Weekly Vulnerabilities Reports > October 22 to 28, 2018

Overview

161 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 277 products from 76 vendors including Qualcomm, Debian, Canonical, Redhat, and Citrix. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "NULL Pointer Dereference", "Out-of-bounds Write", and "Information Exposure".

  • 89 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 143 reported vulnerabilities are exploitable by an anonymous user.
  • Qualcomm has the most reported vulnerabilities, with 40 reported vulnerabilities.
  • Advantech has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-10-23 CVE-2018-15497 Mitel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitel Mivoice 5330E Firmware

The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality.

10.0
2018-10-23 CVE-2018-18628 Pippo Deserialization of Untrusted Data vulnerability in Pippo 1.11.0

An issue was discovered in Pippo 1.11.0.

10.0
2018-10-23 CVE-2017-18349 Alibaba
Pippo
Improper Input Validation vulnerability in multiple products

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.

10.0
2018-10-24 CVE-2018-11792 Apache Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table.

9.8
2018-10-23 CVE-2018-14816 Advantech Out-of-bounds Write vulnerability in Advantech Webaccess

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.

9.8
2018-10-23 CVE-2018-14806 Advantech Path Traversal vulnerability in Advantech Webaccess

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.

9.8
2018-10-24 CVE-2018-18638 Neatorobotics OS Command Injection vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.

9.3
2018-10-25 CVE-2018-18652 Veritas Unspecified vulnerability in Veritas Netbackup Appliance

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root.

9.0
2018-10-22 CVE-2018-15704 Advantech Out-of-bounds Write vulnerability in Advantech Webaccess

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability.

9.0

62 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-10-23 CVE-2018-18589 Microfocus Deserialization of Untrusted Data vulnerability in Microfocus Real User Monitoring

A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50.

8.8
2018-10-22 CVE-2018-1850 IBM Unspecified vulnerability in IBM Security Access Manager 9.0.3.1/9.0.4.0/9.0.5.0

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running.

8.5
2018-10-23 CVE-2017-18171 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.

8.3
2018-10-23 CVE-2017-18170 Qualcomm Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products

Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.

8.3
2018-10-22 CVE-2018-18559 Linux
Redhat
Use After Free vulnerability in multiple products

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket.

8.1
2018-10-26 CVE-2018-15686 Debian
Canonical
Systemd Project
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.

7.8
2018-10-26 CVE-2018-11828 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52

7.8
2018-10-25 CVE-2018-3971 Sophos Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744.

7.8
2018-10-24 CVE-2018-18014 Citrix Improper Authentication vulnerability in Citrix Xenmobile Server

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001.

7.8
2018-10-24 CVE-2018-18013 Citrix Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input.

7.8
2018-10-23 CVE-2018-14828 Advantech Improper Privilege Management vulnerability in Advantech Webaccess

Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.

7.8
2018-10-24 CVE-2018-8955 Bitdefender Improper Verification of Cryptographic Signature vulnerability in Bitdefender Gravityzone

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.

7.5
2018-10-24 CVE-2018-15751 Saltstack Improper Authentication vulnerability in Saltstack Salt

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

7.5
2018-10-24 CVE-2018-13342 Linhandante Use of Hard-coded Credentials vulnerability in Linhandante Anda

The server API in the Anda app relies on hardcoded credentials.

7.5
2018-10-24 CVE-2018-18476 Nedap SQL Injection vulnerability in Nedap Mysql-Binuuid-Rails 1.0.0/1.1.0

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.

7.5
2018-10-24 CVE-2018-11804 Apache Unspecified vulnerability in Apache Spark

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation.

7.5
2018-10-23 CVE-2018-18475 Zohocorp Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.

7.5
2018-10-23 CVE-2018-17448 Citrix Unspecified vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

7.5
2018-10-23 CVE-2018-17446 Citrix SQL Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan

A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

7.5
2018-10-23 CVE-2018-17445 Citrix Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan

A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

7.5
2018-10-23 CVE-2018-14820 Advantech Improper Input Validation vulnerability in Advantech Webaccess

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

7.5
2018-10-23 CVE-2018-18626 Phpyun Unspecified vulnerability in PHPyun 4.6

An issue was discovered in PHPYun V4.6.

7.5
2018-10-22 CVE-2018-13114 Keruigroup Missing Authentication for Critical Function vulnerability in Keruigroup Ypc99 Firmware

Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.

7.5
2018-10-26 CVE-2018-5914 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

7.2
2018-10-26 CVE-2018-5866 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660.

7.2
2018-10-26 CVE-2018-3588 Qualcomm Unspecified vulnerability in Qualcomm products

There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660.

7.2
2018-10-26 CVE-2018-11950 Qualcomm Improper Input Validation vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware

Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850

7.2
2018-10-26 CVE-2018-11854 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660

7.2
2018-10-26 CVE-2018-11853 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016

7.2
2018-10-26 CVE-2018-11850 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

7.2
2018-10-26 CVE-2018-11849 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016

7.2
2018-10-26 CVE-2018-11824 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660

7.2
2018-10-26 CVE-2018-11822 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660

7.2
2018-10-26 CVE-2018-11821 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016

7.2
2018-10-26 CVE-2018-11305 Qualcomm Use After Free vulnerability in Qualcomm products

When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

7.2
2018-10-26 CVE-2017-18311 Qualcomm Unspecified vulnerability in Qualcomm products

XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.

7.2
2018-10-26 CVE-2017-18310 Qualcomm Unspecified vulnerability in Qualcomm products

ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016

7.2
2018-10-26 CVE-2017-18308 Qualcomm Unspecified vulnerability in Qualcomm products

Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430

7.2
2018-10-26 CVE-2017-18124 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

7.2
2018-10-26 CVE-2018-18654 Debian Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81

Crossroads 2.81 does not properly handle the /tmp directory during a build of xr.

7.2
2018-10-26 CVE-2018-18653 Canonical Improper Verification of Cryptographic Signature vulnerability in Canonical Ubuntu Linux 18.10

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules.

7.2
2018-10-25 CVE-2018-14665 X ORG
Redhat
Canonical
Debian
Incorrect Authorization vulnerability in multiple products

A flaw was found in xorg-x11-server before 1.20.3.

7.2
2018-10-24 CVE-2016-10730 Zmanda
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

An issue was discovered in Amanda 3.3.1.

7.2
2018-10-24 CVE-2016-10729 Zmanda
Redhat
Debian
Command Injection vulnerability in multiple products

An issue was discovered in Amanda 3.3.1.

7.2
2018-10-24 CVE-2018-15442 Cisco OS Command Injection vulnerability in Cisco Webex Meetings Desktop and Webex Productivity Tools

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.

7.2
2018-10-23 CVE-2018-18329 Trendmicro NULL Pointer Dereference vulnerability in Trendmicro products

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations.

7.2
2018-10-23 CVE-2018-18328 Trendmicro NULL Pointer Dereference vulnerability in Trendmicro products

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations.

7.2
2018-10-23 CVE-2018-18327 Trendmicro NULL Pointer Dereference vulnerability in Trendmicro products

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations.

7.2
2018-10-23 CVE-2018-15367 Trendmicro NULL Pointer Dereference vulnerability in Trendmicro products

A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations.

7.2
2018-10-23 CVE-2018-15366 Trendmicro Use After Free vulnerability in Trendmicro products

A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations.

7.2
2018-10-23 CVE-2017-18312 Qualcomm Missing Authorization vulnerability in Qualcomm products

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A

7.2
2018-10-23 CVE-2017-18304 Qaulcomm
Qualcomm
Out-of-bounds Read vulnerability in multiple products

Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20

7.2
2018-10-23 CVE-2017-18303 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20.

7.2
2018-10-23 CVE-2017-18298 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 .

7.2
2018-10-23 CVE-2017-18297 Qualcomm Double Free vulnerability in Qualcomm products

Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.

7.2
2018-10-23 CVE-2017-18296 Qualcomm Unspecified vulnerability in Qualcomm products

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

7.2
2018-10-23 CVE-2017-18295 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20.

7.2
2018-10-23 CVE-2017-18294 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

7.2
2018-10-23 CVE-2017-18293 Qualcomm Unspecified vulnerability in Qualcomm products

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

7.2
2018-10-23 CVE-2017-18282 Qualcomm Unspecified vulnerability in Qualcomm products

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

7.2
2018-10-23 CVE-2017-18172 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

7.2
2018-10-26 CVE-2018-15687 Canonical
Systemd Project
Race Condition vulnerability in multiple products

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files.

7.0

84 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-10-24 CVE-2018-17923 Sagaradio Improper Authentication vulnerability in Sagaradio Saga1-L8B Firmware

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.

6.9
2018-10-23 CVE-2017-18305 Qualcomm Unspecified vulnerability in Qualcomm products

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

6.9
2018-10-26 CVE-2018-4022 Mkvtoolnix Use After Free vulnerability in Mkvtoolnix Mkvinfo 25.0.0

A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format.

6.8
2018-10-24 CVE-2018-9281 Eaton Cross-Site Request Forgery (CSRF) vulnerability in Eaton 9PX UPS Firmware

An issue was discovered on Eaton UPS 9PX 8000 SP devices.

6.8
2018-10-24 CVE-2018-14812 Fujielectric Uncontrolled Search Path Element vulnerability in Fujielectric Energy Savings Estimator 1.0.2.0

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior.

6.8
2018-10-23 CVE-2018-8569 Microsoft Unspecified vulnerability in Microsoft Yammer

A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App.

6.8
2018-10-23 CVE-2018-18599 Guardianproject Out-of-bounds Write vulnerability in Guardianproject Stegdetect 0.6

Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file.

6.8
2018-10-22 CVE-2018-18583 Lupng Project Out-of-bounds Write vulnerability in Lupng Project Lupng 20170310

An issue has been found in LuPng through 2017-03-10.

6.8
2018-10-22 CVE-2018-18582 Lupng Project Out-of-bounds Write vulnerability in Lupng Project Lupng 20170310

An issue has been found in LuPng through 2017-03-10.

6.8
2018-10-22 CVE-2018-18581 Lupng Project Out-of-bounds Read vulnerability in Lupng Project Lupng 20170310

An issue has been found in LuPng through 2017-03-10.

6.8
2018-10-22 CVE-2018-18557 Libtiff
Debian
Canonical
Out-of-bounds Write vulnerability in multiple products

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

6.8
2018-10-26 CVE-2017-18309 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware

A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.

6.6
2018-10-24 CVE-2018-11785 Apache Missing Authorization vulnerability in Apache Impala

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

6.5
2018-10-23 CVE-2018-13400 Atlassian Improper Privilege Management vulnerability in Atlassian Jira and Jira Server

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

6.5
2018-10-23 CVE-2018-18584 Libmspack Project
Cabextract Project
Debian
Redhat
Canonical
Suse
Starwindsoftware
Out-of-bounds Write vulnerability in multiple products

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

6.5
2018-10-24 CVE-2018-17903 Sagaradio Improper Input Validation vulnerability in Sagaradio Saga1-L8B Firmware

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.

6.4
2018-10-22 CVE-2018-13115 Keruigroup Improper Input Validation vulnerability in Keruigroup Ypc99 Firmware

Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream.

6.4
2018-10-23 CVE-2018-18603 360Totalsecurity Unspecified vulnerability in 360Totalsecurity 360 Total Security 3.5.0.1033

360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file.

6.3
2018-10-24 CVE-2018-18636 D Link Cross-site Scripting vulnerability in D-Link Dsl-2640T Firmware

XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.

6.1
2018-10-23 CVE-2017-18283 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.

6.1
2018-10-26 CVE-2018-15688 Systemd Project
Debian
Canonical
Redhat
Classic Buffer Overflow vulnerability in multiple products

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd.

5.8
2018-10-24 CVE-2018-17921 Sagaradio Improper Access Control vulnerability in Sagaradio Saga1-L8B Firmware

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.

5.8
2018-10-23 CVE-2018-13402 Atlassian Open Redirect vulnerability in Atlassian Jira and Jira Server

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

5.8
2018-10-23 CVE-2018-13401 Atlassian Open Redirect vulnerability in Atlassian Jira and Jira Server

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

5.8
2018-10-23 CVE-2017-18313 Qualcomm Unspecified vulnerability in Qualcomm products

Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617.

5.7
2018-10-26 CVE-2018-18662 Artifex Out-of-bounds Read vulnerability in Artifex Mupdf 1.14.0

There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.

5.5
2018-10-25 CVE-2018-3970 Sophos Use of Uninitialized Resource vulnerability in Sophos Hitmanpro.Alert 3.7.6.744

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744.

5.5
2018-10-23 CVE-2018-18607 GNU
Debian
Netapp
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.

5.5
2018-10-23 CVE-2018-18606 GNU
Debian
Netapp
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.

5.5
2018-10-23 CVE-2018-18605 GNU
Debian
Netapp
Out-of-bounds Read vulnerability in multiple products

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize.

5.5
2018-10-23 CVE-2018-18586 Kyzer Path Traversal vulnerability in Kyzer Libmspack

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal.

5.3
2018-10-26 CVE-2018-18659 Arcserve XXE vulnerability in Arcserve UDP 6.0/6.5

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.

5.0
2018-10-26 CVE-2018-18658 Arcserve Information Exposure vulnerability in Arcserve UDP 6.0/6.5

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.

5.0
2018-10-26 CVE-2018-18657 Arcserve Information Exposure vulnerability in Arcserve UDP 6.0/6.5

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.

5.0
2018-10-24 CVE-2018-18566 Polycom Information Exposure vulnerability in Polycom Unified Communications Software

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.

5.0
2018-10-24 CVE-2018-18552 Serverscheck Path Traversal vulnerability in Serverscheck Monitoring Software

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu.

5.0
2018-10-24 CVE-2018-15750 Saltstack Path Traversal vulnerability in Saltstack Salt

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

5.0
2018-10-23 CVE-2018-7432 Splunk Improper Input Validation vulnerability in Splunk

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.

5.0
2018-10-23 CVE-2018-7429 Splunk Improper Input Validation vulnerability in Splunk

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.

5.0
2018-10-23 CVE-2018-18467 Conversations Information Exposure vulnerability in Conversations 2.3.4

An issue was discovered in Daniel Gultsch Conversations 2.3.4.

5.0
2018-10-23 CVE-2018-17968 Ruletkaio Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ruletkaio

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call.

5.0
2018-10-23 CVE-2018-17877 Greedy599 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Greedy599 Greedy 599

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call.

5.0
2018-10-23 CVE-2018-17447 Citrix Information Exposure Through Log Files vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

5.0
2018-10-23 CVE-2018-17444 Citrix Path Traversal vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

5.0
2018-10-23 CVE-2018-18587 Bigprof Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bigprof Appgini 5.70

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.

5.0
2018-10-26 CVE-2018-18690 Linux
Canonical
Debian
Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.

4.9
2018-10-26 CVE-2018-11951 Qualcomm Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware

Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.

4.9
2018-10-23 CVE-2018-7911 Huawei Unspecified vulnerability in Huawei products

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability.

4.9
2018-10-23 CVE-2017-18300 Qualcomm Information Exposure vulnerability in Qualcomm products

Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660.

4.9
2018-10-23 CVE-2017-18299 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660

4.9
2018-10-23 CVE-2017-18292 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.

4.9
2018-10-23 CVE-2017-18277 Qualcomm Infinite Loop vulnerability in Qualcomm products

When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.

4.9
2018-10-24 CVE-2018-17935 Telecrane 7PK - Security Features vulnerability in Telecrane products

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission.

4.8
2018-10-26 CVE-2018-11846 Qualcomm Information Exposure vulnerability in Qualcomm products

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850

4.7
2018-10-26 CVE-2018-18661 Libtiff
Canonical
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in LibTIFF 4.0.9.

4.3
2018-10-26 CVE-2018-18660 Arcserve Cross-site Scripting vulnerability in Arcserve UDP 5.0/6.0/6.5

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.

4.3
2018-10-26 CVE-2018-18655 Prayer Project Information Exposure vulnerability in Prayer Project Prayer

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.

4.3
2018-10-25 CVE-2018-17904 Geovap Cross-site Scripting vulnerability in Geovap Reliance 4

Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior.

4.3
2018-10-25 CVE-2018-18651 Xpdfreader Excessive Iteration vulnerability in Xpdfreader Xpdf 4.00

An issue was discovered in Xpdf 4.00.

4.3
2018-10-25 CVE-2018-18650 Xpdfreader Integer Overflow or Wraparound vulnerability in Xpdfreader Xpdf 4.00

An issue was discovered in Xpdf 4.00.

4.3
2018-10-24 CVE-2018-18621 Communigate Cross-site Scripting vulnerability in Communigate PRO 6.2

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.

4.3
2018-10-24 CVE-2018-18568 Polycom Improper Certificate Validation vulnerability in Polycom Unified Communications Software

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

4.3
2018-10-24 CVE-2018-18567 Audiocodes Improper Certificate Validation vulnerability in Audiocodes 440Hd Firmware and 450Hd Firmware

AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

4.3
2018-10-24 CVE-2018-18551 Serverscheck Cross-site Scripting vulnerability in Serverscheck Monitoring Software

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.

4.3
2018-10-24 CVE-2018-18635 Mailcleaner Cross-site Scripting vulnerability in Mailcleaner 2018.08/2018.09

www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.

4.3
2018-10-24 CVE-2018-18548 Ajenti Cross-site Scripting vulnerability in Ajenti Ajenticp

ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.

4.3
2018-10-24 CVE-2018-18547 Vestacp Cross-site Scripting vulnerability in Vestacp Control Panel

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.

4.3
2018-10-24 CVE-2018-12650 Myadrenalin Cross-site Scripting vulnerability in Myadrenalin Human Resource Management Software 5.4.0

Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.

4.3
2018-10-23 CVE-2018-7427 Splunk Cross-site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-10-23 CVE-2018-18437 Axiositalia Cross-site Scripting vulnerability in Axiositalia Registro Elettronico 1.7.0

In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.

4.3
2018-10-23 CVE-2018-16235 Telligent Cross-site Scripting vulnerability in Telligent Community

Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget.

4.3
2018-10-23 CVE-2018-16226 Mitel Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page.

4.3
2018-10-23 CVE-2018-12901 Mitel Cross-site Scripting vulnerability in Mitel ST Firmware

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page.

4.3
2018-10-23 CVE-2018-18622 Bijiadao Cross-site Scripting vulnerability in Bijiadao Waimai Super CMS 20150505

An issue was discovered in Waimai Super Cms 20150505.

4.3
2018-10-23 CVE-2018-18608 Dedecms Cross-site Scripting vulnerability in Dedecms 5.7

DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.

4.3
2018-10-23 CVE-2018-18585 Kyzer
Debian
Redhat
Canonical
Suse
Starwindsoftware
NULL Pointer Dereference vulnerability in multiple products

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

4.3
2018-10-22 CVE-2018-18579 Dedecms Cross-site Scripting vulnerability in Dedecms 5.7

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.

4.3
2018-10-22 CVE-2018-18578 Dedecms Cross-site Scripting vulnerability in Dedecms 5.7

DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.

4.3
2018-10-22 CVE-2018-15703 Advantech Cross-site Scripting vulnerability in Advantech Webaccess

Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities.

4.3
2018-10-22 CVE-2018-12246 Symantec Cross-site Scripting vulnerability in Symantec web Isolation 1.11

Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability.

4.3
2018-10-22 CVE-2018-18553 Leanote Cross-site Scripting vulnerability in Leanote 2.6.1

Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.

4.3
2018-10-24 CVE-2018-9280 Eaton Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware

An issue was discovered on Eaton UPS 9PX 8000 SP devices.

4.0
2018-10-24 CVE-2018-9279 Eaton Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware

An issue was discovered on Eaton UPS 9PX 8000 SP devices.

4.0
2018-10-23 CVE-2018-7431 Splunk Path Traversal vulnerability in Splunk

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-10-24 CVE-2018-18517 Citrix Cross-site Scripting vulnerability in Citrix Netscaler Gateway Firmware 10.5.50.10/10.5.51.10

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.

3.5
2018-10-24 CVE-2018-1541 IBM Cross-site Scripting vulnerability in IBM Websphere Commerce

IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting.

3.5
2018-10-23 CVE-2018-17873 Wifiranger Incorrect Permission Assignment for Critical Resource vulnerability in Wifiranger Firmware

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.

3.3
2018-10-26 CVE-2018-6559 Linux
Canonical
Information Exposure vulnerability in multiple products

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.

2.1
2018-10-26 CVE-2018-18656 Purevpn Insufficiently Protected Credentials vulnerability in Purevpn

The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext.

2.1
2018-10-23 CVE-2018-16837 Redhat
Debian
Suse
Missing Encryption of Sensitive Data vulnerability in multiple products

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen.

2.1