CVE-2018-16959 Oracle Information Exposure vulnerability in Oracle Webcenter Interaction 10.3.3

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.

5.3
2018-09-17 CVE-2018-8041 Apache Path Traversal vulnerability in Apache Camel

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

5.3
2018-09-17 CVE-2017-15705 Apache
Redhat
Debian
Canonical
Improper Input Validation vulnerability in multiple products

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2.

5.3
2018-09-19 CVE-2018-17206 Openvswitch
Redhat
Canonical
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6.

4.9
2018-09-18 CVE-2018-16819 Monstra Path Traversal vulnerability in Monstra 3.0.4

admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.

4.9
2018-09-17 CVE-2018-17129 Metinfo SQL Injection vulnerability in Metinfo 6.1.0

MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.

4.9
2018-09-23 CVE-2018-17369 Springboot Authority Project Cross-site Scripting vulnerability in Springboot Authority Project Springboot Authority 20170306

An issue was discovered in springboot_authority through 2017-03-06.

4.8
2018-09-21 CVE-2018-17300 Cuppacms Cross-site Scripting vulnerability in Cuppacms

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.

4.8
2018-09-20 CVE-2018-1800 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring.

4.7
2018-09-20 CVE-2017-18302 Qualcomm Race Condition vulnerability in Qualcomm products

In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.

4.7
2018-09-19 CVE-2018-8889 Blackberry Path Traversal vulnerability in Blackberry Enterprise Mobility Server 2.6/2.8/2.8.17.29

A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.

4.7
2018-09-18 CVE-2018-7991 Huawei Unspecified vulnerability in Huawei Mate10 Firmware

Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability.

4.6
2018-09-19 CVE-2018-17204 Openvswitch
Redhat
Canonical
Debian
Reachable Assertion vulnerability in multiple products

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c.

4.3
2018-09-21 CVE-2018-11352 Wallabag Cross-site Scripting vulnerability in Wallabag

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-18 CVE-2018-17177 Neatorobotics Inadequate Encryption Strength vulnerability in Neatorobotics products

An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices.

2.4