Weekly Vulnerabilities Reports > November 26 to December 2, 2018

Overview

287 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 67 high severity vulnerabilities. This weekly summary report vulnerabilities in 264 products from 97 vendors including Google, Debian, Terra Master, Canonical, and Qualcomm. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Out-of-bounds Read", "OS Command Injection", and "Improper Input Validation".

  • 223 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities have public exploit available.
  • 94 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 230 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 31 reported vulnerabilities.
  • Terra Master has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-29 CVE-2018-15981 Adobe
Apple
Linux
Microsoft
Google
Redhat
Incorrect Type Conversion or Cast vulnerability in multiple products

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability.

10.0
2018-11-28 CVE-2018-19646 Imperva OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.

10.0
2018-11-28 CVE-2018-14746 Qnap Command Injection vulnerability in Qnap QTS

Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.

10.0
2018-11-28 CVE-2017-18318 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A.

10.0
2018-11-27 CVE-2018-0721 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4

Buffer Overflow vulnerability in NAS devices.

10.0
2018-11-27 CVE-2018-13354 Terra Master OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.

10.0
2018-11-27 CVE-2018-13338 Terra Master OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.

10.0
2018-11-27 CVE-2018-13336 Terra Master OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.

10.0
2018-11-27 CVE-2018-13316 Totolink OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.

10.0
2018-11-27 CVE-2018-13314 Totolink OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.

10.0
2018-11-27 CVE-2018-13307 Totolink OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter.

10.0
2018-11-27 CVE-2018-13306 Totolink OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.

10.0
2018-11-26 CVE-2018-13311 Totolink OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.

10.0
2018-11-26 CVE-2018-11066 Dell
Vmware
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability.
10.0
2018-11-26 CVE-2018-19528 TP Link Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-Wr886N Firmware 7.0.1.1.0

TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.

10.0
2018-11-29 CVE-2018-8786 Freerdp
Canonical
Debian
Fedoraproject
Redhat
Incorrect Conversion between Numeric Types vulnerability in multiple products

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

9.8
2018-11-28 CVE-2018-17930 Teledynedalsa Out-of-bounds Write vulnerability in Teledynedalsa Sherlock 7.2.7.4

A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.

9.8
2018-11-27 CVE-2018-9083 Lenovo Use of Hard-coded Credentials vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.

9.3
2018-11-26 CVE-2018-19560 Bagesoft Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.

9.3
2018-11-30 CVE-2018-15716 Nuuo OS Command Injection vulnerability in Nuuo Nvrmini2 Firmware 3.9.1

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection.

9.0
2018-11-30 CVE-2018-15767 Dell Incorrect Authorization vulnerability in Dell Openmanage Network Manager

The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.

9.0
2018-11-27 CVE-2018-13418 Terra Master OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.

9.0
2018-11-27 CVE-2018-13358 Terra Master OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.

9.0
2018-11-27 CVE-2018-13356 Terra Master Incorrect Authorization vulnerability in Terra-Master Terramaster Operating System 3.1.03

Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.

9.0
2018-11-27 CVE-2018-13353 Terra Master OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.

9.0
2018-11-27 CVE-2018-13330 Terra Master OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

9.0
2018-11-27 CVE-2018-16130 MI OS Command Injection vulnerability in MI Miwifi OS 2.22.15

System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.

9.0
2018-11-27 CVE-2018-14893 Zyxel Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.

9.0
2018-11-27 CVE-2018-13023 MI OS Command Injection vulnerability in MI Miwifi OS 2.22.15

System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.

9.0
2018-11-26 CVE-2018-19537 TP Link Unrestricted Upload of File with Dangerous Type vulnerability in Tp-Link Archer C5 Firmware

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account.

9.0

67 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-01 CVE-2018-3950 TP Link Out-of-bounds Write vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0

An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server.

8.8
2018-11-29 CVE-2018-19655 Dcraw Project
Suse
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

8.8
2018-11-27 CVE-2018-11766 Apache Unspecified vulnerability in Apache Hadoop 2.7.4/2.7.5/2.7.6

In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete.

8.8
2018-11-26 CVE-2018-19553 Interspire SQL Injection vulnerability in Interspire Email Marketer

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php

8.8
2018-11-26 CVE-2018-19552 Interspire SQL Injection vulnerability in Interspire Email Marketer

Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.

8.8
2018-11-26 CVE-2018-19551 Interspire SQL Injection vulnerability in Interspire Email Marketer

Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.

8.8
2018-11-26 CVE-2018-19550 Interspire Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.

8.8
2018-11-26 CVE-2018-19549 Interspire SQL Injection vulnerability in Interspire Email Marketer

Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.

8.8
2018-11-27 CVE-2018-16089 Lenovo OS Command Injection vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

8.5
2018-11-27 CVE-2018-17953 Kernel Unspecified vulnerability in Kernel Linux-Pam 1.3.0

A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).

8.1
2018-11-28 CVE-2018-14748 Qnap Incorrect Authorization vulnerability in Qnap QTS

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.

7.8
2018-12-01 CVE-2018-3949 TP Link Path Traversal vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN.

7.5
2018-11-30 CVE-2018-15715 Zoom Improper Input Validation vulnerability in Zoom

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing.

7.5
2018-11-30 CVE-2018-19290 Budabot OS Command Injection vulnerability in Budabot

In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5" command.

7.5
2018-11-30 CVE-2018-3948 TP Link Improper Input Validation vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server.

7.5
2018-11-29 CVE-2018-18619 Advanced Comment System Project SQL Injection vulnerability in Advanced Comment System Project Advanced Comment System 1.0

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter.

7.5
2018-11-29 CVE-2018-19120 KDE Information Exposure vulnerability in KDE Applications

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.

7.5
2018-11-29 CVE-2018-8788 Freerdp
Canonical
Debian
Out-of-bounds Write vulnerability in multiple products

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

7.5
2018-11-29 CVE-2018-8787 Freerdp
Canonical
Debian
Integer Overflow or Wraparound vulnerability in multiple products

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

7.5
2018-11-29 CVE-2018-8785 Freerdp
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.

7.5
2018-11-29 CVE-2018-8784 Freerdp
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.

7.5
2018-11-29 CVE-2018-19692 Tp5Cms Project Unrestricted Upload of File with Dangerous Type vulnerability in Tp5Cms Project Tp5Cms 20170315/20170525

An issue was discovered in tp5cms through 2017-05-25.

7.5
2018-11-29 CVE-2018-18649 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

7.5
2018-11-29 CVE-2018-19628 Wireshark
Debian
Divide By Zero vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash.

7.5
2018-11-29 CVE-2018-19627 Wireshark
Debian
Out-of-bounds Read vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash.

7.5
2018-11-29 CVE-2018-19623 Wireshark
Debian
Out-of-bounds Write vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash.

7.5
2018-11-29 CVE-2018-19622 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop.

7.5
2018-11-28 CVE-2018-15441 Cisco SQL Injection vulnerability in Cisco Prime License Manager 11.5(1)

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.

7.5
2018-11-28 CVE-2018-14749 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.

7.5
2018-11-27 CVE-2018-13350 Terra Master SQL Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.

7.5
2018-11-27 CVE-2018-17936 Nuuo Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo CMS 3.1/3.3

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.

7.5
2018-11-27 CVE-2018-17934 Nuuo Path Traversal vulnerability in Nuuo CMS 3.1/3.3

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory.

7.5
2018-11-27 CVE-2018-19595 Pbootcms Code Injection vulnerability in Pbootcms 1.3.1

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.

7.5
2018-11-26 CVE-2018-13324 Buffalo Incorrect Authorization vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.

7.5
2018-11-26 CVE-2018-19559 Cuppacms SQL Injection vulnerability in Cuppacms

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.

7.5
2018-11-26 CVE-2018-19558 Arcms Project SQL Injection vulnerability in Arcms Project Arcms 20180318/20180319

An issue was discovered in arcms through 2018-03-19.

7.5
2018-11-26 CVE-2018-19557 Arcms Project SQL Injection vulnerability in Arcms Project Arcms 20180318/20180319

An issue was discovered in arcms through 2018-03-19.

7.5
2018-11-26 CVE-2018-19531 Httl Project Improper Input Validation vulnerability in Httl Project Httl

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.

7.5
2018-11-26 CVE-2018-19530 Httl Project Improper Input Validation vulnerability in Httl Project Httl

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.

7.5
2018-12-01 CVE-2018-3951 TP Link Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-R600Vpn Firmware

An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server.

7.2
2018-11-30 CVE-2018-18860 Switchvpn Unspecified vulnerability in Switchvpn 2.1012.03

A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS.

7.2
2018-11-29 CVE-2018-19666 Ossec
Microsoft
Wazuh
Path Traversal vulnerability in multiple products

The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.

7.2
2018-11-28 CVE-2018-5917 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

7.2
2018-11-28 CVE-2018-5912 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660

7.2
2018-11-28 CVE-2018-5877 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.

7.2
2018-11-28 CVE-2018-5870 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm SD 835 Firmware, Sda660 Firmware and Sdx24 Firmware

While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24.

7.2
2018-11-28 CVE-2018-11996 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24.

7.2
2018-11-28 CVE-2018-11994 Qualcomm Unspecified vulnerability in Qualcomm products

SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

7.2
2018-11-28 CVE-2018-11921 Qualcomm Improper Handling of Exceptional Conditions vulnerability in Qualcomm products

Failure condition is not handled properly and the correct error code is not returned.

7.2
2018-11-28 CVE-2018-11264 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660.

7.2
2018-11-28 CVE-2017-18317 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A.

7.2
2018-11-28 CVE-2017-18316 Qualcomm Unspecified vulnerability in Qualcomm products

Secure application can access QSEE kernel memory through Ontario kernel driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

7.2
2018-11-28 CVE-2017-18315 Qualcomm Out-of-bounds Read vulnerability in Qualcomm SD 600 Firmware

Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600.

7.2
2018-11-27 CVE-2018-6983 Vmware
Apple
Integer Overflow or Wraparound vulnerability in VMWare Fusion and Workstation

VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices.

7.2
2018-11-27 CVE-2018-11995 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image.

7.2
2018-11-27 CVE-2018-11956 Google Unspecified vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a potential security issue.

7.2
2018-11-27 CVE-2018-11914 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security.

7.2
2018-11-27 CVE-2018-11913 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue.

7.2
2018-11-27 CVE-2018-11912 Google Improper Privilege Management vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access.

7.2
2018-11-27 CVE-2018-11911 Google Improper Privilege Management vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access.

7.2
2018-11-27 CVE-2018-11910 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue.

7.2
2018-11-27 CVE-2018-11909 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue.

7.2
2018-11-27 CVE-2018-11908 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which presents a potential issue.

7.2
2018-11-27 CVE-2018-11907 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/ which presents a potential issue.

7.2
2018-11-27 CVE-2018-11906 Google Incorrect Default Permissions vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs.

7.2
2018-11-27 CVE-2018-11261 Google Use After Free vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process.

7.2
2018-11-26 CVE-2018-11077 Dell
Vmware
OS Command Injection vulnerability in multiple products

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability.

7.2

170 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-28 CVE-2018-18203 Subaru Improper Verification of Cryptographic Signature vulnerability in Subaru products

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit.

6.9
2018-12-01 CVE-2018-4040 Atlantiswordprocessor Access of Uninitialized Pointer vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.7.2

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2.

6.8
2018-12-01 CVE-2018-4039 Atlantiswordprocessor Out-of-bounds Write vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.7.2

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2.

6.8
2018-12-01 CVE-2018-4038 Atlantiswordprocessor Incorrect Calculation of Buffer Size vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.7.1/3.2.7.2

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string.

6.8
2018-11-30 CVE-2018-18987 Invt Deserialization of Untrusted Data vulnerability in Invt Vt-Designer 2.1.7.31

VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations.

6.8
2018-11-30 CVE-2018-18983 Invt Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Invt Vt-Designer 2.1.7.31

VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.

6.8
2018-11-30 CVE-2018-1927 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Storediq

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2018-11-30 CVE-2018-14637 Redhat Improper Authentication vulnerability in Redhat Keycloak

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions.

6.8
2018-11-30 CVE-2018-19762 Libsixel Project Out-of-bounds Write vulnerability in Libsixel Project Libsixel 1.8.2

There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.

6.8
2018-11-30 CVE-2018-19760 Libconfuse Project Missing Release of Resource after Effective Lifetime vulnerability in Libconfuse Project Libconfuse 3.2.2

cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.

6.8
2018-11-29 CVE-2018-12245 Symantec Untrusted Search Path vulnerability in Symantec Endpoint Protection

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker.

6.8
2018-11-28 CVE-2018-12120 Nodejs Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nodejs Node.Js

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default.

6.8
2018-11-27 CVE-2018-13359 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.

6.8
2018-11-27 CVE-2018-14892 Zyxel Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.

6.8
2018-11-27 CVE-2018-16094 Lenovo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.

6.8
2018-11-27 CVE-2018-16091 Lenovo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.

6.8
2018-11-26 CVE-2018-16854 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier.

6.8
2018-11-26 CVE-2018-19562 Phpok Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.015

An issue was discovered in PHPok 4.9.015.

6.8
2018-11-26 CVE-2018-19561 Sikcms Cross-Site Request Forgery (CSRF) vulnerability in Sikcms 1.1

sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.

6.8
2018-11-26 CVE-2018-19555 Tp4A Cross-Site Request Forgery (CSRF) vulnerability in Tp4A Teleport 3.1.0

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.

6.8
2018-11-26 CVE-2018-19546 Jtbc Cross-Site Request Forgery (CSRF) vulnerability in Jtbc PHP 3.0.1.7

JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.

6.8
2018-11-26 CVE-2018-19545 Jeecms Cross-Site Request Forgery (CSRF) vulnerability in Jeecms 9.3

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.

6.8
2018-11-26 CVE-2018-19543 Jasper Project
Canonical
Debian
Suse
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in JasPer 2.0.14.

6.8
2018-11-26 CVE-2018-19541 Jasper Project
Canonical
Suse
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16.

6.8
2018-11-26 CVE-2018-19540 Jasper Project
Suse
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16.

6.8
2018-11-26 CVE-2018-19532 Podofo Project NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.6

A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose.

6.8
2018-11-30 CVE-2018-7807 Schneider Electric Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Expert

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server.

6.5
2018-11-30 CVE-2018-7806 Schneider Electric Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Operation

Data Center Operation allows for the upload of a zip file from its user interface to the server.

6.5
2018-11-29 CVE-2018-19497 Sleuthkit
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).

6.5
2018-11-29 CVE-2018-15537 Ocsinventory NG Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng Ocsinventory NG

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.

6.5
2018-11-28 CVE-2018-19651 Interspire Server-Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL.

6.5
2018-11-27 CVE-2018-18982 Nuuo SQL Injection vulnerability in Nuuo CMS 3.1/3.3

NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.

6.5
2018-11-26 CVE-2018-13321 Buffalo Incorrect Permission Assignment for Critical Resource vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.

6.5
2018-11-26 CVE-2018-13320 Buffalo OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.

6.5
2018-11-26 CVE-2018-13318 Buffalo OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.

6.5
2018-11-26 CVE-2018-19535 Exiv2
Debian
Redhat
Canonical
Out-of-bounds Read vulnerability in multiple products

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

6.5
2018-11-30 CVE-2018-7809 Schneider Electric Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

6.4
2018-11-28 CVE-2018-5916 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130.

6.1
2018-11-27 CVE-2018-5919 Google Use After Free vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot.

6.1
2018-11-27 CVE-2018-5856 Google Use After Free vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio.

6.1
2018-11-27 CVE-2018-11946 Google Unspecified vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication.

6.1
2018-11-28 CVE-2018-19370 Yoast Race Condition vulnerability in Yoast SEO

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.

6.0
2018-11-27 CVE-2018-16090 Lenovo OS Command Injection vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.

6.0
2018-11-29 CVE-2018-11002 Pulsesecure Incorrect Permission Assignment for Critical Resource vulnerability in Pulsesecure Pulse Secure Desktop Client

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.

5.8
2018-11-29 CVE-2018-19662 Libsndfile Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in libsndfile 1.0.28.

5.8
2018-11-27 CVE-2018-7960 Huawei Cleartext Transmission of Sensitive Information vulnerability in Huawei Espace 7950 Firmware V200R003C30

There is a SRTP icon display vulnerability in Huawei eSpace product.

5.8
2018-11-27 CVE-2018-7958 Huawei Improper Authentication vulnerability in Huawei Espace 7950 Firmware V200R003C30

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product.

5.8
2018-11-27 CVE-2018-13337 Terra Master Session Fixation vulnerability in Terra-Master Terramaster Operating System 3.1.03

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

5.8
2018-11-26 CVE-2018-19566 Dcraw Project Out-of-bounds Read vulnerability in Dcraw Project Dcraw 7.00/9.28

A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

5.8
2018-11-26 CVE-2018-19565 Dcraw Project Out-of-bounds Read vulnerability in Dcraw Project Dcraw 7.00/9.28

A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.

5.8
2018-11-26 CVE-2018-11067 Dell
Vmware
Open Redirect vulnerability in multiple products

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability.

5.8
2018-11-30 CVE-2018-19777 Artifex
Debian
Infinite Loop vulnerability in multiple products

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

5.5
2018-11-29 CVE-2018-19626 Wireshark
Debian
Use of Uninitialized Resource vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash.

5.5
2018-11-29 CVE-2018-19625 Wireshark
Debian
Out-of-bounds Read vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash.

5.5
2018-11-29 CVE-2018-19624 Wireshark
Debian
NULL Pointer Dereference vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash.

5.5
2018-11-26 CVE-2018-1905 IBM XXE vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-11-26 CVE-2018-19554 Dotcms Cross-site Scripting vulnerability in Dotcms

An issue was discovered in Dotcms through 5.0.3.

5.4
2018-12-01 CVE-2018-19784 PHP Proxy Inadequate Encryption Strength vulnerability in PHP-Proxy 5.1.0

The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.

5.0
2018-11-30 CVE-2018-7830 Schneider Electric HTTP Response Splitting vulnerability in Schneider-Electric products

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.

5.0
2018-11-30 CVE-2018-7811 Schneider Electric Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server

5.0
2018-11-30 CVE-2018-16476 Rubyonrails
Redhat
Deserialization of Untrusted Data vulnerability in multiple products

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.

5.0
2018-11-30 CVE-2018-15835 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

Android 1.0 through 9.0 has Insecure Permissions.

5.0
2018-11-29 CVE-2018-19748 Sdcms Path Traversal vulnerability in Sdcms 1.6

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal.

5.0
2018-11-29 CVE-2018-15980 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop CC

Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability.

5.0
2018-11-29 CVE-2018-15979 Adobe
Microsoft
Information Exposure vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability.

5.0
2018-11-29 CVE-2018-15978 Adobe
Apple
Linux
Microsoft
Google
Redhat
Out-of-bounds Read vulnerability in multiple products

Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability.

5.0
2018-11-29 CVE-2018-8789 Freerdp
Canonical
Debian
Out-of-bounds Read vulnerability in multiple products

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

5.0
2018-11-29 CVE-2018-14626 Powerdns Unspecified vulnerability in Powerdns Authoritative and Recursor

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

5.0
2018-11-29 CVE-2018-10851 Powerdns Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

5.0
2018-11-29 CVE-2018-19654 Scms Project
Sales Company Management System Project
Improper Input Validation vulnerability in Sales & Company Management System Project Sales & Company Management System 20180606

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06.

5.0
2018-11-28 CVE-2018-12122 Nodejs
Suse
Resource Exhaustion vulnerability in multiple products

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

5.0
2018-11-28 CVE-2018-12121 Nodejs
Redhat
Resource Exhaustion vulnerability in multiple products

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure.

5.0
2018-11-28 CVE-2018-12116 Nodejs
Suse
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
5.0
2018-11-28 CVE-2018-14747 Qnap NULL Pointer Dereference vulnerability in Qnap QTS

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.

5.0
2018-11-27 CVE-2018-7977 Huawei Information Exposure vulnerability in Huawei Fusionsphere Openstack 100R006C00

There is an information leakage vulnerability on several Huawei products.

5.0
2018-11-27 CVE-2018-13361 Terra Master Improper Input Validation vulnerability in Terra-Master Terramaster Operating System 3.1.03

User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.

5.0
2018-11-27 CVE-2018-13352 Terra Master Information Exposure vulnerability in Terra-Master Terramaster Operating System 3.1.03

Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.

5.0
2018-11-27 CVE-2018-13332 Terra Master Path Traversal vulnerability in Terra-Master Terramaster Operating System 3.1.03

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.

5.0
2018-11-27 CVE-2018-10142 Paloaltonetworks Information Exposure vulnerability in Paloaltonetworks Expedition 1.0.106

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.

5.0
2018-11-27 CVE-2018-13376 Fortinet Unspecified vulnerability in Fortinet Fortios

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

5.0
2018-11-26 CVE-2018-13319 Buffalo Information Exposure vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.

5.0
2018-11-26 CVE-2018-13315 Totolink Improper Input Validation vulnerability in Totolink A3002Ru Firmware 1.0.8

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

5.0
2018-11-26 CVE-2018-19548 Rudrasoftech Improper Restriction of Excessive Authentication Attempts vulnerability in Rudrasoftech Edusec

index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.

5.0
2018-11-26 CVE-2018-14646 Linux
Redhat
NULL Pointer Dereference vulnerability in Linux Kernel

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file.

4.9
2018-11-30 CVE-2018-1897 IBM
Linux
Microsoft
Out-of-bounds Write vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.

4.6
2018-11-29 CVE-2018-12239 Symantec Unspecified vulnerability in Symantec products

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection.

4.6
2018-11-29 CVE-2018-12238 Symantec Unspecified vulnerability in Symantec products

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection.

4.6
2018-11-28 CVE-2018-5918 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

4.6
2018-11-27 CVE-2018-6265 Nvidia
Microsoft
Unspecified vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.

4.6
2018-11-27 CVE-2018-6263 Nvidia
Microsoft
Unspecified vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.

4.6
2018-11-27 CVE-2018-5910 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers.

4.6
2018-11-27 CVE-2018-5909 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption.

4.6
2018-11-27 CVE-2018-5908 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying.

4.6
2018-11-27 CVE-2018-5906 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input before copying into buffer.

4.6
2018-11-27 CVE-2018-5904 Google Use After Free vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur.

4.6
2018-11-27 CVE-2018-5861 Google Incorrect Type Conversion or Cast vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.

4.6
2018-11-27 CVE-2018-11943 Google Improper Initialization vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers.

4.6
2018-11-27 CVE-2018-11919 Google Out-of-bounds Write vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure.

4.6
2018-11-27 CVE-2018-11918 Google Double Free vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code.

4.6
2018-11-27 CVE-2018-11823 Google Double Free vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module.

4.6
2018-11-27 CVE-2018-11266 Google Improper Input Validation vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client.

4.6
2018-11-27 CVE-2018-11260 Google Integer Overflow or Wraparound vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero.

4.6
2018-11-27 CVE-2017-11078 Google Out-of-bounds Read vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot.

4.6
2018-12-02 CVE-2018-19787 Lxml
Debian
Canonical
Cross-site Scripting vulnerability in multiple products

An issue was discovered in lxml before 4.2.5.

4.3
2018-12-01 CVE-2018-19785 PHP Proxy Cross-site Scripting vulnerability in PHP-Proxy

PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.

4.3
2018-11-30 CVE-2018-7831 Schneider Electric Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.

4.3
2018-11-30 CVE-2018-7810 Schneider Electric Cross-site Scripting vulnerability in Schneider-Electric products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.

4.3
2018-11-30 CVE-2018-16477 Rubyonrails Unspecified vulnerability in Rubyonrails Rails 5.2.0/5.2.1

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline.

4.3
2018-11-30 CVE-2018-0716 Qnap Cross-site Scripting vulnerability in Qnap QTS

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.

4.3
2018-11-30 CVE-2018-19763 Libsixel Project Out-of-bounds Read vulnerability in Libsixel Project Libsixel 1.8.2

There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.

4.3
2018-11-30 CVE-2018-19761 Libsixel Project Out-of-bounds Read vulnerability in Libsixel Project Libsixel 1.8.2

There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.

4.3
2018-11-30 CVE-2018-19759 Libsixel Project Out-of-bounds Read vulnerability in Libsixel Project Libsixel 1.8.2

There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.

4.3
2018-11-30 CVE-2018-19758 Libsndfile Project
Debian
Out-of-bounds Read vulnerability in multiple products

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.

4.3
2018-11-30 CVE-2018-19757 Libsixel Project NULL Pointer Dereference vulnerability in Libsixel Project Libsixel 1.8.2

There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.

4.3
2018-11-30 CVE-2018-19756 Libsixel Project Out-of-bounds Read vulnerability in Libsixel Project Libsixel 1.8.2

There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.

4.3
2018-11-30 CVE-2018-19755 Nasm Improper Input Validation vulnerability in Nasm Netwide Assembler 12.14

There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.

4.3
2018-11-29 CVE-2018-19527 I4 Cross-site Scripting vulnerability in I4 AI SI Assistant 7.85

i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.

4.3
2018-11-29 CVE-2018-19693 Tp5Cms Project Cross-site Scripting vulnerability in Tp5Cms Project Tp5Cms 20170315/20170525

An issue was discovered in tp5cms through 2017-05-25.

4.3
2018-11-29 CVE-2018-19664 Libjpeg Turbo Out-of-bounds Read vulnerability in Libjpeg-Turbo 2.0.1

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.

4.3
2018-11-29 CVE-2018-19661 Libsndfile Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in libsndfile 1.0.28.

4.3
2018-11-28 CVE-2018-12123 Nodejs Improper Input Validation vulnerability in Nodejs Node.Js

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g.

4.3
2018-11-28 CVE-2018-17156 Freebsd Out-of-bounds Write vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.

4.3
2018-11-28 CVE-2018-16857 Samba Improperly Implemented Security Check for Standard vulnerability in Samba 4.9.0/4.9.1/4.9.2

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all.

4.3
2018-11-28 CVE-2018-16853 Samba Resource Exhaustion vulnerability in Samba

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration.

4.3
2018-11-28 CVE-2018-19630 Openwrt Cross-site Scripting vulnerability in Openwrt Lede and Openwrt

cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.

4.3
2018-11-28 CVE-2018-19621 Showdoc Cross-Site Request Forgery (CSRF) vulnerability in Showdoc 2.4.2

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.

4.3
2018-11-27 CVE-2018-7961 Huawei Information Exposure vulnerability in Huawei Emily-Al00A Firmware 8.1.0.167(C00)

There is a smart SMS verification code vulnerability in some Huawei smart phones.

4.3
2018-11-27 CVE-2018-7959 Huawei Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei Espace 7950 Firmware V200R003C30

There is a short key vulnerability in Huawei eSpace product.

4.3
2018-11-27 CVE-2018-13360 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.

4.3
2018-11-27 CVE-2018-13349 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.

4.3
2018-11-27 CVE-2018-13333 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.

4.3
2018-11-27 CVE-2018-13331 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.

4.3
2018-11-27 CVE-2018-13334 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.

4.3
2018-11-27 CVE-2018-13329 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.

4.3
2018-11-27 CVE-2018-13022 MI Cross-site Scripting vulnerability in MI Miwifi OS 2.22.15

Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path.

4.3
2018-11-27 CVE-2018-0719 Qnap Cross-site Scripting vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc.

4.3
2018-11-27 CVE-2018-12241 Symantec Cross-site Scripting vulnerability in Symantec Security Analytics

The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability.

4.3
2018-11-27 CVE-2018-16096 Lenovo Cross-site Scripting vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.

4.3
2018-11-27 CVE-2018-16095 Lenovo Information Exposure Through Log Files vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.

4.3
2018-11-27 CVE-2018-16092 Lenovo Unspecified vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.

4.3
2018-11-27 CVE-2018-19607 Exiv2 NULL Pointer Dereference vulnerability in Exiv2 0.27

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

4.3
2018-11-27 CVE-2018-19587 Cesanta Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cesanta Mongoose 6.13

In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.

4.3
2018-11-26 CVE-2018-14663 Powerdns Improper Input Validation vulnerability in Powerdns Dnsdist

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist.

4.3
2018-11-26 CVE-2018-13323 Buffalo Cross-site Scripting vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.

4.3
2018-11-26 CVE-2018-13317 Totolink Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.

4.3
2018-11-26 CVE-2018-13312 Totolink Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.

4.3
2018-11-26 CVE-2018-13310 Totolink Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.

4.3
2018-11-26 CVE-2018-13309 Totolink Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.

4.3
2018-11-26 CVE-2018-13308 Totolink Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.

4.3
2018-11-26 CVE-2018-19568 Dcraw Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dcraw Project Dcraw 7.00/9.28

A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.

4.3
2018-11-26 CVE-2018-19567 Dcraw Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dcraw Project Dcraw 7.00/9.28

A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.

4.3
2018-11-26 CVE-2018-19564 Goldplugins Cross-site Scripting vulnerability in Goldplugins Easy Testimonials 3.2

Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress.

4.3
2018-11-26 CVE-2018-19556 Zblogcn Improper Input Validation vulnerability in Zblogcn Z-Blogphp 1.5

zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing.

4.3
2018-11-26 CVE-2018-19547 Jtbc Cross-site Scripting vulnerability in Jtbc PHP 3.0.1.7

JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.

4.3
2018-11-26 CVE-2018-19544 Jeecms Cross-Site Request Forgery (CSRF) vulnerability in Jeecms 9.3

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.

4.3
2018-11-26 CVE-2018-19542 Jasper Project
Canonical
Suse
Debian
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in JasPer 2.0.14.

4.3
2018-11-26 CVE-2018-19539 Jasper Project
Suse
Debian
Opensuse
Reachable Assertion vulnerability in multiple products

An issue was discovered in JasPer 2.0.14.

4.3
2018-11-30 CVE-2018-15768 Dell Incorrect Permission Assignment for Critical Resource vulnerability in Dell Openmanage Network Manager

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.

4.0
2018-11-30 CVE-2018-9072 Lenovo Improper Input Validation vulnerability in Lenovo Xclarity Integrator

In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.

4.0
2018-11-30 CVE-2018-16097 Lenovo Unrestricted Upload of File with Dangerous Type vulnerability in Lenovo Xclarity Integrator

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.

4.0
2018-11-30 CVE-2018-16093 Lenovo Unrestricted Upload of File with Dangerous Type vulnerability in Lenovo Xclarity Integrator

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.

4.0
2018-11-28 CVE-2018-5559 Rapid7 Cleartext Storage of Sensitive Information vulnerability in Rapid7 Komand

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel.

4.0
2018-11-28 CVE-2018-16851 Samba
Canonical
Debian
NULL Pointer Dereference vulnerability in multiple products

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service.

4.0
2018-11-28 CVE-2018-16841 Samba
Canonical
Debian
Double Free vulnerability in multiple products

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service.

4.0
2018-11-28 CVE-2018-14629 Samba
Canonical
Debian
Infinite Loop vulnerability in multiple products

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3.

4.0
2018-11-28 CVE-2018-19620 Showdoc Forced Browsing vulnerability in Showdoc 2.4.1

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

4.0
2018-11-27 CVE-2018-13355 Terra Master Incorrect Permission Assignment for Critical Resource vulnerability in Terra-Master Terramaster Operating System 3.1.03

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.

4.0
2018-11-27 CVE-2018-19609 Showdoc Information Exposure vulnerability in Showdoc 2.4.1

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.

4.0
2018-11-27 CVE-2018-9084 Lenovo Unspecified vulnerability in Lenovo System Management Module Firmware

In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.

4.0
2018-11-26 CVE-2018-13322 Buffalo Path Traversal vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.

4.0

20 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-11-27 CVE-2018-7988 Huawei Incorrect Authorization vulnerability in Huawei Mate 9 PRO Firmware and Nova 2 Plus Firmware

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones.

3.6
2018-11-26 CVE-2017-1418 IBM Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker

IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files.

3.6
2018-11-29 CVE-2018-19752 Domainmod Cross-site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.

3.5
2018-11-29 CVE-2018-19751 Domainmod Cross-site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.

3.5
2018-11-29 CVE-2018-19750 Domainmod Cross-site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.

3.5
2018-11-29 CVE-2018-19749 Domainmod Cross-site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.

3.5
2018-11-29 CVE-2018-1762 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting.

3.5
2018-11-28 CVE-2018-1584 IBM Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.

3.5
2018-11-28 CVE-2018-16852 Samba NULL Pointer Dereference vulnerability in Samba 4.9.0/4.9.1/4.9.2

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference.

3.5
2018-11-27 CVE-2018-13357 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.

3.5
2018-11-27 CVE-2018-13351 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.

3.5
2018-11-27 CVE-2018-13335 Terra Master Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.

3.5
2018-11-27 CVE-2018-17256 Umbraco Cross-site Scripting vulnerability in Umbraco CMS 7.12.3

Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.).

3.5
2018-11-26 CVE-2018-18807 Tibco Cross-site Scripting vulnerability in Tibco Statistica Server 13.3.0/13.4.0

The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks.

3.5
2018-11-26 CVE-2018-11076 Dell
Vmware
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability.
3.3
2018-11-30 CVE-2018-1928 IBM Unspecified vulnerability in IBM Storediq

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user.

2.1
2018-11-29 CVE-2018-16859 Redhat Information Exposure Through Log Files vulnerability in Redhat Ansible Engine

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext.

2.1
2018-11-27 CVE-2018-6266 Nvidia
Microsoft
Information Exposure vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.

2.1
2018-11-26 CVE-2018-16862 Linux
Redhat
Canonical
Debian
Information Exposure vulnerability in Linux Kernel

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal).

2.1
2018-11-27 CVE-2018-7946 Huawei Information Exposure vulnerability in Huawei Honor 7A Firmware and Honor 9 Lite Firmware

There is an information leak vulnerability in some Huawei smartphones.

1.9