Weekly Vulnerabilities Reports > October 22 to 28, 2018
Overview
161 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 277 products from 76 vendors including Qualcomm, Debian, Canonical, Redhat, and Citrix. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "NULL Pointer Dereference", "Out-of-bounds Write", and "Information Exposure".
- 89 reported vulnerabilities are remotely exploitables.
- 16 reported vulnerabilities have public exploit available.
- 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 143 reported vulnerabilities are exploitable by an anonymous user.
- Qualcomm has the most reported vulnerabilities, with 40 reported vulnerabilities.
- Advantech has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-23 | CVE-2018-15497 | Mitel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitel Mivoice 5330E Firmware The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. | 10.0 |
2018-10-23 | CVE-2018-18628 | Pippo | Deserialization of Untrusted Data vulnerability in Pippo 1.11.0 An issue was discovered in Pippo 1.11.0. | 10.0 |
2018-10-23 | CVE-2017-18349 | Alibaba Pippo | Improper Input Validation vulnerability in multiple products parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java. | 10.0 |
2018-10-24 | CVE-2018-11792 | Apache | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. | 9.8 |
2018-10-23 | CVE-2018-14816 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | 9.8 |
2018-10-23 | CVE-2018-14806 | Advantech | Path Traversal vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | 9.8 |
2018-10-24 | CVE-2018-18638 | Neatorobotics | OS Command Injection vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. | 9.3 |
2018-10-25 | CVE-2018-18652 | Veritas | Unspecified vulnerability in Veritas Netbackup Appliance A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. | 9.0 |
2018-10-22 | CVE-2018-15704 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. | 9.0 |
62 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-23 | CVE-2018-18589 | Microfocus | Deserialization of Untrusted Data vulnerability in Microfocus Real User Monitoring A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. | 8.8 |
2018-10-22 | CVE-2018-1850 | IBM | Unspecified vulnerability in IBM Security Access Manager 9.0.3.1/9.0.4.0/9.0.5.0 IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. | 8.5 |
2018-10-23 | CVE-2017-18171 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | 8.3 |
2018-10-23 | CVE-2017-18170 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | 8.3 |
2018-10-22 | CVE-2018-18559 | Linux Redhat | Use After Free vulnerability in multiple products In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. | 8.1 |
2018-10-26 | CVE-2018-15686 | Debian Canonical Systemd Project Oracle | Deserialization of Untrusted Data vulnerability in multiple products A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. | 7.8 |
2018-10-26 | CVE-2018-11828 | Qualcomm | Resource Exhaustion vulnerability in Qualcomm products When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52 | 7.8 |
2018-10-25 | CVE-2018-3971 | Sophos | Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 7.8 |
2018-10-24 | CVE-2018-18014 | Citrix | Improper Authentication vulnerability in Citrix Xenmobile Server * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. | 7.8 |
2018-10-24 | CVE-2018-18013 | Citrix | Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. | 7.8 |
2018-10-23 | CVE-2018-14828 | Advantech | Improper Privilege Management vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | 7.8 |
2018-10-24 | CVE-2018-8955 | Bitdefender | Improper Verification of Cryptographic Signature vulnerability in Bitdefender Gravityzone The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | 7.5 |
2018-10-24 | CVE-2018-15751 | Saltstack | Improper Authentication vulnerability in Saltstack Salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | 7.5 |
2018-10-24 | CVE-2018-13342 | Linhandante | Use of Hard-coded Credentials vulnerability in Linhandante Anda The server API in the Anda app relies on hardcoded credentials. | 7.5 |
2018-10-24 | CVE-2018-18476 | Nedap | SQL Injection vulnerability in Nedap Mysql-Binuuid-Rails 1.0.0/1.1.0 mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. | 7.5 |
2018-10-24 | CVE-2018-11804 | Apache | Unspecified vulnerability in Apache Spark Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. | 7.5 |
2018-10-23 | CVE-2018-18475 | Zohocorp | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | 7.5 |
2018-10-23 | CVE-2018-17448 | Citrix | Unspecified vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 7.5 |
2018-10-23 | CVE-2018-17446 | Citrix | SQL Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 7.5 |
2018-10-23 | CVE-2018-17445 | Citrix | Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 7.5 |
2018-10-23 | CVE-2018-14820 | Advantech | Improper Input Validation vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | 7.5 |
2018-10-23 | CVE-2018-18626 | Phpyun | Unspecified vulnerability in PHPyun 4.6 An issue was discovered in PHPYun V4.6. | 7.5 |
2018-10-22 | CVE-2018-13114 | Keruigroup | Missing Authentication for Critical Function vulnerability in Keruigroup Ypc99 Firmware Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command. | 7.5 |
2018-10-26 | CVE-2018-5914 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | 7.2 |
2018-10-26 | CVE-2018-5866 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660. | 7.2 |
2018-10-26 | CVE-2018-3588 | Qualcomm | Unspecified vulnerability in Qualcomm products There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660. | 7.2 |
2018-10-26 | CVE-2018-11950 | Qualcomm | Improper Input Validation vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850 | 7.2 |
2018-10-26 | CVE-2018-11854 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 | 7.2 |
2018-10-26 | CVE-2018-11853 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 | 7.2 |
2018-10-26 | CVE-2018-11850 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 | 7.2 |
2018-10-26 | CVE-2018-11849 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016 | 7.2 |
2018-10-26 | CVE-2018-11824 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660 | 7.2 |
2018-10-26 | CVE-2018-11822 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 | 7.2 |
2018-10-26 | CVE-2018-11821 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 | 7.2 |
2018-10-26 | CVE-2018-11305 | Qualcomm | Use After Free vulnerability in Qualcomm products When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 7.2 |
2018-10-26 | CVE-2017-18311 | Qualcomm | Unspecified vulnerability in Qualcomm products XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. | 7.2 |
2018-10-26 | CVE-2017-18310 | Qualcomm | Unspecified vulnerability in Qualcomm products ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016 | 7.2 |
2018-10-26 | CVE-2017-18308 | Qualcomm | Unspecified vulnerability in Qualcomm products Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430 | 7.2 |
2018-10-26 | CVE-2017-18124 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 | 7.2 |
2018-10-26 | CVE-2018-18654 | Debian | Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81 Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. | 7.2 |
2018-10-26 | CVE-2018-18653 | Canonical | Improper Verification of Cryptographic Signature vulnerability in Canonical Ubuntu Linux 18.10 The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. | 7.2 |
2018-10-25 | CVE-2018-14665 | X ORG Redhat Canonical Debian | Incorrect Authorization vulnerability in multiple products A flaw was found in xorg-x11-server before 1.20.3. | 7.2 |
2018-10-24 | CVE-2016-10730 | Zmanda Redhat | Permissions, Privileges, and Access Controls vulnerability in multiple products An issue was discovered in Amanda 3.3.1. | 7.2 |
2018-10-24 | CVE-2016-10729 | Zmanda Redhat Debian | Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. | 7.2 |
2018-10-24 | CVE-2018-15442 | Cisco | OS Command Injection vulnerability in Cisco Webex Meetings Desktop and Webex Productivity Tools A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. | 7.2 |
2018-10-23 | CVE-2018-18329 | Trendmicro | NULL Pointer Dereference vulnerability in Trendmicro products A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. | 7.2 |
2018-10-23 | CVE-2018-18328 | Trendmicro | NULL Pointer Dereference vulnerability in Trendmicro products A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. | 7.2 |
2018-10-23 | CVE-2018-18327 | Trendmicro | NULL Pointer Dereference vulnerability in Trendmicro products A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. | 7.2 |
2018-10-23 | CVE-2018-15367 | Trendmicro | NULL Pointer Dereference vulnerability in Trendmicro products A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. | 7.2 |
2018-10-23 | CVE-2018-15366 | Trendmicro | Use After Free vulnerability in Trendmicro products A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. | 7.2 |
2018-10-23 | CVE-2017-18312 | Qualcomm | Missing Authorization vulnerability in Qualcomm products While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A | 7.2 |
2018-10-23 | CVE-2017-18304 | Qaulcomm Qualcomm | Out-of-bounds Read vulnerability in multiple products Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20 | 7.2 |
2018-10-23 | CVE-2017-18303 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20. | 7.2 |
2018-10-23 | CVE-2017-18298 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . | 7.2 |
2018-10-23 | CVE-2017-18297 | Qualcomm | Double Free vulnerability in Qualcomm products Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820. | 7.2 |
2018-10-23 | CVE-2017-18296 | Qualcomm | Unspecified vulnerability in Qualcomm products Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 7.2 |
2018-10-23 | CVE-2017-18295 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20. | 7.2 |
2018-10-23 | CVE-2017-18294 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 7.2 |
2018-10-23 | CVE-2017-18293 | Qualcomm | Unspecified vulnerability in Qualcomm products When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | 7.2 |
2018-10-23 | CVE-2017-18282 | Qualcomm | Unspecified vulnerability in Qualcomm products Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | 7.2 |
2018-10-23 | CVE-2017-18172 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. | 7.2 |
2018-10-26 | CVE-2018-15687 | Canonical Systemd Project | Race Condition vulnerability in multiple products A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. | 7.0 |
84 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-24 | CVE-2018-17923 | Sagaradio | Improper Authentication vulnerability in Sagaradio Saga1-L8B Firmware SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. | 6.9 |
2018-10-23 | CVE-2017-18305 | Qualcomm | Unspecified vulnerability in Qualcomm products XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. | 6.9 |
2018-10-26 | CVE-2018-4022 | Mkvtoolnix | Use After Free vulnerability in Mkvtoolnix Mkvinfo 25.0.0 A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. | 6.8 |
2018-10-24 | CVE-2018-9281 | Eaton | Cross-Site Request Forgery (CSRF) vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 6.8 |
2018-10-24 | CVE-2018-14812 | Fujielectric | Uncontrolled Search Path Element vulnerability in Fujielectric Energy Savings Estimator 1.0.2.0 An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. | 6.8 |
2018-10-23 | CVE-2018-8569 | Microsoft | Unspecified vulnerability in Microsoft Yammer A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App. | 6.8 |
2018-10-23 | CVE-2018-18599 | Guardianproject | Out-of-bounds Write vulnerability in Guardianproject Stegdetect 0.6 Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. | 6.8 |
2018-10-22 | CVE-2018-18583 | Lupng Project | Out-of-bounds Write vulnerability in Lupng Project Lupng 20170310 An issue has been found in LuPng through 2017-03-10. | 6.8 |
2018-10-22 | CVE-2018-18582 | Lupng Project | Out-of-bounds Write vulnerability in Lupng Project Lupng 20170310 An issue has been found in LuPng through 2017-03-10. | 6.8 |
2018-10-22 | CVE-2018-18581 | Lupng Project | Out-of-bounds Read vulnerability in Lupng Project Lupng 20170310 An issue has been found in LuPng through 2017-03-10. | 6.8 |
2018-10-22 | CVE-2018-18557 | Libtiff Debian Canonical | Out-of-bounds Write vulnerability in multiple products LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. | 6.8 |
2018-10-26 | CVE-2017-18309 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. | 6.6 |
2018-10-24 | CVE-2018-11785 | Apache | Missing Authorization vulnerability in Apache Impala Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | 6.5 |
2018-10-23 | CVE-2018-13400 | Atlassian | Improper Privilege Management vulnerability in Atlassian Jira and Jira Server Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 6.5 |
2018-10-23 | CVE-2018-18584 | Libmspack Project Cabextract Project Debian Redhat Canonical Suse Starwindsoftware | Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. | 6.5 |
2018-10-24 | CVE-2018-17903 | Sagaradio | Improper Input Validation vulnerability in Sagaradio Saga1-L8B Firmware SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. | 6.4 |
2018-10-22 | CVE-2018-13115 | Keruigroup | Improper Input Validation vulnerability in Keruigroup Ypc99 Firmware Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. | 6.4 |
2018-10-23 | CVE-2018-18603 | 360Totalsecurity | Unspecified vulnerability in 360Totalsecurity 360 Total Security 3.5.0.1033 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. | 6.3 |
2018-10-24 | CVE-2018-18636 | D Link | Cross-site Scripting vulnerability in D-Link Dsl-2640T Firmware XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | 6.1 |
2018-10-23 | CVE-2017-18283 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660. | 6.1 |
2018-10-26 | CVE-2018-15688 | Systemd Project Debian Canonical Redhat | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. | 5.8 |
2018-10-24 | CVE-2018-17921 | Sagaradio | Improper Access Control vulnerability in Sagaradio Saga1-L8B Firmware SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. | 5.8 |
2018-10-23 | CVE-2018-13402 | Atlassian | Open Redirect vulnerability in Atlassian Jira and Jira Server Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | 5.8 |
2018-10-23 | CVE-2018-13401 | Atlassian | Open Redirect vulnerability in Atlassian Jira and Jira Server The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. | 5.8 |
2018-10-23 | CVE-2017-18313 | Qualcomm | Unspecified vulnerability in Qualcomm products Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617. | 5.7 |
2018-10-26 | CVE-2018-18662 | Artifex | Out-of-bounds Read vulnerability in Artifex Mupdf 1.14.0 There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | 5.5 |
2018-10-25 | CVE-2018-3970 | Sophos | Use of Uninitialized Resource vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 5.5 |
2018-10-23 | CVE-2018-18607 | GNU Debian Netapp | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. | 5.5 |
2018-10-23 | CVE-2018-18606 | GNU Debian Netapp | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. | 5.5 |
2018-10-23 | CVE-2018-18605 | GNU Debian Netapp | Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. | 5.5 |
2018-10-23 | CVE-2018-18586 | Kyzer | Path Traversal vulnerability in Kyzer Libmspack chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. | 5.3 |
2018-10-26 | CVE-2018-18659 | Arcserve | XXE vulnerability in Arcserve UDP 6.0/6.5 An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. | 5.0 |
2018-10-26 | CVE-2018-18658 | Arcserve | Information Exposure vulnerability in Arcserve UDP 6.0/6.5 An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. | 5.0 |
2018-10-26 | CVE-2018-18657 | Arcserve | Information Exposure vulnerability in Arcserve UDP 6.0/6.5 An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. | 5.0 |
2018-10-24 | CVE-2018-18566 | Polycom | Information Exposure vulnerability in Polycom Unified Communications Software The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. | 5.0 |
2018-10-24 | CVE-2018-18552 | Serverscheck | Path Traversal vulnerability in Serverscheck Monitoring Software ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. | 5.0 |
2018-10-24 | CVE-2018-15750 | Saltstack | Path Traversal vulnerability in Saltstack Salt Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. | 5.0 |
2018-10-23 | CVE-2018-7432 | Splunk | Improper Input Validation vulnerability in Splunk Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | 5.0 |
2018-10-23 | CVE-2018-7429 | Splunk | Improper Input Validation vulnerability in Splunk Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | 5.0 |
2018-10-23 | CVE-2018-18467 | Conversations | Information Exposure vulnerability in Conversations 2.3.4 An issue was discovered in Daniel Gultsch Conversations 2.3.4. | 5.0 |
2018-10-23 | CVE-2018-17968 | Ruletkaio | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ruletkaio A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. | 5.0 |
2018-10-23 | CVE-2018-17877 | Greedy599 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Greedy599 Greedy 599 A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. | 5.0 |
2018-10-23 | CVE-2018-17447 | Citrix | Information Exposure Through Log Files vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 5.0 |
2018-10-23 | CVE-2018-17444 | Citrix | Path Traversal vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 5.0 |
2018-10-23 | CVE-2018-18587 | Bigprof | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bigprof Appgini 5.70 BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash. | 5.0 |
2018-10-26 | CVE-2018-18690 | Linux Canonical Debian | Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. | 4.9 |
2018-10-26 | CVE-2018-11951 | Qualcomm | Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. | 4.9 |
2018-10-23 | CVE-2018-7911 | Huawei | Unspecified vulnerability in Huawei products Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. | 4.9 |
2018-10-23 | CVE-2017-18300 | Qualcomm | Information Exposure vulnerability in Qualcomm products Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660. | 4.9 |
2018-10-23 | CVE-2017-18299 | Qualcomm | Resource Exhaustion vulnerability in Qualcomm products Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 | 4.9 |
2018-10-23 | CVE-2017-18292 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. | 4.9 |
2018-10-23 | CVE-2017-18277 | Qualcomm | Infinite Loop vulnerability in Qualcomm products When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835. | 4.9 |
2018-10-24 | CVE-2018-17935 | Telecrane | 7PK - Security Features vulnerability in Telecrane products All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. | 4.8 |
2018-10-26 | CVE-2018-11846 | Qualcomm | Information Exposure vulnerability in Qualcomm products The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850 | 4.7 |
2018-10-26 | CVE-2018-18661 | Libtiff Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibTIFF 4.0.9. | 4.3 |
2018-10-26 | CVE-2018-18660 | Arcserve | Cross-site Scripting vulnerability in Arcserve UDP 5.0/6.0/6.5 An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. | 4.3 |
2018-10-26 | CVE-2018-18655 | Prayer Project | Information Exposure vulnerability in Prayer Project Prayer Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. | 4.3 |
2018-10-25 | CVE-2018-17904 | Geovap | Cross-site Scripting vulnerability in Geovap Reliance 4 Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. | 4.3 |
2018-10-25 | CVE-2018-18651 | Xpdfreader | Excessive Iteration vulnerability in Xpdfreader Xpdf 4.00 An issue was discovered in Xpdf 4.00. | 4.3 |
2018-10-25 | CVE-2018-18650 | Xpdfreader | Integer Overflow or Wraparound vulnerability in Xpdfreader Xpdf 4.00 An issue was discovered in Xpdf 4.00. | 4.3 |
2018-10-24 | CVE-2018-18621 | Communigate | Cross-site Scripting vulnerability in Communigate PRO 6.2 CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. | 4.3 |
2018-10-24 | CVE-2018-18568 | Polycom | Improper Certificate Validation vulnerability in Polycom Unified Communications Software Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 4.3 |
2018-10-24 | CVE-2018-18567 | Audiocodes | Improper Certificate Validation vulnerability in Audiocodes 440Hd Firmware and 450Hd Firmware AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 4.3 |
2018-10-24 | CVE-2018-18551 | Serverscheck | Cross-site Scripting vulnerability in Serverscheck Monitoring Software ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | 4.3 |
2018-10-24 | CVE-2018-18635 | Mailcleaner | Cross-site Scripting vulnerability in Mailcleaner 2018.08/2018.09 www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | 4.3 |
2018-10-24 | CVE-2018-18548 | Ajenti | Cross-site Scripting vulnerability in Ajenti Ajenticp ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | 4.3 |
2018-10-24 | CVE-2018-18547 | Vestacp | Cross-site Scripting vulnerability in Vestacp Control Panel Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | 4.3 |
2018-10-24 | CVE-2018-12650 | Myadrenalin | Cross-site Scripting vulnerability in Myadrenalin Human Resource Management Software 5.4.0 Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. | 4.3 |
2018-10-23 | CVE-2018-7427 | Splunk | Cross-site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2018-10-23 | CVE-2018-18437 | Axiositalia | Cross-site Scripting vulnerability in Axiositalia Registro Elettronico 1.7.0 In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | 4.3 |
2018-10-23 | CVE-2018-16235 | Telligent | Cross-site Scripting vulnerability in Telligent Community Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget. | 4.3 |
2018-10-23 | CVE-2018-16226 | Mitel | Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0 A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. | 4.3 |
2018-10-23 | CVE-2018-12901 | Mitel | Cross-site Scripting vulnerability in Mitel ST Firmware A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. | 4.3 |
2018-10-23 | CVE-2018-18622 | Bijiadao | Cross-site Scripting vulnerability in Bijiadao Waimai Super CMS 20150505 An issue was discovered in Waimai Super Cms 20150505. | 4.3 |
2018-10-23 | CVE-2018-18608 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | 4.3 |
2018-10-23 | CVE-2018-18585 | Kyzer Debian Redhat Canonical Suse Starwindsoftware | NULL Pointer Dereference vulnerability in multiple products chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | 4.3 |
2018-10-22 | CVE-2018-18579 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | 4.3 |
2018-10-22 | CVE-2018-18578 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | 4.3 |
2018-10-22 | CVE-2018-15703 | Advantech | Cross-site Scripting vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. | 4.3 |
2018-10-22 | CVE-2018-12246 | Symantec | Cross-site Scripting vulnerability in Symantec web Isolation 1.11 Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. | 4.3 |
2018-10-22 | CVE-2018-18553 | Leanote | Cross-site Scripting vulnerability in Leanote 2.6.1 Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | 4.3 |
2018-10-24 | CVE-2018-9280 | Eaton | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.0 |
2018-10-24 | CVE-2018-9279 | Eaton | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.0 |
2018-10-23 | CVE-2018-7431 | Splunk | Path Traversal vulnerability in Splunk Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-24 | CVE-2018-18517 | Citrix | Cross-site Scripting vulnerability in Citrix Netscaler Gateway Firmware 10.5.50.10/10.5.51.10 Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | 3.5 |
2018-10-24 | CVE-2018-1541 | IBM | Cross-site Scripting vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. | 3.5 |
2018-10-23 | CVE-2018-17873 | Wifiranger | Incorrect Permission Assignment for Critical Resource vulnerability in Wifiranger Firmware An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | 3.3 |
2018-10-26 | CVE-2018-6559 | Linux Canonical | Information Exposure vulnerability in multiple products The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | 2.1 |
2018-10-26 | CVE-2018-18656 | Purevpn | Insufficiently Protected Credentials vulnerability in Purevpn The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. | 2.1 |
2018-10-23 | CVE-2018-16837 | Redhat Debian Suse | Missing Encryption of Sensitive Data vulnerability in multiple products Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. | 2.1 |