Weekly Vulnerabilities Reports > November 19 to 25, 2018

Overview

89 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 61 vendors including Debian, Canonical, Roche, Redhat, and PHP. Vulnerabilities are notably categorized as "Unrestricted Upload of File with Dangerous Type", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Out-of-bounds Read", and "Cross-Site Request Forgery (CSRF)".

  • 71 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 69 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Contiki NG has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-21 CVE-2018-19417 Contiki NG Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Contiki-Ng

An issue was discovered in the MQTT server in Contiki-NG before 4.2.

10.0
2018-11-20 CVE-2018-18439 Denx Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx DAS U-Boot Firmware

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled.

10.0
2018-11-20 CVE-2018-18864 Loadbalancer Cross-site Scripting vulnerability in Loadbalancer Enterprise VA MAX

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

9.3

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-25 CVE-2018-19518 PHP
Debian
UW Imap Project
Argument Injection or Modification vulnerability in multiple products

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics.

8.5
2018-11-20 CVE-2018-18563 Roche Unrestricted Upload of File with Dangerous Type vulnerability in Roche products

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000).

8.3
2018-11-20 CVE-2018-18561 Roche Incorrect Permission Assignment for Critical Resource vulnerability in Roche products

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04.

7.7
2018-11-23 CVE-2018-19486 GIT SCM
Linux
Canonical
Untrusted Search Path vulnerability in Git-Scm GIT

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

7.5
2018-11-23 CVE-2018-19468 Hucart SQL Injection vulnerability in Hucart 5.7.4

HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.

7.5
2018-11-21 CVE-2018-19410 Paessler Unspecified vulnerability in Paessler Prtg Network Monitor

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator).

7.5
2018-11-21 CVE-2018-19409 Artifex
Debian
Canonical
Redhat
An issue was discovered in Artifex Ghostscript before 9.26.
7.5
2018-11-21 CVE-2009-5153 Microfocus Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Netware

In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.

7.5
2018-11-20 CVE-2018-18861 Pcman FTP Server Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcman FTP Server Project Pcman FTP Server 2.0.7

Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.

7.5
2018-11-19 CVE-2018-9209 Fineuploader Unrestricted Upload of File with Dangerous Type vulnerability in Fineuploader PHP-Traditional-Server

Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2

7.5
2018-11-19 CVE-2018-9207 Hayageek Unrestricted Upload of File with Dangerous Type vulnerability in Hayageek Jquery Upload File

Arbitrary file upload in jQuery Upload File <= 4.0.2

7.5
2018-11-19 CVE-2018-17190 Apache Unspecified vulnerability in Apache Spark

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts.

7.5
2018-11-19 CVE-2018-19355 Prestashop
Customer Files Upload Project
Mypresta
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).

7.5
2018-11-20 CVE-2018-18859 Liquidvpn OS Command Injection vulnerability in Liquidvpn 1.36/1.37

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS.

7.2
2018-11-20 CVE-2018-18858 Liquidvpn OS Command Injection vulnerability in Liquidvpn 1.36/1.37

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS.

7.2
2018-11-20 CVE-2018-18857 Liquidvpn OS Command Injection vulnerability in Liquidvpn 1.36/1.37

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS.

7.2
2018-11-20 CVE-2018-18856 Liquidvpn OS Command Injection vulnerability in Liquidvpn 1.36/1.37

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS.

7.2
2018-11-20 CVE-2018-18440 Denx Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx U-Boot

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.

7.2

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-23 CVE-2018-19504 Audiocoding NULL Pointer Dereference vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.8.1

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1.

6.8
2018-11-23 CVE-2018-19503 Audiocoding Out-of-bounds Write vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.8.1

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1.

6.8
2018-11-23 CVE-2018-19502 Audiocoding Out-of-bounds Write vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.8.1

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1.

6.8
2018-11-23 CVE-2018-19492 Gnuplot
Debian
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in cairo.trm in Gnuplot 5.2.5.

6.8
2018-11-23 CVE-2018-19491 Gnuplot
Debian
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in post.trm in Gnuplot 5.2.5.

6.8
2018-11-23 CVE-2018-19490 Gnuplot
Debian
Opensuse
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in datafile.c in Gnuplot 5.2.5.

6.8
2018-11-23 CVE-2018-19477 Artifex
Debian
Canonical
Redhat
Incorrect Type Conversion or Cast vulnerability in multiple products

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

6.8
2018-11-23 CVE-2018-19476 Artifex
Debian
Canonical
Redhat
Incorrect Type Conversion or Cast vulnerability in multiple products

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

6.8
2018-11-23 CVE-2018-19475 Artifex
Debian
Canonical
Redhat
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
6.8
2018-11-22 CVE-2018-19459 Armcode Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Armcode Adult Filter 1.0

Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.

6.8
2018-11-21 CVE-2018-19416 Sysstat Project Out-of-bounds Read vulnerability in Sysstat Project Sysstat 12.1.1

An issue was discovered in sysstat 12.1.1.

6.8
2018-11-20 CVE-2018-18773 Centos Webpanel Cross-Site Request Forgery (CSRF) vulnerability in Centos-Webpanel Centos web Panel

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.

6.8
2018-11-20 CVE-2018-18772 Centos Webpanel Cross-Site Request Forgery (CSRF) vulnerability in Centos-Webpanel Centos web Panel

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.

6.8
2018-11-19 CVE-2018-18519 Bestxsoftware Untrusted Search Path vulnerability in Bestxsoftware Best Free Keylogger

BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.

6.8
2018-11-25 CVE-2018-19520 Sdcms
PHP
Code Injection vulnerability in multiple products

An issue was discovered in SDCMS 1.6 with PHP 5.x.

6.5
2018-11-23 CVE-2018-19499 Vanillaforums Deserialization of Untrusted Data vulnerability in Vanillaforums Vanilla

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.

6.5
2018-11-22 CVE-2018-19463 Zblogcn Code Injection vulnerability in Zblogcn Z-Blogphp 1.5.0.1525/1.5.0.1626

** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI.

6.5
2018-11-22 CVE-2018-19457 Logicspice Unrestricted Upload of File with Dangerous Type vulnerability in Logicspice FAQ Script 2.9.7

Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.

6.5
2018-11-22 CVE-2018-19436 Weberp SQL Injection vulnerability in Weberp 4.15

An issue was discovered in the Manufacturing component in webERP 4.15.

6.5
2018-11-22 CVE-2018-19435 Weberp SQL Injection vulnerability in Weberp 4.15

An issue was discovered in the Sales component in webERP 4.15.

6.5
2018-11-22 CVE-2018-19434 Weberp SQL Injection vulnerability in Weberp 4.15

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15.

6.5
2018-11-21 CVE-2018-19424 Clippercms Unrestricted Upload of File with Dangerous Type vulnerability in Clippercms 1.3.3

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.

6.5
2018-11-21 CVE-2018-19423 Codiad Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.

6.5
2018-11-21 CVE-2018-19422 Intelliants Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

6.5
2018-11-21 CVE-2018-19411 Paessler Improper Privilege Management vulnerability in Paessler Prtg Network Monitor

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.

6.5
2018-11-21 CVE-2018-19404 Yxcms Code Injection vulnerability in Yxcms 1.4.7

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL.

6.5
2018-11-19 CVE-2018-15761 Pivotal Software Unspecified vulnerability in Pivotal Software Cloud Foundry UAA and Cloudfoundry UAA Release

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation.

6.5
2018-11-20 CVE-2018-19376 Greencms Cross-Site Request Forgery (CSRF) vulnerability in Greencms 2.3.0603

An issue was discovered in GreenCMS v2.3.0603.

5.8
2018-11-20 CVE-2018-17948 Microfocus Open Redirect vulnerability in Microfocus Access Manager

An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.

5.8
2018-11-22 CVE-2018-19458 PHP Proxy Improper Authentication vulnerability in PHP-Proxy 3.0.3

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.

5.0
2018-11-20 CVE-2018-19396 PHP Deserialization of Untrusted Data vulnerability in PHP

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

5.0
2018-11-20 CVE-2018-19395 PHP NULL Pointer Dereference vulnerability in PHP

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").

5.0
2018-11-20 CVE-2018-16224 Ismartalarm Information Exposure vulnerability in Ismartalarm Cubeone Firmware

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.

5.0
2018-11-20 CVE-2018-16223 Qbeecam Insufficiently Protected Credentials vulnerability in Qbeecam

Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.

5.0
2018-11-20 CVE-2018-1779 IBM Allocation of Resources Without Limits or Throttling vulnerability in IBM API Connect

IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size.

5.0
2018-11-20 CVE-2018-19367 Portainer Unspecified vulnerability in Portainer

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created.

5.0
2018-11-19 CVE-2018-15759 Pivotal Software Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Broker API and ON Demand Services SDK

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials.

5.0
2018-11-21 CVE-2018-19407 Linux
Canonical
NULL Pointer Dereference vulnerability in Linux Kernel

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.

4.9
2018-11-21 CVE-2018-19406 Linux NULL Pointer Dereference vulnerability in Linux Kernel

kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.

4.9
2018-11-25 CVE-2018-19519 Tcpdump Out-of-bounds Read vulnerability in Tcpdump 4.9.2

In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.

4.3
2018-11-24 CVE-2018-19517 Sysstat Project Out-of-bounds Read vulnerability in Sysstat Project Sysstat 12.1.1

An issue was discovered in sysstat 12.1.1.

4.3
2018-11-23 CVE-2018-19469 Articlecms Project Cross-site Scripting vulnerability in Articlecms Project Articlecms 20170219

ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.

4.3
2018-11-22 CVE-2018-19443 Tryton Session Fixation vulnerability in Tryton 5.0.0

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py.

4.3
2018-11-22 CVE-2018-19433 Showdoc Cross-site Scripting vulnerability in Showdoc 2.4.1

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.

4.3
2018-11-22 CVE-2018-19432 Libsndfile Project
Debian
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in libsndfile 1.0.28.

4.3
2018-11-20 CVE-2018-19390 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader 9.3.0.10826

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue.

4.3
2018-11-20 CVE-2018-19389 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader 9.3.0.10826

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue.

4.3
2018-11-20 CVE-2018-19388 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader 9.3.0.10826

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.

4.3
2018-11-20 CVE-2018-18865 Royalapplications Information Exposure vulnerability in Royalapplications Royal TS

The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.

4.3
2018-11-20 CVE-2018-18774 Centos Webpanel Cross-site Scripting vulnerability in Centos-Webpanel Centos web Panel

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.

4.3
2018-11-20 CVE-2018-18716 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3

Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.

4.3
2018-11-20 CVE-2018-18715 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3

Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.

4.3
2018-11-20 CVE-2018-19334 Google Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.

4.3
2018-11-20 CVE-2018-10099 Google Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.

4.3
2018-11-20 CVE-2018-18565 Roche Unrestricted Upload of File with Dangerous Type vulnerability in Roche products

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000).

4.1
2018-11-22 CVE-2018-19437 Ucms Project Unspecified vulnerability in Ucms Project Ucms 1.4.7

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.

4.0
2018-11-21 CVE-2018-19421 GET Simple Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

4.0
2018-11-21 CVE-2018-19420 GET Simple Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-22 CVE-2018-19464 Dismall Cross-site Scripting vulnerability in Dismall Discuz! 3.4

Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code.

3.5
2018-11-20 CVE-2018-18564 Roche Unspecified vulnerability in Roche products

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000).

3.3
2018-11-20 CVE-2018-18562 Roche Weak Password Requirements vulnerability in Roche products

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04.

3.3
2018-11-19 CVE-2018-17906 Philips Credentials Management vulnerability in Philips Intellispace Pacs and Isite Pacs

Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions.

3.3
2018-11-20 CVE-2018-19335 Google Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404/20180504

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.

2.6
2018-11-20 CVE-2018-16222 Ismartalarm Insufficiently Protected Credentials vulnerability in Ismartalarm

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.

2.1
2018-11-19 CVE-2018-1841 IBM Information Exposure vulnerability in IBM Cloud Private 2.1.0

IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node.

2.1
2018-11-21 CVE-2018-1843 IBM Information Exposure vulnerability in IBM Cloud Private 3.1.0

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster.

1.9
2018-11-20 CVE-2018-12038 Samsung Insufficiently Protected Credentials vulnerability in Samsung 840 EVO Firmware

An issue was discovered on Samsung 840 EVO devices.

1.9
2018-11-20 CVE-2018-12037 Samsung
Micron
An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices.
1.9