Weekly Vulnerabilities Reports > September 24 to 30, 2018

Overview

229 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 306 products from 94 vendors including Debian, Redhat, Google, IBM, and Adobe. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Input Validation", "Information Exposure", and "Out-of-bounds Read".

  • 209 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 94 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 195 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-28 CVE-2018-5393 TP Link Missing Authentication for Critical Function vulnerability in Tp-Link EAP Controller

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices.

10.0
2018-09-27 CVE-2018-7104 HP Unspecified vulnerability in HP Intelligent Management Center Wireless Services Manager Software 7.3

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

10.0
2018-09-27 CVE-2018-7103 HP Unspecified vulnerability in HP Intelligent Management Center Wireless Services Manager Software 7.3

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

10.0
2018-09-26 CVE-2018-17411 Informationbuilders XXE vulnerability in Informationbuilders Data Quality Suite 10.6.1

An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.

10.0
2018-09-25 CVE-2018-15965 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability.

10.0
2018-09-25 CVE-2018-15959 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability.

10.0
2018-09-25 CVE-2018-15958 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability.

10.0
2018-09-25 CVE-2018-15957 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability.

10.0
2018-09-26 CVE-2018-3972 Getmonero Deserialization of Untrusted Data vulnerability in Getmonero Monero 0.12.2.0

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies.

9.8
2018-09-26 CVE-2018-17538 Axon Unspecified vulnerability in Axon Evidence Sync 3.15.89

Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection.

9.8
2018-09-25 CVE-2018-15961 Adobe Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability.

9.8
2018-09-28 CVE-2018-9077 Lenovo OS Command Injection vulnerability in Lenovo Lenovoemc Firmware

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter.

9.3
2018-09-28 CVE-2018-9076 Lenovo OS Command Injection vulnerability in Lenovo Lenovoemc Firmware

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter.

9.3
2018-09-28 CVE-2018-9075 Lenovo OS Command Injection vulnerability in Lenovo Lenovoemc Firmware

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter.

9.3
2018-09-26 CVE-2018-14327 EE Incorrect Permission Assignment for Critical Resource vulnerability in EE Ee40Vb Firmware

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.

9.3
2018-09-26 CVE-2018-16364 Zohocorp Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.

9.3
2018-09-26 CVE-2018-10606 WE CON Out-of-bounds Write vulnerability in We-Con Levistudiou 1.8.29/1.8.44

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.

9.3
2018-09-26 CVE-2018-10602 WE CON Out-of-bounds Write vulnerability in We-Con Levistudiou 1.8.29/1.8.44

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.

9.3
2018-09-24 CVE-2018-13140 Druide
Linux
Microsoft
Cleartext Transmission of Sensitive Information vulnerability in Druide Antidote 9

Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.

9.3
2018-09-27 CVE-2018-7105 HP Unspecified vulnerability in HP products

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.

9.0
2018-09-26 CVE-2018-16055 Netgate OS Command Injection vulnerability in Netgate Pfsense

An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables.

9.0

62 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-25 CVE-2018-6055 Google Improper Input Validation vulnerability in Google Chrome

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.

8.8
2018-09-25 CVE-2018-6054 Google
Redhat
Debian
Use After Free vulnerability in multiple products

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

8.8
2018-09-25 CVE-2018-6043 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.

8.8
2018-09-25 CVE-2018-6035 Google
Debian
Redhat
Information Exposure vulnerability in multiple products

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

8.8
2018-09-25 CVE-2018-6033 Google
Redhat
Debian
Improper Input Validation vulnerability in multiple products

Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

8.8
2018-09-25 CVE-2018-6031 Google
Redhat
Debian
Use After Free vulnerability in multiple products

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2018-09-26 CVE-2018-17215 Postman Improper Certificate Validation vulnerability in Postman

An information-disclosure issue was discovered in Postman through 6.3.0.

8.1
2018-09-25 CVE-2018-6034 Google
Debian
Redhat
Out-of-bounds Read vulnerability in multiple products

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.1
2018-09-28 CVE-2018-14648 Fedoraproject
Debian
Redhat
Resource Exhaustion vulnerability in multiple products

A flaw was found in 389 Directory Server.

7.8
2018-09-25 CVE-2018-14634 Linux
Redhat
Canonical
Netapp
Integer Overflow or Wraparound vulnerability in multiple products

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function.

7.8
2018-09-24 CVE-2018-6700 Mcafee Untrusted Search Path vulnerability in Mcafee True KEY

DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.

7.8
2018-09-30 CVE-2018-17796 Mushroom Content Management System Project SQL Injection vulnerability in Mushroom Content Management System Project Mushroom Content Management System 2.0/3.1.1/3.1.2

An issue was discovered in MRCMS (aka mushroom) through 3.1.2.

7.5
2018-09-28 CVE-2018-9079 Lenovo Cross-site Scripting vulnerability in Lenovo products

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page.

7.5
2018-09-28 CVE-2018-15764 EMC Unspecified vulnerability in EMC Esrs Policy Manager 6.8

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services.

7.5
2018-09-28 CVE-2018-17611 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf and Reader

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled.

7.5
2018-09-28 CVE-2018-17610 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf and Reader

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled.

7.5
2018-09-28 CVE-2018-17609 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf and Reader

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled.

7.5
2018-09-28 CVE-2018-17608 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf and Reader

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled.

7.5
2018-09-28 CVE-2018-17607 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf and Reader

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled.

7.5
2018-09-28 CVE-2018-17575 SWA SQL Injection vulnerability in SWA Swa.Jacad 3.1.37

SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.

7.5
2018-09-28 CVE-2018-17573 Smartlogix Unrestricted Upload of File with Dangerous Type vulnerability in Smartlogix Wp-Insert 2.4/2.4.1/2.4.2

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.

7.5
2018-09-28 CVE-2018-17567 Jekyllrb Link Following vulnerability in Jekyllrb Jekyll

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.

7.5
2018-09-28 CVE-2018-17397 Multiplanet SQL Injection vulnerability in Multiplanet Alphaindex Dictionaries 1.0

SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.

7.5
2018-09-28 CVE-2018-17394 Osthemeclub SQL Injection vulnerability in Osthemeclub Timetable Schedule 3.6.8

SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.

7.5
2018-09-28 CVE-2018-17391 Super CMS Blog PRO Project SQL Injection vulnerability in Super CMS Blog PRO Project Super CMS Blog PRO 1.0

SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.

7.5
2018-09-28 CVE-2018-17385 Thephpfactory SQL Injection vulnerability in Thephpfactory Social Factory 3.8.3

SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.

7.5
2018-09-28 CVE-2018-17384 Thephpfactory SQL Injection vulnerability in Thephpfactory Swap Factory 2.2.1

SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.

7.5
2018-09-28 CVE-2018-17383 Thephpfactory SQL Injection vulnerability in Thephpfactory Collection Factory 4.1.9

SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.

7.5
2018-09-28 CVE-2018-17382 Thephpfactory SQL Injection vulnerability in Thephpfactory Jobs Factory 2.0.4

SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.

7.5
2018-09-28 CVE-2018-17380 Thephpfactory SQL Injection vulnerability in Thephpfactory Article Factory Manager 4.3.9

SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.

7.5
2018-09-28 CVE-2018-17379 Thephpfactory SQL Injection vulnerability in Thephpfactory Raffle Factory 3.5.2

SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

7.5
2018-09-28 CVE-2018-17378 Thephpfactory SQL Injection vulnerability in Thephpfactory Penny Auction Factory 2.0.4

SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.

7.5
2018-09-28 CVE-2018-17377 Extensiondeveloper SQL Injection vulnerability in Extensiondeveloper Questions 1.4.3

SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.

7.5
2018-09-28 CVE-2018-17376 Thephpfactory SQL Injection vulnerability in Thephpfactory Reverse Auction Factory 4.3.8

SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.

7.5
2018-09-28 CVE-2018-17375 Joomlathat SQL Injection vulnerability in Joomlathat Music Collection 3.0.3

SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.

7.5
2018-09-28 CVE-2018-16659 Rausoft SQL Injection vulnerability in Rausoft Id.Prove 2.95

An issue was discovered in Rausoft ID.prove 2.95.

7.5
2018-09-28 CVE-2018-14957 Isweb Path Traversal vulnerability in Isweb 3.5.3

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).

7.5
2018-09-28 CVE-2018-14956 Isweb SQL Injection vulnerability in Isweb 3.5.3

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws.

7.5
2018-09-26 CVE-2018-17570 Viabtc Integer Overflow or Wraparound vulnerability in Viabtc Exchange Server

utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.

7.5
2018-09-26 CVE-2018-17569 Viabtc Integer Overflow or Wraparound vulnerability in Viabtc Exchange Server

network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.

7.5
2018-09-26 CVE-2018-17568 Viabtc Integer Overflow or Wraparound vulnerability in Viabtc Exchange Server

utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.

7.5
2018-09-26 CVE-2018-15531 Javamelody Project XXE vulnerability in Javamelody Project Javamelody

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

7.5
2018-09-26 CVE-2018-17566 Thinkphp SQL Injection vulnerability in Thinkphp 5.1.24

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.

7.5
2018-09-26 CVE-2018-17410 Horus CMS Project SQL Injection vulnerability in Horus CMS Project Horus CMS

Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.

7.5
2018-09-26 CVE-2018-16152 Strongswan
Debian
Canonical
Improper Verification of Cryptographic Signature vulnerability in multiple products

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification.

7.5
2018-09-26 CVE-2018-16151 Strongswan
Debian
Canonical
Improper Verification of Cryptographic Signature vulnerability in multiple products

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification.

7.5
2018-09-26 CVE-2018-14823 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server Firmware

Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

7.5
2018-09-26 CVE-2018-14819 Fujielectric Out-of-bounds Read vulnerability in Fujielectric V-Server Firmware

Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.

7.5
2018-09-26 CVE-2018-14817 Fujielectric Integer Underflow (Wrap or Wraparound) vulnerability in Fujielectric V-Server Firmware

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.

7.5
2018-09-26 CVE-2018-14815 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server Firmware

Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.

7.5
2018-09-26 CVE-2018-14813 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server Firmware

Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

7.5
2018-09-26 CVE-2018-14811 Fujielectric NULL Pointer Dereference vulnerability in Fujielectric V-Server Firmware

Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

7.5
2018-09-26 CVE-2018-14809 Fujielectric Use After Free vulnerability in Fujielectric V-Server Firmware

Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.

7.5
2018-09-26 CVE-2018-8850 Philips Improper Input Validation vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

7.5
2018-09-25 CVE-2018-12848 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability.

7.5
2018-09-25 CVE-2018-14647 Python
Canonical
Debian
Fedoraproject
Opensuse
Redhat
Missing Initialization of Resource vulnerability in multiple products

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization.

7.5
2018-09-24 CVE-2018-17107 Tgstation13 Unspecified vulnerability in Tgstation13 Tgstation-Server

In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.

7.5
2018-09-24 CVE-2018-16283 Wechat Brodcast Project Path Traversal vulnerability in Wechat Brodcast Project Wechat Brodcast

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.

7.5
2018-09-24 CVE-2018-12975 Cryptosaga Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cryptosaga

The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call).

7.5
2018-09-24 CVE-2015-8298 Rxtec SQL Injection vulnerability in Rxtec Rxadmin 2012

Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.

7.5
2018-09-27 CVE-2018-15611 Avaya Unspecified vulnerability in Avaya Aura Communication Manager

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges.

7.2
2018-09-25 CVE-2018-14633 Linux
Debian
Canonical
Redhat
Stack-based Buffer Overflow vulnerability in multiple products

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed.

7.0

125 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-30 CVE-2018-17795 Libtiff Out-of-bounds Write vulnerability in Libtiff 4.0.9

The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.

6.8
2018-09-28 CVE-2018-17776 Pcprotect Incorrect Permission Assignment for Critical Resource vulnerability in Pcprotect Antivirus 4.8.35

PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.

6.8
2018-09-28 CVE-2018-9078 Lenovo Cross-site Scripting vulnerability in Lenovo products

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset.

6.8
2018-09-28 CVE-2018-9074 Lenovo Path Traversal vulnerability in Lenovo Lenovoemc Firmware

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal.

6.8
2018-09-26 CVE-2018-16713 Iobit Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iobit Advanced Systemcare 1.2.0.5

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content.

6.8
2018-09-26 CVE-2018-16712 Iobit Information Exposure vulnerability in Iobit Advanced Systemcare 1.2.0.5

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory.

6.8
2018-09-26 CVE-2018-8852 Philips Session Fixation vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

6.8
2018-09-26 CVE-2018-8844 Philips Cross-Site Request Forgery (CSRF) vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

6.8
2018-09-24 CVE-2018-14318 Samsung Improper Input Validation vulnerability in Samsung Galaxy S8 Firmware G950Fxxu1Aql5

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5.

6.8
2018-09-24 CVE-2018-10496 Samsung Improper Input Validation vulnerability in Samsung Internet Browser

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15.

6.8
2018-09-24 CVE-2018-14825 Honeywell
Google
Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell products

On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges.

6.8
2018-09-28 CVE-2018-17581 Exiv2
Debian
Canonical
Redhat
Resource Exhaustion vulnerability in multiple products

CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

6.5
2018-09-27 CVE-2018-14824 Deltaww Out-of-bounds Read vulnerability in Deltaww Delta Industrial Automation Pmsoft 2.11

Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information.

6.5
2018-09-27 CVE-2018-7107 HPE SQL Injection vulnerability in HPE Device Entitlement Gateway 3.2.4/3.3/3.3.1

A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1.

6.5
2018-09-26 CVE-2018-16711 Iobit Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iobit Advanced Systemcare 1.2.0.5

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content.

6.5
2018-09-25 CVE-2018-6119 Google Improper Input Validation vulnerability in Google Chrome

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2018-09-25 CVE-2018-6050 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2018-09-25 CVE-2018-6049 Google
Debian
Redhat
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
6.5
2018-09-25 CVE-2018-6045 Google
Debian
Redhat
Information Exposure vulnerability in multiple products

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

6.5
2018-09-25 CVE-2018-6040 Google
Debian
Redhat
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.

6.5
2018-09-25 CVE-2018-6038 Google
Debian
Redhat
Out-of-bounds Read vulnerability in multiple products

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5
2018-09-25 CVE-2018-6037 Google
Debian
Redhat
Information Exposure vulnerability in multiple products

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.

6.5
2018-09-25 CVE-2018-6036 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.

6.5
2018-09-25 CVE-2018-6032 Google
Redhat
Debian
Improper Input Validation vulnerability in multiple products

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

6.5
2018-09-24 CVE-2018-11614 Samsung Unspecified vulnerability in Samsung Members

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25.

6.5
2018-09-24 CVE-2018-17437 Hdfgroup Missing Release of Resource after Effective Lifetime vulnerability in Hdfgroup Hdf5

Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

6.5
2018-09-24 CVE-2018-17434 Hdfgroup Divide By Zero vulnerability in Hdfgroup Hdf5

A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero.

6.5
2018-09-26 CVE-2018-17365 Seacms Path Traversal vulnerability in Seacms 6.64/7.2

SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.

6.4
2018-09-25 CVE-2018-1539 IBM Improper Authentication vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended.

6.4
2018-09-25 CVE-2018-15960 Adobe Improper Input Validation vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability.

6.4
2018-09-25 CVE-2018-6046 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

6.1
2018-09-25 CVE-2018-6039 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

6.1
2018-09-24 CVE-2018-6682 Mcafee Cross-site Scripting vulnerability in Mcafee True KEY 4.0.0.0

Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.

6.1
2018-09-25 CVE-2018-11763 Apache
Canonical
Redhat
Oracle
Netapp
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect.
5.9
2018-09-28 CVE-2018-1251 Dell Open Redirect vulnerability in Dell EMC Unity Firmware and EMC Unityvsa

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability.

5.8
2018-09-28 CVE-2018-17582 Broadcom Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read.

5.8
2018-09-28 CVE-2018-17580 Broadcom Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0

A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1.

5.8
2018-09-28 CVE-2018-16587 Otrs
Debian
Improper Input Validation vulnerability in multiple products

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system.

5.8
2018-09-27 CVE-2018-1736 IBM Open Redirect vulnerability in IBM Websphere Portal

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

5.8
2018-09-30 CVE-2018-17798 Zzcms Path Traversal vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

5.5
2018-09-30 CVE-2018-17797 Zzcms Path Traversal vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

5.5
2018-09-28 CVE-2018-1702 IBM XXE vulnerability in IBM Platform Symphony and Spectrum Symphony

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-09-27 CVE-2018-7109 HP Unspecified vulnerability in HP Enhanced Internet Usage Manager 9.0

HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.

5.5
2018-09-25 CVE-2018-1669 IBM XXE vulnerability in IBM Datapower Gateway

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-09-25 CVE-2018-1607 IBM XXE vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-09-25 CVE-2018-1588 IBM XXE vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-09-30 CVE-2018-17785 Blynk Path Traversal vulnerability in Blynk Blynk-Server

In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.

5.0
2018-09-29 CVE-2018-17781 Foxitsoftware
Microsoft
Information Exposure vulnerability in Foxitsoftware Phantompdf and Reader

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.

5.0
2018-09-28 CVE-2018-17613 Telegram Insufficiently Protected Credentials vulnerability in Telegram Desktop 1.3.16

Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.

5.0
2018-09-28 CVE-2018-17605 Asset Pipeline Project Path Traversal vulnerability in Asset Pipeline Project Asset-Pipeline

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails.

5.0
2018-09-28 CVE-2018-17055 Progress Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

5.0
2018-09-27 CVE-2018-14650 SOS Collector Project
Redhat
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user.

5.0
2018-09-27 CVE-2018-7102 HP Path Traversal vulnerability in HP Intelligent Management Center

A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.

5.0
2018-09-27 CVE-2018-7101 HP Unspecified vulnerability in HP products

A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.

5.0
2018-09-26 CVE-2018-15836 Xelerance Improper Verification of Cryptographic Signature vulnerability in Xelerance Openswan

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification.

5.0
2018-09-26 CVE-2018-17555 Commscope Information Exposure vulnerability in Commscope Arris Tg2492Lg-Na Firmware 061213

The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.

5.0
2018-09-26 CVE-2018-8856 Philips Use of Hard-coded Credentials vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

5.0
2018-09-26 CVE-2018-8854 Philips Resource Exhaustion vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

5.0
2018-09-26 CVE-2018-8848 Philips Incorrect Default Permissions vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

5.0
2018-09-26 CVE-2018-14803 Philips Information Exposure vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

5.0
2018-09-26 CVE-2018-1785 IBM Inadequate Encryption Strength vulnerability in IBM products

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information.

5.0
2018-09-26 CVE-2018-1683 IBM Missing Encryption of Sensitive Data vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication.

5.0
2018-09-26 CVE-2018-1545 IBM Inadequate Encryption Strength vulnerability in IBM products

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2018-09-25 CVE-2018-15967 Adobe
Apple
Linux
Microsoft
Google
Redhat
Information Exposure vulnerability in multiple products

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability.

5.0
2018-09-25 CVE-2018-15964 Adobe Information Exposure vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability.

5.0
2018-09-25 CVE-2018-15963 Adobe Unspecified vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability.

5.0
2018-09-25 CVE-2018-15962 Adobe Information Exposure vulnerability in Adobe Coldfusion 11.0/2016/2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability.

5.0
2018-09-25 CVE-2018-12850 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability.

5.0
2018-09-25 CVE-2018-12849 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability.

5.0
2018-09-25 CVE-2018-12840 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability.

5.0
2018-09-25 CVE-2018-12801 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability.

5.0
2018-09-25 CVE-2018-12778 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability.

5.0
2018-09-25 CVE-2018-12775 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability.

5.0
2018-09-24 CVE-2018-17281 Digium
Debian
Resource Exhaustion vulnerability in multiple products

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2.

5.0
2018-09-24 CVE-2018-16299 Localize MY Post Project Path Traversal vulnerability in Localize MY Post Project Localize MY Post 1.0

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.

5.0
2018-09-28 CVE-2018-6925 Freebsd NULL Pointer Dereference vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.

4.9
2018-09-28 CVE-2018-17154 Freebsd NULL Pointer Dereference vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur.

4.9
2018-09-28 CVE-2018-1704 IBM Open Redirect vulnerability in IBM Platform Symphony and Spectrum Symphony

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

4.9
2018-09-26 CVE-2018-16588 Suse Incorrect Permission Assignment for Critical Resource vulnerability in Suse Shadow

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15).

4.6
2018-09-24 CVE-2018-10502 Samsung Improper Input Validation vulnerability in Samsung Galaxy Apps

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2.

4.6
2018-09-24 CVE-2018-10497 Samsung Improper Input Validation vulnerability in Samsung Email

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16.

4.6
2018-09-24 CVE-2018-10501 Samsung Path Traversal vulnerability in Samsung Notes

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31.

4.4
2018-09-24 CVE-2018-10500 Samsung Unspecified vulnerability in Samsung Galaxy Apps

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15.

4.4
2018-09-24 CVE-2018-10499 Samsung Improper Input Validation vulnerability in Samsung Galaxy Apps

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15.

4.4
2018-09-30 CVE-2018-17794 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.31

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.

4.3
2018-09-28 CVE-2018-9080 Lenovo Improper Authentication vulnerability in Lenovo products

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value.

4.3
2018-09-28 CVE-2018-1246 Dell Cross-site Scripting vulnerability in Dell products

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability.

4.3
2018-09-28 CVE-2018-11074 RSA
EMC
Cross-site Scripting vulnerability in multiple products

RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files.

4.3
2018-09-28 CVE-2018-17571 Vanillaforums Cross-site Scripting vulnerability in Vanillaforums Vanilla

Vanilla before 2.6.1 allows XSS via the email field of a profile.

4.3
2018-09-28 CVE-2018-17056 Progress Cross-site Scripting vulnerability in Progress Sitefinity CMS 10.2/11.0

Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-09-28 CVE-2018-16586 Otrs
Debian
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system.
4.3
2018-09-28 CVE-2018-14037 Progress Cross-site Scripting vulnerability in Progress Kendo UI 2018.1.221

Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js.

4.3
2018-09-27 CVE-2018-1716 IBM Cross-site Scripting vulnerability in IBM Websphere Portal

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.

4.3
2018-09-27 CVE-2018-7108 HPE Improper Authentication vulnerability in HPE Storageworks XP7 Automation Director

HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system.

4.3
2018-09-26 CVE-2018-17316 Ricoh Cross-site Scripting vulnerability in Ricoh MP C6003 Firmware

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17315 Ricoh Cross-site Scripting vulnerability in Ricoh MP C2003Sp Firmware

On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17314 Ricoh Cross-site Scripting vulnerability in Ricoh MP 305+ Firmware

On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17313 Ricoh Cross-site Scripting vulnerability in Ricoh MP C307 Firmware

On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17312 Ricoh Cross-site Scripting vulnerability in Ricoh Aficio MP 301Spf Firmware

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17311 Ricoh Cross-site Scripting vulnerability in Ricoh MP C6503 Firmware

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17310 Ricoh Cross-site Scripting vulnerability in Ricoh MP C1803 JPN Firmware

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17309 Ricoh Cross-site Scripting vulnerability in Ricoh MP C406Zspf Firmware

On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

4.3
2018-09-26 CVE-2018-17081 E107 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.9

e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.

4.3
2018-09-26 CVE-2017-15608 Inedo Cross-Site Request Forgery (CSRF) vulnerability in Inedo Proget

Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.

4.3
2018-09-26 CVE-2018-8846 Philips Cross-site Scripting vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

4.3
2018-09-26 CVE-2018-15606 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm

An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.

4.3
2018-09-26 CVE-2018-7355 ZTE Cross-site Scripting vulnerability in ZTE Mf65 Firmware and Mf65M1 Firmware

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability.

4.3
2018-09-26 CVE-2018-7907 Huawei Information Exposure vulnerability in Huawei products

Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability.

4.3
2018-09-25 CVE-2018-6052 Google
Redhat
Debian
Information Exposure vulnerability in multiple products

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.

4.3
2018-09-25 CVE-2018-6051 Google
Debian
Redhat
Cross-site Scripting vulnerability in multiple products

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.

4.3
2018-09-25 CVE-2018-6048 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.

4.3
2018-09-25 CVE-2018-6047 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.

4.3
2018-09-25 CVE-2018-6042 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3
2018-09-25 CVE-2018-6041 Google
Debian
Redhat
Improper Input Validation vulnerability in multiple products

Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3
2018-09-24 CVE-2018-17439 Hdfgroup Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.10.3

An issue was discovered in the HDF HDF5 1.10.3 library.

4.3
2018-09-24 CVE-2018-17438 Hdfgroup Divide By Zero vulnerability in Hdfgroup Hdf5

A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero.

4.3
2018-09-24 CVE-2018-17436 Hdfgroup Out-of-bounds Write vulnerability in Hdfgroup Hdf5

ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file.

4.3
2018-09-24 CVE-2018-17435 Hdfgroup Out-of-bounds Read vulnerability in Hdfgroup Hdf5

A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

4.3
2018-09-24 CVE-2018-17433 Hdfgroup Out-of-bounds Write vulnerability in Hdfgroup Hdf5

A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

4.3
2018-09-24 CVE-2018-17432 Hdfgroup NULL Pointer Dereference vulnerability in Hdfgroup Hdf5

A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

4.3
2018-09-29 CVE-2018-17780 Telegram Information Exposure vulnerability in Telegram Desktop and Telegram Messenger

Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.

4.0
2018-09-28 CVE-2018-9082 Lenovo Session Fixation vulnerability in Lenovo products

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one.

4.0
2018-09-28 CVE-2018-1250 Dell Incorrect Authorization vulnerability in Dell EMC Unity Firmware and EMC Unityvsa

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability.

4.0
2018-09-26 CVE-2018-16969 Citrix Information Exposure vulnerability in Citrix Sharefile Storagezones Controller

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.

4.0
2018-09-26 CVE-2018-16672 Circontrol Information Exposure vulnerability in Circontrol Circarlife Scada

An issue was discovered in CIRCONTROL CirCarLife before 4.3.

4.0

21 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-09-28 CVE-2018-11073 EMC
RSA
Cross-site Scripting vulnerability in multiple products

RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console.

3.5
2018-09-28 CVE-2018-15365 Trendmicro Cross-site Scripting vulnerability in Trendmicro Deep Discovery Inspector 3.85

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations.

3.5
2018-09-28 CVE-2018-17574 Ymfe Cross-site Scripting vulnerability in Ymfe Yapi 1.3.22

An issue was discovered in YMFE YApi 1.3.23.

3.5
2018-09-28 CVE-2018-16277 Xwiki Cross-site Scripting vulnerability in Xwiki

The Image Import function in XWiki through 10.7 has XSS.

3.5
2018-09-27 CVE-2018-1820 IBM Cross-site Scripting vulnerability in IBM Websphere Portal

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.

3.5
2018-09-27 CVE-2018-1660 IBM Cross-site Scripting vulnerability in IBM Websphere Portal

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.

3.5
2018-09-26 CVE-2018-16968 Citrix Path Traversal vulnerability in Citrix Sharefile Storagezones Controller

Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.

3.5
2018-09-26 CVE-2018-17556 Modx Cross-site Scripting vulnerability in Modx Revolution 2.6.5

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.

3.5
2018-09-26 CVE-2018-1610 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting.

3.5
2018-09-25 CVE-2018-1659 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2018-09-25 CVE-2018-1560 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2018-09-26 CVE-2018-8842 Philips Cleartext Transmission of Sensitive Information vulnerability in Philips E-Alert Firmware

Philips e-Alert Unit (non-medical device), Version R2.1 and prior.

3.3
2018-09-25 CVE-2018-6053 Google
Redhat
Debian
Information Exposure vulnerability in multiple products

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.

3.3
2018-09-28 CVE-2018-9081 Lenovo Cross-site Scripting vulnerability in Lenovo products

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS.

2.6
2018-09-28 CVE-2018-11075 RSA
EMC
Cross-site Scripting vulnerability in multiple products

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page.

2.6
2018-09-28 CVE-2018-17155 Freebsd Information Exposure vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes.

2.1
2018-09-26 CVE-2018-1768 IBM Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus 10.1.0/10.1.1

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file.

2.1
2018-09-26 CVE-2018-1550 IBM Improper Privilege Management vulnerability in IBM products

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users.

2.1
2018-09-25 CVE-2018-1664 IBM Unspecified vulnerability in IBM Datapower Gateway

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache.

2.1
2018-09-24 CVE-2018-10498 Samsung Information Exposure vulnerability in Samsung Email

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16.

2.1
2018-09-24 CVE-2018-15615 Avaya Information Exposure vulnerability in Avaya Call Management System Supervisor 17.0.0/18.0.1.0/18.0.2.0

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host.

2.1