Weekly Vulnerabilities Reports > November 19 to 25, 2018
Overview
89 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 101 products from 61 vendors including Debian, Canonical, Roche, Redhat, and Artifex. Vulnerabilities are notably categorized as "Unrestricted Upload of File with Dangerous Type", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", and "Out-of-bounds Read".
- 67 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities have public exploit available.
- 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 69 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-11-21 | CVE-2018-19417 | Contiki NG | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Contiki-Ng An issue was discovered in the MQTT server in Contiki-NG before 4.2. | 10.0 |
2018-11-21 | CVE-2018-19409 | Artifex Debian Canonical Redhat | An issue was discovered in Artifex Ghostscript before 9.26. | 9.8 |
2018-11-20 | CVE-2018-18439 | Denx | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx U-Boot DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. | 9.8 |
2018-11-19 | CVE-2018-17190 | Apache | Unspecified vulnerability in Apache Spark In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. | 9.8 |
2018-11-20 | CVE-2018-18864 | Loadbalancer | Cross-site Scripting vulnerability in Loadbalancer Enterprise VA MAX Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | 9.3 |
23 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-11-22 | CVE-2018-19463 | Zblogcn | Code Injection vulnerability in Zblogcn Z-Blogphp zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. | 8.8 |
2018-11-20 | CVE-2018-18773 | Control Webpanel | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | 8.8 |
2018-11-20 | CVE-2018-18772 | Control Webpanel | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | 8.8 |
2018-11-20 | CVE-2018-18563 | Roche | Unrestricted Upload of File with Dangerous Type vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). | 8.3 |
2018-11-23 | CVE-2018-19477 | Artifex Debian Canonical Redhat | Incorrect Type Conversion or Cast vulnerability in multiple products psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | 7.8 |
2018-11-23 | CVE-2018-19476 | Artifex Debian Canonical Redhat | Incorrect Type Conversion or Cast vulnerability in multiple products psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | 7.8 |
2018-11-23 | CVE-2018-19475 | Artifex Debian Canonical Redhat | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | 7.8 |
2018-11-20 | CVE-2018-18561 | Roche | Incorrect Permission Assignment for Critical Resource vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. | 7.7 |
2018-11-25 | CVE-2018-19518 | PHP Debian UW Imap Project Canonical | Argument Injection or Modification vulnerability in multiple products University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. | 7.5 |
2018-11-23 | CVE-2018-19486 | GIT SCM Linux Canonical | Untrusted Search Path vulnerability in Git-Scm GIT Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | 7.5 |
2018-11-23 | CVE-2018-19468 | Hucart | SQL Injection vulnerability in Hucart 5.7.4 HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | 7.5 |
2018-11-21 | CVE-2018-19410 | Paessler | Unspecified vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). | 7.5 |
2018-11-21 | CVE-2009-5153 | Microfocus | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Netware In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | 7.5 |
2018-11-20 | CVE-2018-18861 | Pcman FTP Server Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcman FTP Server Project Pcman FTP Server 2.0.7 Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. | 7.5 |
2018-11-19 | CVE-2018-9209 | Fineuploader | Unrestricted Upload of File with Dangerous Type vulnerability in Fineuploader PHP-Traditional-Server Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 | 7.5 |
2018-11-19 | CVE-2018-9207 | Hayageek | Unrestricted Upload of File with Dangerous Type vulnerability in Hayageek Jquery Upload File Arbitrary file upload in jQuery Upload File <= 4.0.2 | 7.5 |
2018-11-19 | CVE-2018-19355 | Prestashop Customer Files Upload Project Mypresta | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | 7.5 |
2018-11-21 | CVE-2018-19422 | Intelliants | Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1 /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | 7.2 |
2018-11-20 | CVE-2018-18859 | Liquidvpn | OS Command Injection vulnerability in Liquidvpn 1.36/1.37 Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. | 7.2 |
2018-11-20 | CVE-2018-18858 | Liquidvpn | OS Command Injection vulnerability in Liquidvpn 1.36/1.37 Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. | 7.2 |
2018-11-20 | CVE-2018-18857 | Liquidvpn | OS Command Injection vulnerability in Liquidvpn 1.36/1.37 Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. | 7.2 |
2018-11-20 | CVE-2018-18856 | Liquidvpn | OS Command Injection vulnerability in Liquidvpn 1.36/1.37 Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. | 7.2 |
2018-11-20 | CVE-2018-18440 | Denx | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx U-Boot DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. | 7.2 |
52 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-11-23 | CVE-2018-19504 | Audiocoding | NULL Pointer Dereference vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.8.1 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. | 6.8 |
2018-11-23 | CVE-2018-19503 | Audiocoding | Out-of-bounds Write vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.8.1 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. | 6.8 |
2018-11-23 | CVE-2018-19502 | Audiocoding | Out-of-bounds Write vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.8.1 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. | 6.8 |
2018-11-23 | CVE-2018-19492 | Gnuplot Debian Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in cairo.trm in Gnuplot 5.2.5. | 6.8 |
2018-11-23 | CVE-2018-19491 | Gnuplot Debian Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in post.trm in Gnuplot 5.2.5. | 6.8 |
2018-11-23 | CVE-2018-19490 | Gnuplot Debian Opensuse | Out-of-bounds Write vulnerability in multiple products An issue was discovered in datafile.c in Gnuplot 5.2.5. | 6.8 |
2018-11-22 | CVE-2018-19459 | Armcode | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Armcode Adult Filter 1.0 Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. | 6.8 |
2018-11-21 | CVE-2018-19416 | Sysstat Project | Out-of-bounds Read vulnerability in Sysstat Project Sysstat 12.1.1 An issue was discovered in sysstat 12.1.1. | 6.8 |
2018-11-19 | CVE-2018-18519 | Bestxsoftware | Untrusted Search Path vulnerability in Bestxsoftware Best Free Keylogger BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group. | 6.8 |
2018-11-25 | CVE-2018-19520 | Sdcms PHP | Code Injection vulnerability in multiple products An issue was discovered in SDCMS 1.6 with PHP 5.x. | 6.5 |
2018-11-23 | CVE-2018-19499 | Vanillaforums | Deserialization of Untrusted Data vulnerability in Vanillaforums Vanilla Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. | 6.5 |
2018-11-22 | CVE-2018-19457 | Logicspice | Unrestricted Upload of File with Dangerous Type vulnerability in Logicspice FAQ Script 2.9.7 Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | 6.5 |
2018-11-22 | CVE-2018-19436 | Weberp | SQL Injection vulnerability in Weberp 4.15 An issue was discovered in the Manufacturing component in webERP 4.15. | 6.5 |
2018-11-22 | CVE-2018-19435 | Weberp | SQL Injection vulnerability in Weberp 4.15 An issue was discovered in the Sales component in webERP 4.15. | 6.5 |
2018-11-22 | CVE-2018-19434 | Weberp | SQL Injection vulnerability in Weberp 4.15 An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. | 6.5 |
2018-11-21 | CVE-2018-19424 | Clippercms | Unrestricted Upload of File with Dangerous Type vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | 6.5 |
2018-11-21 | CVE-2018-19423 | Codiad | Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4 Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | 6.5 |
2018-11-21 | CVE-2018-19411 | Paessler | Improper Privilege Management vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | 6.5 |
2018-11-21 | CVE-2018-19404 | Yxcms | Code Injection vulnerability in Yxcms 1.4.7 In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. | 6.5 |
2018-11-19 | CVE-2018-15761 | Pivotal Software | Unspecified vulnerability in Pivotal Software Cloud Foundry UAA and Cloudfoundry UAA Release Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. | 6.5 |
2018-11-20 | CVE-2018-18774 | Control Webpanel | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | 6.1 |
2018-11-20 | CVE-2018-17948 | Microfocus | Open Redirect vulnerability in Microfocus Access Manager An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | 6.1 |
2018-11-20 | CVE-2018-19376 | Greencms | Cross-Site Request Forgery (CSRF) vulnerability in Greencms 2.3.0603 An issue was discovered in GreenCMS v2.3.0603. | 5.8 |
2018-11-25 | CVE-2018-19519 | Tcpdump | Missing Initialization of Resource vulnerability in Tcpdump 4.9.2 In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. | 5.5 |
2018-11-20 | CVE-2018-19335 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404/20180504 Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | 5.3 | |
2018-11-20 | CVE-2018-19334 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404 Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | 5.3 | |
2018-11-20 | CVE-2018-10099 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | 5.3 | |
2018-11-22 | CVE-2018-19458 | PHP Proxy | Improper Authentication vulnerability in PHP-Proxy 3.0.3 In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | 5.0 |
2018-11-20 | CVE-2018-19396 | PHP | Deserialization of Untrusted Data vulnerability in PHP ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. | 5.0 |
2018-11-20 | CVE-2018-19395 | PHP | NULL Pointer Dereference vulnerability in PHP ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). | 5.0 |
2018-11-20 | CVE-2018-16224 | Ismartalarm | Information Exposure vulnerability in Ismartalarm Cubeone Firmware Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. | 5.0 |
2018-11-20 | CVE-2018-16223 | Qbeecam | Insufficiently Protected Credentials vulnerability in Qbeecam Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. | 5.0 |
2018-11-20 | CVE-2018-1779 | IBM | Allocation of Resources Without Limits or Throttling vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. | 5.0 |
2018-11-20 | CVE-2018-19367 | Portainer | Unspecified vulnerability in Portainer Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. | 5.0 |
2018-11-19 | CVE-2018-15759 | Pivotal Software | Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Broker API and ON Demand Services SDK Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. | 5.0 |
2018-11-21 | CVE-2018-19407 | Linux Canonical | NULL Pointer Dereference vulnerability in Linux Kernel The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. | 4.9 |
2018-11-21 | CVE-2018-19406 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. | 4.9 |
2018-11-24 | CVE-2018-19517 | Sysstat Project | Out-of-bounds Read vulnerability in Sysstat Project Sysstat 12.1.1 An issue was discovered in sysstat 12.1.1. | 4.3 |
2018-11-23 | CVE-2018-19469 | Articlecms Project | Cross-site Scripting vulnerability in Articlecms Project Articlecms 20170219 ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | 4.3 |
2018-11-22 | CVE-2018-19443 | Tryton | Session Fixation vulnerability in Tryton 5.0.0 The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. | 4.3 |
2018-11-22 | CVE-2018-19433 | Showdoc | Cross-site Scripting vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | 4.3 |
2018-11-22 | CVE-2018-19432 | Libsndfile Project Debian | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in libsndfile 1.0.28. | 4.3 |
2018-11-20 | CVE-2018-19390 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader 9.3.0.10826 FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. | 4.3 |
2018-11-20 | CVE-2018-19389 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader 9.3.0.10826 FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. | 4.3 |
2018-11-20 | CVE-2018-19388 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader 9.3.0.10826 FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue. | 4.3 |
2018-11-20 | CVE-2018-18865 | Royalapplications | Information Exposure vulnerability in Royalapplications Royal TS The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | 4.3 |
2018-11-20 | CVE-2018-18716 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | 4.3 |
2018-11-20 | CVE-2018-18715 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | 4.3 |
2018-11-20 | CVE-2018-18565 | Roche | Unrestricted Upload of File with Dangerous Type vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). | 4.1 |
2018-11-22 | CVE-2018-19437 | Ucms Project | Unspecified vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. | 4.0 |
2018-11-21 | CVE-2018-19421 | GET Simple | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 4.0 |
2018-11-21 | CVE-2018-19420 | GET Simple | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-11-22 | CVE-2018-19464 | Dismall | Cross-site Scripting vulnerability in Dismall Discuz! 3.4 Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. | 3.5 |
2018-11-20 | CVE-2018-18564 | Roche | Unspecified vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). | 3.3 |
2018-11-20 | CVE-2018-18562 | Roche | Weak Password Requirements vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. | 3.3 |
2018-11-19 | CVE-2018-17906 | Philips | Credentials Management vulnerability in Philips Intellispace Pacs and Isite Pacs Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. | 3.3 |
2018-11-20 | CVE-2018-16222 | Ismartalarm | Insufficiently Protected Credentials vulnerability in Ismartalarm Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. | 2.1 |
2018-11-19 | CVE-2018-1841 | IBM | Information Exposure vulnerability in IBM Cloud Private 2.1.0 IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. | 2.1 |
2018-11-21 | CVE-2018-1843 | IBM | Information Exposure vulnerability in IBM Cloud Private 3.1.0 The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. | 1.9 |
2018-11-20 | CVE-2018-12038 | Samsung | Insufficiently Protected Credentials vulnerability in Samsung 840 EVO Firmware An issue was discovered on Samsung 840 EVO devices. | 1.9 |
2018-11-20 | CVE-2018-12037 | Samsung Micron | An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. | 1.9 |