Weekly Vulnerabilities Reports > October 29 to November 4, 2018

Overview

256 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 79 high severity vulnerabilities. This weekly summary report vulnerabilities in 313 products from 107 vendors including Qualcomm, Debian, Redhat, IBM, and Yitechnology. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Improper Input Validation", and "Use After Free".

  • 211 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 98 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 190 reported vulnerabilities are exploitable by an anonymous user.
  • Qualcomm has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Tenda has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-02 CVE-2018-17916 Aveva Out-Of-Bounds Write vulnerability in Aveva products

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2.

10.0
2018-11-02 CVE-2018-17914 Aveva Unspecified vulnerability in Aveva products

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2.

10.0
2018-10-30 CVE-2018-16462 Apex Publish Static Files Project OS Command Injection vulnerability in Apex-Publish-Static-Files Project Apex-Publish-Static-Files

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

10.0
2018-10-30 CVE-2018-16461 Libnmap Project OS Command Injection vulnerability in Libnmap Project Libnmap

A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.

10.0
2018-10-30 CVE-2017-8931 Bitdefender Unspecified vulnerability in Bitdefender Gravityzone 5.1.11.432/5.1.5.386

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.

10.0
2018-10-30 CVE-2018-14558 Tenda OS Command Injection vulnerability in Tenda Ac10 Firmware, AC7 Firmware and AC9 Firmware

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10).

10.0
2018-10-29 CVE-2018-18753 Typecho Server-Side Request Forgery (SSRF) vulnerability in Typecho 1.1

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.

10.0
2018-10-29 CVE-2018-18748 Sandboxie Unspecified vulnerability in Sandboxie 5.26

** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file.

10.0
2018-11-02 CVE-2018-7799 Schneider Electric Uncontrolled Search Path Element vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1

A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.

9.3
2018-11-02 CVE-2018-1552 IBM Unrestricted Upload of File With Dangerous Type vulnerability in IBM Robotic Process Automation With Automation Anywhere 10/11

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room.

9.3
2018-10-29 CVE-2018-17910 Advantech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess

WebAccess Versions 8.3.2 and prior.

9.3
2018-11-02 CVE-2018-11062 Dell USE of Hard-Coded Credentials vulnerability in Dell EMC Integrated Data Protection Appliance 2.0/2.1/2.2

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords.

9.0
2018-11-01 CVE-2018-10587 Netgain Systems OS Command Injection vulnerability in Netgain-Systems Enterprise Manager

NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57.

9.0
2018-10-31 CVE-2016-5402 Redhat Code Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine

A code injection flaw was found in the way capacity and utilization imported control files are processed.

9.0
2018-10-31 CVE-2018-18850 Octopus Unspecified vulnerability in Octopus Deploy

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).

9.0
2018-10-29 CVE-2018-18387 Playsms Project Inclusion of Functionality From Untrusted Control Sphere vulnerability in Playsms Project Playsms

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.

9.0
2018-10-29 CVE-2018-18729 Tenda Out-Of-Bounds Write vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

9.0

79 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-10-31 CVE-2018-15705 Advantech Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API.

8.5
2018-10-31 CVE-2018-14654 Redhat Improper Input Validation vulnerability in Redhat products

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator.

8.5
2018-10-30 CVE-2018-10532 EE USE of Hard-Coded Credentials vulnerability in EE 4Gee Firmware Hh70E102.0019

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices.

8.3
2018-11-01 CVE-2018-15454 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition.

7.8
2018-10-31 CVE-2018-15319 F5 Improper Input Validation vulnerability in F5 products

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.

7.8
2018-10-31 CVE-2018-15318 F5 Improper Input Validation vulnerability in F5 products

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete.

7.8
2018-10-29 CVE-2018-18732 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-10-29 CVE-2018-18731 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-10-29 CVE-2018-18730 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-10-29 CVE-2018-18727 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-10-29 CVE-2018-18709 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-10-29 CVE-2018-18708 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-10-29 CVE-2018-18707 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-10-29 CVE-2018-18706 Tenda Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tenda products

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.8
2018-11-04 CVE-2018-18928 ICU Project Integer Overflow OR Wraparound vulnerability in Icu-Project International Components for Unicode 63.1

International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.

7.5
2018-11-04 CVE-2018-18926 Gitea Session Fixation vulnerability in Gitea

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs.

7.5
2018-11-04 CVE-2018-18925 Gogs Session Fixation vulnerability in Gogs

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go.

7.5
2018-11-03 CVE-2018-18903 Vanillaforums Code Injection vulnerability in Vanillaforums Vanilla 2.6.0/2.6.1/2.6.3

Vanilla 2.6.x before 2.6.4 allows remote code execution.

7.5
2018-11-02 CVE-2018-3934 Yitechnology Unspecified vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

7.5
2018-11-02 CVE-2018-3892 Yitechnology Buffer Errors vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D.

7.5
2018-11-02 CVE-2018-17918 Circontrol Improper Authentication vulnerability in Circontrol Circarlife Firmware 4.3

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.

7.5
2018-11-01 CVE-2018-6012 Rainmachine Code Injection vulnerability in Rainmachine Mini-8 Firmware

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.

7.5
2018-11-01 CVE-2018-18892 1234N Code Injection vulnerability in 1234N Minicms 1.10

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.

7.5
2018-11-01 CVE-2018-18888 Laravelcms Project Unrestricted Upload of File With Dangerous Type vulnerability in Laravelcms Project Laravelcms

An issue was discovered in laravelCMS through 2018-04-02.

7.5
2018-11-01 CVE-2018-18887 S CMS SQL Injection vulnerability in S-Cms 1.0

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).

7.5
2018-10-31 CVE-2018-16840 Haxx
Canonical
USE After Free vulnerability in multiple products

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle.

7.5
2018-10-31 CVE-2018-16839 Haxx
Debian
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

7.5
2018-10-31 CVE-2018-18874 Nconsulting Unrestricted Upload of File With Dangerous Type vulnerability in Nconsulting Nc-Cms

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.

7.5
2018-10-31 CVE-2018-1851 IBM Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization.

7.5
2018-10-31 CVE-2018-18869 Phome Path Traversal vulnerability in Phome Empirecms 7.5

EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.

7.5
2018-10-30 CVE-2018-18835 Doccms Code Injection vulnerability in Doccms 2016.5.12

upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.

7.5
2018-10-30 CVE-2018-18834 MZ Automation Out-Of-Bounds Write vulnerability in Mz-Automation Libiec61850 1.3

An issue has been found in libIEC61850 v1.3.

7.5
2018-10-30 CVE-2018-18832 Dkcms SQL Injection vulnerability in Dkcms 9.4

admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.

7.5
2018-10-30 CVE-2018-18830 Mingsoft Unrestricted Upload of File With Dangerous Type vulnerability in Mingsoft Mcms 4.6.5

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5.

7.5
2018-10-30 CVE-2018-18822 Grapixel SQL Injection vulnerability in Grapixel NEW Media 2.0

Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.

7.5
2018-10-29 CVE-2018-18792 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

7.5
2018-10-29 CVE-2018-18791 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

7.5
2018-10-29 CVE-2018-18789 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

7.5
2018-10-29 CVE-2018-18787 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

7.5
2018-10-29 CVE-2018-18786 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

7.5
2018-10-29 CVE-2018-18785 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

7.5
2018-10-29 CVE-2018-18752 Webiness Project Unrestricted Upload of File With Dangerous Type vulnerability in Webiness Project Webiness Inventory 2.3

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.

7.5
2018-10-29 CVE-2018-18751 GNU
Canonical
Redhat
Double Free vulnerability in multiple products

An issue was discovered in GNU gettext 0.19.8.

7.5
2018-10-29 CVE-2018-18728 Tenda OS Command Injection vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.

7.5
2018-10-29 CVE-2018-18705 Phptpoint SQL Injection vulnerability in PHPtpoint Hospital Management System 1.0

PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.

7.5
2018-10-29 CVE-2018-18704 Phptpoint SQL Injection vulnerability in PHPtpoint Pharmacy Management System 1.0

PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.

7.5
2018-10-29 CVE-2018-18702 Icmsdev SQL Injection vulnerability in Icmsdev Icms 7.0.11

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.

7.5
2018-10-29 CVE-2016-10734 Projectsend Improper Authorization vulnerability in Projectsend 582

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.

7.5
2018-10-29 CVE-2016-10733 Projectsend Path Traversal vulnerability in Projectsend 582

ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.

7.5
2018-10-29 CVE-2016-10732 Projectsend Improper Authentication vulnerability in Projectsend 582

ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.

7.5
2018-10-29 CVE-2016-10731 Projectsend SQL Injection vulnerability in Projectsend 582

ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.

7.5
2018-11-01 CVE-2018-18714 Iobit Out-Of-Bounds Write vulnerability in Iobit Malware Fighter

RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010.

7.2
2018-11-01 CVE-2018-18883 XEN Null Pointer Dereference vulnerability in XEN

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.

7.2
2018-10-30 CVE-2018-17931 Vecna Improper Access Control vulnerability in Vecna VGO Firmware 3.0.3.53662

If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662.

7.2
2018-10-30 CVE-2018-10712 Asrock Incorrect Permission Assignment FOR Critical Resource vulnerability in Asrock products

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports.

7.2
2018-10-30 CVE-2018-10711 Asrock Improper Input Validation vulnerability in Asrock products

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs).

7.2
2018-10-30 CVE-2018-10710 Asrock Incorrect Permission Assignment FOR Critical Resource vulnerability in Asrock products

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory.

7.2
2018-10-29 CVE-2018-17908 Advantech Improper Access Control vulnerability in Advantech Webaccess

WebAccess Versions 8.3.2 and prior.

7.2
2018-10-29 CVE-2018-11884 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660

7.2
2018-10-29 CVE-2018-11882 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

7.2
2018-10-29 CVE-2018-11880 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

7.2
2018-10-29 CVE-2018-11879 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm SD 845 Firmware

When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845

7.2
2018-10-29 CVE-2018-11877 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

7.2
2018-10-29 CVE-2018-11876 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

7.2
2018-10-29 CVE-2018-11875 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware

Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850.

7.2
2018-10-29 CVE-2018-11874 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

7.2
2018-10-29 CVE-2018-11873 Qualcomm Improper Input Validation vulnerability in Qualcomm Sd845 Firmware

Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845.

7.2
2018-10-29 CVE-2018-11872 Qualcomm Improper Input Validation vulnerability in Qualcomm SD 845 Firmware, SD 850 Firmware and Sda660 Firmware

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660

7.2
2018-10-29 CVE-2018-11871 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016.

7.2
2018-10-29 CVE-2018-11870 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20.

7.2
2018-10-29 CVE-2018-11867 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 845 Firmware

Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845.

7.2
2018-10-29 CVE-2018-11866 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm products

Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.

7.2
2018-10-29 CVE-2018-11865 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm products

Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.

7.2
2018-10-29 CVE-2018-11862 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 845 Firmware, SD 850 Firmware and Sda660 Firmware

Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660.

7.2
2018-10-29 CVE-2018-11861 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 845 Firmware, SD 850 Firmware and Sda660 Firmware

Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660.

7.2
2018-10-29 CVE-2018-11859 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware

Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850.

7.2
2018-10-29 CVE-2018-11858 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 835 Firmware, SD 845 Firmware and SD 850 Firmware

When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850.

7.2
2018-10-29 CVE-2018-11857 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 835 Firmware, SD 845 Firmware and SD 850 Firmware

Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 850

7.2
2018-10-29 CVE-2018-11856 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm SD 835 Firmware, SD 845 Firmware and SD 850 Firmware

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SD 845, SD 850.

7.2

120 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-01 CVE-2018-6907 Rainmachine Cross-Site Request Forgery (CSRF) vulnerability in Rainmachine web Application

A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.

6.8
2018-11-01 CVE-2018-6011 Rainmachine Improper Authentication vulnerability in Rainmachine Mini-8 Firmware

The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue.

6.8
2018-11-01 CVE-2018-3977 Libsdl Out-Of-Bounds Write vulnerability in Libsdl SDL Image 2.0.3

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3.

6.8
2018-11-01 CVE-2018-3900 Yitechnology Buffer Errors vulnerability in Yitechnology YI Home and YI Home Camera Firmware

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D.

6.8
2018-10-31 CVE-2018-15706 Advantech Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.

6.8
2018-10-31 CVE-2018-13282 Synology Session Fixation vulnerability in Synology Photo Station

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

6.8
2018-10-30 CVE-2018-18842 Zblogcn Cross-Site Request Forgery (CSRF) vulnerability in Zblogcn Z-Blogphp 1.5.2.1935(Zero)

CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.

6.8
2018-10-29 CVE-2018-17706 Foxitsoftware
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096.

6.8
2018-10-29 CVE-2018-17624 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096.

6.8
2018-10-29 CVE-2018-17623 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-17621 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-17620 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-17619 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-17618 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-17617 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-17616 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-17615 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096.

6.8
2018-10-29 CVE-2018-18742 SEM CMS Cross-Site Request Forgery (CSRF) vulnerability in Sem-Cms Semcms 3.4

A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.

6.8
2018-10-29 CVE-2018-18735 Catfish CMS Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish Blog 2.0.33

A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.

6.8
2018-10-29 CVE-2018-18734 Catfish CMS Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish CMS 4.8.30

A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.

6.8
2018-10-29 CVE-2018-18712 Wuzhicms Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0

An issue was discovered in WUZHI CMS 4.1.0.

6.8
2018-10-29 CVE-2018-18711 Wuzhicms Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0

An issue was discovered in WUZHI CMS 4.1.0.

6.8
2018-10-29 CVE-2018-18699 Gopro Out-Of-Bounds Write vulnerability in Gopro Gpmf-Parser 1.2.1

An issue was discovered in GoPro gpmf-parser 1.2.1.

6.8
2018-11-04 CVE-2018-18924 Projeqtor Incomplete Cleanup vulnerability in Projeqtor

The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.

6.5
2018-11-02 CVE-2018-15762 Pivotal Software Improper Privilege Management vulnerability in Pivotal Software Operations Manager

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation.

6.5
2018-11-01 CVE-2016-2123 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

A flaw was found in samba versions 4.0.0 to 4.5.2.

6.5
2018-10-31 CVE-2018-14651 Debian
Redhat
Gluster
Link Following vulnerability in multiple products

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.

6.5
2018-10-31 CVE-2018-14653 Redhat
Debian
Out-Of-Bounds Write vulnerability in multiple products

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message.

6.5
2018-10-31 CVE-2018-15327 F5 Missing Authorization vulnerability in F5 products

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

6.5
2018-10-30 CVE-2018-17933 Vecna Unspecified vulnerability in Vecna VGO Firmware 3.0.3.52164/3.0.3.53662

VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662.

6.5
2018-10-29 CVE-2018-18790 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

6.5
2018-10-29 CVE-2018-18788 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

6.5
2018-10-29 CVE-2018-18784 Zzcms SQL Injection vulnerability in Zzcms 8.3

An issue was discovered in zzcms 8.3.

6.5
2018-11-02 CVE-2018-7798 Schneider Electric Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Somachine Basic

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

6.4
2018-11-01 CVE-2018-18891 1234N Improper Authentication vulnerability in 1234N Minicms 1.10

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.

6.4
2018-10-31 CVE-2018-16842 Haxx
Canonical
Debian
Out-Of-Bounds Read vulnerability in multiple products

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

6.4
2018-10-29 CVE-2018-18765 Cesanta Out-Of-Bounds Read vulnerability in Cesanta Mongoose 6.13

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13.

6.4
2018-10-29 CVE-2018-18764 Cesanta Out-Of-Bounds Read vulnerability in Cesanta Mongoose 6.13

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13.

6.4
2018-10-31 CVE-2018-15326 F5 Improper Certificate Validation vulnerability in F5 Big-Ip Access Policy Manager

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.

6.0
2018-10-31 CVE-2016-6328 Libexif Project
Canonical
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

A vulnerability was found in libexif.

5.8
2018-11-02 CVE-2018-1846 IBM XXE vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-11-02 CVE-2018-1835 IBM XXE vulnerability in IBM Daeja Viewone 5.0

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-10-31 CVE-2018-15321 F5 Improper Privilege Management vulnerability in F5 products

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files.

5.5
2018-10-30 CVE-2018-16466 Nextcloud Improper Check FOR Dropped Privileges vulnerability in Nextcloud Server

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

5.5
2018-11-01 CVE-2018-3910 Yitechnology OS Command Injection vulnerability in Yitechnology YI Home and YI Home Camera Firmware

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D.

5.4
2018-11-02 CVE-2018-3899 Yitechnology Buffer Errors vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D.

5.1
2018-11-02 CVE-2018-3898 Yitechnology Buffer Errors vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D.

5.1
2018-11-02 CVE-2018-16849 Redhat Information Exposure vulnerability in Redhat Openstack-Mistral

A flaw was found in openstack-mistral.

5.0
2018-11-02 CVE-2018-3935 Yitechnology Resource Exhaustion vulnerability in Yitechnology YI Home and YI Home Camera Firmware

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D.

5.0
2018-11-02 CVE-2018-1878 IBM Information Exposure vulnerability in IBM Robotic Process Automation With Automation Anywhere 11

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system.

5.0
2018-11-02 CVE-2018-17922 Circontrol Information Exposure Through LOG Files vulnerability in Circontrol Circarlife Firmware 4.3

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.

5.0
2018-11-02 CVE-2018-17912 Sauter Controls XXE vulnerability in Sauter-Controls Case Suite 3.10

An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure.

5.0
2018-11-01 CVE-2018-6908 Rainmachine Improper Authentication vulnerability in Rainmachine Mini-8 Firmware and Touch HD 12 Firmware

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials.

5.0
2018-11-01 CVE-2018-3928 Yitechnology Information Exposure vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

5.0
2018-11-01 CVE-2018-7356 ZTE Authentication Bypass BY Capture-Replay vulnerability in ZTE Zxr10 8905E Firmware

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.

5.0
2018-11-01 CVE-2018-18890 1234N Path Traversal vulnerability in 1234N Minicms 1.10

MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.

5.0
2018-10-31 CVE-2018-11759 Apache
Debian
Redhat
Path Traversal vulnerability in multiple products

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly.

5.0
2018-10-31 CVE-2018-15320 F5 Unspecified vulnerability in F5 products

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system.

5.0
2018-10-31 CVE-2018-15317 F5 Unspecified vulnerability in F5 products

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors.

5.0
2018-10-31 CVE-2018-18867 Tecrail Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter.

5.0
2018-10-31 CVE-2018-18854 Lightbend Resource Exhaustion vulnerability in Lightbend Spray-Json

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).

5.0
2018-10-31 CVE-2018-18853 Lightbend Resource Exhaustion vulnerability in Lightbend Spray-Json

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.

5.0
2018-10-30 CVE-2018-8858 Vecna Unspecified vulnerability in Vecna VGO Firmware 3.0.3.53662

If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662.

5.0
2018-10-30 CVE-2018-16469 Merge Project Improper Input Validation vulnerability in Merge Project Merge

The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype.

5.0
2018-10-30 CVE-2018-16467 Nextcloud Improper Authentication vulnerability in Nextcloud Server

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.

5.0
2018-10-30 CVE-2015-5159 Kdcproxy Project Improper Input Validation vulnerability in Kdcproxy Project Kdcproxy

python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.

5.0
2018-10-30 CVE-2015-7266 IAB Permissions, Privileges, and Access Controls vulnerability in IAB Open Real-Time Bidding 2.3

The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug.

5.0
2018-10-30 CVE-2018-18831 Mingsoft Path Traversal vulnerability in Mingsoft Mcms 4.6.5

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5.

5.0
2018-10-30 CVE-2018-18817 Leostream Unspecified vulnerability in Leostream Agent and Connection Broker

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.

5.0
2018-10-29 CVE-2018-18771 Lulucms Unrestricted Upload of File With Dangerous Type vulnerability in Lulucms Lulu CMS 20150514

An issue was discovered in LuLu CMS through 2015-05-14.

5.0
2018-10-29 CVE-2018-18754 Zyxel Insufficiently Protected Credentials vulnerability in Zyxel Vmg3312-B10B Firmware 1.00(Aapp.7)

ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.

5.0
2018-10-29 CVE-2018-18737 Douchat XXE vulnerability in Douchat 4.0.4

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string.

5.0
2018-10-29 CVE-2018-18713 Phpyun Path Traversal vulnerability in PHPyun 4.6

The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.

5.0
2018-10-29 CVE-2018-18703 Phptpoint Path Traversal vulnerability in PHPtpoint Mailing Server Using File Handling 1.0

PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.

5.0
2018-11-02 CVE-2018-16847 Qemu
Canonical
Out-Of-Bounds Read vulnerability in multiple products

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU.

4.6
2018-11-02 CVE-2018-3920 Yitechnology Improper Input Validation vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D.

4.6
2018-11-02 CVE-2018-3890 Yitechnology OS Command Injection vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

4.6
2018-11-01 CVE-2018-18695 M2Soft Buffer Errors vulnerability in M2Soft Report Designer 5.0

M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file.

4.6
2018-10-30 CVE-2018-18281 Linux
Canonical
Debian
Incomplete Cleanup vulnerability in multiple products

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.

4.6
2018-10-30 CVE-2018-10709 Asrock Incorrect Permission Assignment FOR Critical Resource vulnerability in Asrock products

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values.

4.6
2018-10-29 CVE-2018-18718 Gnome
Debian
Double Free vulnerability in multiple products

An issue was discovered in gThumb through 3.6.2.

4.6
2018-11-03 CVE-2018-18909 Xheditor Cross-Site Scripting vulnerability in Xheditor 1.2.2

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view.

4.3
2018-11-03 CVE-2018-18915 Exiv2 Infinite Loop vulnerability in Exiv2 0.27

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1.

4.3
2018-11-02 CVE-2018-18897 Freedesktop Missing Release of Resource After Effective Lifetime vulnerability in Freedesktop Poppler 0.71.0

An issue was discovered in Poppler 0.71.0.

4.3
2018-11-01 CVE-2018-6909 Rainmachine Improper Restriction of Rendered UI Layers OR Frames vulnerability in Rainmachine web Application

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.

4.3
2018-11-01 CVE-2018-6906 Rainmachine Cross-Site Scripting vulnerability in Rainmachine web Application

A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API.

4.3
2018-11-01 CVE-2018-18776 Microstrategy Cross-Site Scripting vulnerability in Microstrategy web 7

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter.

4.3
2018-11-01 CVE-2018-18775 Microstrategy Cross-Site Scripting vulnerability in Microstrategy web 7

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter.

4.3
2018-11-01 CVE-2018-3947 Yitechnology Information Exposure vulnerability in Yitechnology YI Home and YI Home Camera Firmware

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D.

4.3
2018-10-31 CVE-2018-18873 Jasper Project
Canonical
Debian
Suse
Null Pointer Dereference vulnerability in multiple products

An issue was discovered in JasPer 2.0.14.

4.3
2018-10-31 CVE-2018-15324 F5 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager

On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access.

4.3
2018-10-31 CVE-2018-15323 F5 Improper Input Validation vulnerability in F5 products

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.

4.3
2018-10-31 CVE-2018-18868 NO CMS Project Cross-Site Scripting vulnerability in No-Cms Project No-Cms 1.1.3

No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter.

4.3
2018-10-30 CVE-2018-16465 Nextcloud Improper Authentication vulnerability in Nextcloud Server

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

4.3
2018-10-30 CVE-2018-0734 Openssl
Canonical
Debian
Nodejs
Netapp
Oracle
USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.

4.3
2018-10-30 CVE-2018-18829 Libav Null Pointer Dereference vulnerability in Libav 12.3

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.

4.3
2018-10-30 CVE-2018-18828 Libav Out-Of-Bounds Write vulnerability in Libav 12.3

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

4.3
2018-10-30 CVE-2018-18827 Libav Out-Of-Bounds Read vulnerability in Libav 12.3

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

4.3
2018-10-30 CVE-2018-18826 Libav Out-Of-Bounds Write vulnerability in Libav 12.3

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

4.3
2018-10-30 CVE-2018-18825 Pagoda Linux Project Cross-Site Scripting vulnerability in Pagoda Linux Project Pagoda Linux 6.0

Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login.

4.3
2018-10-29 CVE-2018-17622 Foxitsoftware
Microsoft
Information Exposure vulnerability in Foxitsoftware Phantompdf and Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096.

4.3
2018-10-29 CVE-2018-1767 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting.

4.3
2018-10-29 CVE-2018-0735 Openssl
Canonical
Debian
Nodejs
Netapp
Oracle
USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.

4.3
2018-10-29 CVE-2018-18783 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.

4.3
2018-10-29 CVE-2018-18782 Dedecms Cross-Site Scripting vulnerability in Dedecms 5.7

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.

4.3
2018-10-29 CVE-2018-18781 Dedecms Cross-Site Scripting vulnerability in Dedecms 5.7

DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.

4.3
2018-10-29 CVE-2018-18749 Data Tools Project Integer Overflow OR Wraparound vulnerability in Data Tools Project Data Tools 20170726

data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function.

4.3
2018-10-29 CVE-2018-18701 GNU Infinite Loop vulnerability in GNU Binutils 2.31

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.

4.3
2018-10-29 CVE-2018-18700 GNU Infinite Loop vulnerability in GNU Binutils 2.31

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.

4.3
2018-11-01 CVE-2018-18777 Microstrategy Path Traversal vulnerability in Microstrategy web 7

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..

4.0
2018-11-01 CVE-2018-14660 Redhat
Gluster
Allocation of Resources Without Limits OR Throttling vulnerability in multiple products

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.

4.0
2018-11-01 CVE-2016-2120 Powerdns
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record.

4.0
2018-10-31 CVE-2018-14661 Gluster USE of Externally-Controlled Format String vulnerability in Gluster Glusterfs 3.8.4

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack.

4.0
2018-10-31 CVE-2018-14659 Redhat
Debian
Resource Exhaustion vulnerability in multiple products

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr.

4.0
2018-10-31 CVE-2018-14652 Redhat
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function.

4.0
2018-10-31 CVE-2018-13281 Synology Information Exposure vulnerability in Synology Diskstation Manager, Skynas and Vs960Hd

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

4.0
2018-10-31 CVE-2018-15325 F5 Resource Exhaustion vulnerability in F5 products

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands

4.0
2018-10-31 CVE-2018-15322 F5 Unspecified vulnerability in F5 products

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly.

4.0
2018-10-29 CVE-2018-1380 IBM Information Exposure vulnerability in IBM Infosphere Master Data Management 11.4/11.5/11.6

IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information.

4.0
2018-10-29 CVE-2018-18778 Acme Information Exposure vulnerability in Acme Mini-Httpd

ACME mini_httpd before 1.30 lets remote users read arbitrary files.

4.0

40 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-10-30 CVE-2018-16463 Nextcloud Session Fixation vulnerability in Nextcloud Server

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

3.6
2018-11-04 CVE-2018-18927 Publiccms Cross-Site Scripting vulnerability in Publiccms 4.0

An issue was discovered in PublicCMS V4.0.

3.5
2018-11-04 CVE-2018-18919 Iiong Cross-Site Scripting vulnerability in Iiong WP Editor.Md 10.0.1

The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area.

3.5
2018-11-02 CVE-2017-1609 IBM Cross-Site Scripting vulnerability in IBM Rational Quality Manager

IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting.

3.5
2018-11-01 CVE-2018-10586 Netgain Systems Cross-Site Scripting vulnerability in Netgain-Systems Enterprise Manager 10.0.57

NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12.

3.5
2018-10-31 CVE-2018-15707 Advantech Cross-Site Scripting vulnerability in Advantech Webaccess 8.3.1/8.3.2

Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page.

3.5
2018-10-31 CVE-2016-6343 Redhat Cross-Site Scripting vulnerability in Redhat Jboss BPM Suite

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder.

3.5
2018-10-30 CVE-2018-16468 Loofah Project
Debian
Cross-Site Scripting vulnerability in multiple products

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

3.5
2018-10-30 CVE-2018-16464 Nextcloud Improper Authentication vulnerability in Nextcloud Server

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

3.5
2018-10-30 CVE-2018-17783 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

3.5
2018-10-30 CVE-2018-17782 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

3.5
2018-10-30 CVE-2018-18841 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.

3.5
2018-10-30 CVE-2018-18840 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.

3.5
2018-10-29 CVE-2018-1766 IBM Cross-Site Scripting vulnerability in IBM Rational Team Concert

IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-10-29 CVE-2018-18745 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing.

3.5
2018-10-29 CVE-2018-18744 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI.

3.5
2018-10-29 CVE-2018-18743 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI.

3.5
2018-10-29 CVE-2018-18741 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.

3.5
2018-10-29 CVE-2018-18740 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI.

3.5
2018-10-29 CVE-2018-18739 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field.

3.5
2018-10-29 CVE-2018-18738 SEM CMS Cross-Site Scripting vulnerability in Sem-Cms Semcms 3.4

An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter.

3.5
2018-10-29 CVE-2018-18736 Catfish CMS Cross-Site Scripting vulnerability in Catfish-Cms Catfish Blog 2.0.33

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."

3.5
2018-10-29 CVE-2018-18733 Catfish CMS Cross-Site Scripting vulnerability in Catfish-Cms Catfish CMS 4.8.30

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.

3.5
2018-10-29 CVE-2018-18726 Yunucms Cross-Site Scripting vulnerability in Yunucms 1.1.5

An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.

3.5
2018-10-29 CVE-2018-18725 Yunucms Cross-Site Scripting vulnerability in Yunucms 1.1.5

An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.

3.5
2018-10-29 CVE-2018-18724 Yunucms Cross-Site Scripting vulnerability in Yunucms 1.1.5

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.

3.5
2018-10-29 CVE-2018-18723 Yunucms Cross-Site Scripting vulnerability in Yunucms 1.1.5

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.

3.5
2018-10-29 CVE-2018-18722 Yunucms Cross-Site Scripting vulnerability in Yunucms 1.1.5

An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.

3.5
2018-10-29 CVE-2018-18721 Yunucms Cross-Site Scripting vulnerability in Yunucms 1.1.5

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.

3.5
2018-10-29 CVE-2018-18720 Yunucms Cross-Site Scripting vulnerability in Yunucms 1.1.5

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.

3.5
2018-10-29 CVE-2018-18717 Eleanor CMS Cross-Site Scripting vulnerability in Eleanor-Cms Eleanor CMS

An issue was discovered in Eleanor CMS through 2015-03-19.

3.5
2018-10-29 CVE-2018-18694 Monstra Cross-Site Scripting vulnerability in Monstra 3.0.4

admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension.

3.5
2018-10-31 CVE-2016-2125 Samba
Redhat
Improper Input Validation vulnerability in multiple products

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication.

3.3
2018-11-02 CVE-2018-3891 Yitechnology Improper Input Validation vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

2.1
2018-11-02 CVE-2018-1877 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Robotic Process Automation With Automation Anywhere 11.0

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user.

2.1
2018-11-02 CVE-2018-1876 IBM Information Exposure Through LOG Files vulnerability in IBM Robotic Process Automation With Automation Anywhere 11.0

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation.

2.1
2018-11-02 CVE-2018-1788 IBM Information Exposure Through LOG Files vulnerability in IBM Spectrum Protect Server

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user.

2.1
2018-10-31 CVE-2016-2121 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack 10

A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information.

2.1
2018-10-29 CVE-2017-18281 Google Out-Of-Bounds Read vulnerability in Google Android

A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel

2.1
2018-10-29 CVE-2018-18710 Linux
Canonical
Debian
Information Exposure vulnerability in Linux Kernel

An issue was discovered in the Linux kernel through 4.19.

2.1