Weekly Vulnerabilities Reports > December 3 to 9, 2018

Overview

306 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 408 products from 96 vendors including Google, Debian, Redhat, Canonical, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Out-of-bounds Write", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "OS Command Injection".

  • 250 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 93 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 238 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 57 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

32 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-07 CVE-2018-7364 ZTE Improper Access Control vulnerability in ZTE Zxin10

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability.

10.0
2018-12-07 CVE-2018-11905 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.

10.0
2018-12-06 CVE-2018-9556 Google Integer Overflow OR Wraparound vulnerability in Google Android 9.0

In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow.

10.0
2018-12-05 CVE-2018-19864 Nuuo Improper Input Validation vulnerability in Nuuo Nvrmini2 Firmware

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.

10.0
2018-12-04 CVE-2018-17160 Freebsd Out-Of-Bounds Write vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution.

10.0
2018-12-04 CVE-2018-12313 Asustor OS Command Injection vulnerability in Asustor Data Master 3.1.1

OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.

10.0
2018-12-04 CVE-2018-17157 Freebsd Integer Overflow OR Wraparound vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request.

10.0
2018-12-03 CVE-2018-14706 Drobo OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.

10.0
2018-12-03 CVE-2018-7114 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Intelligent Management Center

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution.

10.0
2018-12-07 CVE-2018-9577 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9576 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9575 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9574 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9573 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9572 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9571 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9570 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check.

9.3
2018-12-07 CVE-2018-9569 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check.

9.3
2018-12-07 CVE-2018-7066 Arubanetworks Unspecified vulnerability in Arubanetworks Clearpass Policy Manager

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices.

9.3
2018-12-06 CVE-2018-9553 Google Double Free vulnerability in Google Android

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value.

9.3
2018-12-06 CVE-2018-9551 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check.

9.3
2018-12-06 CVE-2018-9550 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check.

9.3
2018-12-06 CVE-2018-9549 Google Out-Of-Bounds Write vulnerability in Google Android

In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check.

9.3
2018-12-03 CVE-2018-16863 Artifex
Redhat
OS Command Injection vulnerability in multiple products

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509.

9.3
2018-12-06 CVE-2018-19660 Moxa OS Command Injection vulnerability in Moxa Nport W2X50A Firmware

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.

9.0
2018-12-06 CVE-2018-19659 Moxa OS Command Injection vulnerability in Moxa Nport W2X50A Firmware

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.

9.0
2018-12-06 CVE-2018-19908 Misp OS Command Injection vulnerability in Misp

An issue was discovered in MISP 2.4.9x before 2.4.99.

9.0
2018-12-04 CVE-2018-12317 Asustor OS Command Injection vulnerability in Asustor Data Master 3.1.1

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.

9.0
2018-12-04 CVE-2018-12316 Asustor OS Command Injection vulnerability in Asustor Data Master 3.1.1

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.

9.0
2018-12-04 CVE-2018-12312 Asustor OS Command Injection vulnerability in Asustor Data Master 3.1.1

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.

9.0
2018-12-04 CVE-2018-12307 Asustor OS Command Injection vulnerability in Asustor Data Master 3.1.1

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.

9.0
2018-12-03 CVE-2018-19788 Polkit Project
Debian
Canonical
Improper Input Validation vulnerability in multiple products

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

9.0

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-06 CVE-2018-9555 Google Out-Of-Bounds Write vulnerability in Google Android

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check.

8.3
2018-12-08 CVE-2018-19980 Anker Improper Input Validation vulnerability in Anker products

Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.

7.8
2018-12-07 CVE-2018-17924 Rockwellautomation Missing Authentication FOR Critical Function vulnerability in Rockwellautomation products

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode.

7.8
2018-12-04 CVE-2018-12314 Asustor Path Traversal vulnerability in Asustor Data Master 3.1.1

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.

7.8
2018-12-04 CVE-2018-17159 Freebsd Resource Exhaustion vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request.

7.8
2018-12-04 CVE-2018-17158 Freebsd Integer Overflow OR Wraparound vulnerability in Freebsd

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request.

7.8
2018-12-03 CVE-2018-14707 Drobo Path Traversal vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.

7.8
2018-12-06 CVE-2018-19911 Freeswitch Command Injection vulnerability in Freeswitch

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI.

7.6
2018-12-07 CVE-2018-9578 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check.

7.5
2018-12-07 CVE-2018-18314 Perl
Canonical
Debian
Netapp
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

7.5
2018-12-07 CVE-2018-18311 Perl
Canonical
Debian
Netapp
Redhat
Apple
Fedoraproject
Mcafee
Integer Overflow OR Wraparound vulnerability in multiple products

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

7.5
2018-12-06 CVE-2018-19925 Sales Company Management System Project SQL Injection vulnerability in Sales & Company Management System Project Sales & Company Management System

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06.

7.5
2018-12-06 CVE-2018-19893 Pbootcms SQL Injection vulnerability in Pbootcms 1.2.1

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.

7.5
2018-12-05 CVE-2018-18312 Perl
Canonical
Debian
Redhat
Netapp
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

7.5
2018-12-05 CVE-2018-1002105 Kubernetes
Redhat
Netapp
7PK - Remote Privilege Escalation vulnerability in Kubernetes

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

7.5
2018-12-05 CVE-2018-1002101 Kubernetes Unspecified vulnerability in Kubernetes

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

7.5
2018-12-04 CVE-2018-18843 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.

7.5
2018-12-03 CVE-2018-14708 Drobo Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.

7.5
2018-12-03 CVE-2018-14701 Drobo OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

7.5
2018-12-03 CVE-2018-14699 Drobo OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

7.5
2018-12-08 CVE-2018-19966 XEN
Debian
Interpretation Conflict vulnerability in multiple products

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging.

7.2
2018-12-07 CVE-2018-9518 Google
Canonical
Out-Of-Bounds Write vulnerability in multiple products

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check.

7.2
2018-12-07 CVE-2018-9517 Google USE After Free vulnerability in Google Android

In pppol2tp_connect, there is possible memory corruption due to a use after free.

7.2
2018-12-06 CVE-2018-9568 Google
Canonical
Redhat
Incorrect Type Conversion OR Cast vulnerability in multiple products

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion.

7.2
2018-12-06 CVE-2018-9567 Google Unspecified vulnerability in Google Android

On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys.

7.2
2018-12-06 CVE-2018-9558 Google Out-Of-Bounds Write vulnerability in Google Android

In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check.

7.2
2018-12-06 CVE-2018-9557 Google Release of Invalid Pointer OR Reference vulnerability in Google Android 7.0/7.1.1/7.1.2

In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data.

7.2
2018-12-06 CVE-2018-9547 Google Improper Input Validation vulnerability in Google Android 8.1/9.0

In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation.

7.2
2018-12-06 CVE-2018-9538 Google Out-Of-Bounds Read vulnerability in Google Android 8.1/9.0

In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check.

7.2
2018-12-05 CVE-2018-19650 Antiy Out-Of-Bounds Write vulnerability in Antiy Anti Virus LAB Atool 1.0.0.22

Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22.

7.2
2018-12-04 CVE-2018-6981 Vmware
Apple
USE of Uninitialized Resource vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.

7.2
2018-12-03 CVE-2018-6439 Brocade Unspecified vulnerability in Brocade Fabric OS

A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

7.2
2018-12-03 CVE-2018-7113 HP Unspecified vulnerability in HP Integrated Lights-Out 5 Firmware

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.

7.2
2018-12-03 CVE-2018-19795 Chipsbank Insufficiently Protected Credentials vulnerability in Chipsbank Umptool

ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.

7.2
2018-12-07 CVE-2018-5816 Libraw
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).

7.1
2018-12-07 CVE-2018-5815 Libraw
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

7.1
2018-12-07 CVE-2018-5813 Libraw
Canonical
Infinite Loop vulnerability in multiple products

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

7.1

194 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-08 CVE-2018-19963 XEN Reachable Assertion vulnerability in XEN 4.11.0

An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.

6.9
2018-12-08 CVE-2018-19962 XEN
Debian
Citrix
Information Exposure vulnerability in multiple products

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

6.9
2018-12-08 CVE-2018-19961 XEN
Debian
Citrix
Incomplete Cleanup vulnerability in multiple products

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

6.9
2018-12-07 CVE-2018-9519 Google Race Condition vulnerability in Google Android

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition.

6.9
2018-12-07 CVE-2018-5810 Libraw
Canonical
Out-Of-Bounds Write vulnerability in multiple products

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

6.8
2018-12-07 CVE-2018-5809 Libraw Out-Of-Bounds Write vulnerability in Libraw

An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.

6.8
2018-12-07 CVE-2018-5808 Libraw
Debian
Out-Of-Bounds Write vulnerability in multiple products

An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.

6.8
2018-12-07 CVE-2018-5807 Libraw
Canonical
Out-Of-Bounds Read vulnerability in multiple products

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

6.8
2018-12-07 CVE-2018-5805 Libraw
Redhat
Out-Of-Bounds Write vulnerability in multiple products

A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.

6.8
2018-12-07 CVE-2018-5802 Libraw
Redhat
Canonical
Debian
Out-Of-Bounds Read vulnerability in multiple products

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

6.8
2018-12-07 CVE-2017-16909 Libraw
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

6.8
2018-12-07 CVE-2018-7063 Arubanetworks XXE vulnerability in Arubanetworks Clearpass Policy Manager

In Aruba ClearPass, disabled API admins can still perform read/write operations.

6.8
2018-12-07 CVE-2018-19931 GNU
Netapp
Out-Of-Bounds Write vulnerability in multiple products

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.

6.8
2018-12-06 CVE-2018-19923 Sales Company Management System Project Cross-Site Request Forgery (CSRF) vulnerability in Sales & Company Management System Project Sales & Company Management System

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06.

6.8
2018-12-06 CVE-2018-16601 Amazon Integer Underflow (Wrap OR Wraparound) vulnerability in Amazon web Services Freertos and Freertos

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.

6.8
2018-12-06 CVE-2018-16528 Amazon Improper Input Validation vulnerability in Amazon web Services Freertos

Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.

6.8
2018-12-06 CVE-2018-16526 Amazon Unspecified vulnerability in Amazon web Services Freertos and Freertos

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.

6.8
2018-12-06 CVE-2018-16525 Amazon Unspecified vulnerability in Amazon web Services Freertos and Freertos

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.

6.8
2018-12-06 CVE-2018-16522 Amazon Access of Uninitialized Pointer vulnerability in Amazon web Services Freertos

Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.

6.8
2018-12-05 CVE-2018-1002103 Kubernetes Cross-Site Request Forgery (CSRF) vulnerability in Kubernetes Minikube

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000.

6.8
2018-12-04 CVE-2018-18993 Omron Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Omron Cx-One, Cx-Programmer and Cx-Server

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior).

6.8
2018-12-04 CVE-2018-18989 Omron USE After Free vulnerability in Omron Cx-One, Cx-Programmer and Cx-Server

In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory.

6.8
2018-12-04 CVE-2018-6152 Google
Redhat
Debian
Unrestricted Upload of File With Dangerous Type vulnerability in Google Chrome

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

6.8
2018-12-04 CVE-2018-6094 Google
Redhat
Debian
Out-Of-Bounds Write vulnerability in multiple products

Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.8
2018-12-04 CVE-2018-6092 Google
Redhat
Debian
Integer Overflow OR Wraparound vulnerability in Google Chrome

An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

6.8
2018-12-04 CVE-2018-6090 Google
Redhat
Debian
Integer Overflow OR Wraparound vulnerability in Google Chrome

An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

6.8
2018-12-04 CVE-2018-6088 Google
Redhat
Debian
Improper Input Validation vulnerability in Google Chrome

An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

6.8
2018-12-04 CVE-2018-6087 Google
Redhat
Debian
USE After Free vulnerability in Google Chrome

A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

6.8
2018-12-04 CVE-2018-6086 Google
Redhat
Debian
USE After Free vulnerability in Google Chrome

A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

6.8
2018-12-04 CVE-2018-6085 Google
Redhat
Debian
USE After Free vulnerability in Google Chrome

Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

6.8
2018-12-04 CVE-2018-11347 Yunohost Http Response Splitting vulnerability in Yunohost

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection.

6.8
2018-12-04 CVE-2018-16634 Pluck CMS Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.7

Pluck v4.7.7 allows CSRF via admin.php?action=settings.

6.8
2018-12-03 CVE-2018-19827 Sass Lang USE After Free vulnerability in Sass-Lang Libsass 3.5.5

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

6.8
2018-12-03 CVE-2018-1840 IBM Exposure of Resource TO Wrong Sphere vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server.

6.8
2018-12-07 CVE-2018-7079 Arubanetworks Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager

Aruba ClearPass Policy Manager guest authorization failure.

6.5
2018-12-07 CVE-2018-7067 Arubanetworks Improper Authentication vulnerability in Arubanetworks Clearpass Policy Manager

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise.

6.5
2018-12-07 CVE-2018-7065 Arubanetworks SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation.

6.5
2018-12-06 CVE-2018-19907 Craftercms OS Command Injection vulnerability in Craftercms Crafter CMS

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18.

6.5
2018-12-06 CVE-2018-19898 Thinkcmf SQL Injection vulnerability in Thinkcmf X2.2.2

ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.

6.5
2018-12-06 CVE-2018-19897 Thinkcmf SQL Injection vulnerability in Thinkcmf X2.2.2

ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.

6.5
2018-12-06 CVE-2018-19896 Thinkcmf SQL Injection vulnerability in Thinkcmf X2.2.2

ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.

6.5
2018-12-06 CVE-2018-19895 Thinkcmf SQL Injection vulnerability in Thinkcmf X2.2.2

ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.

6.5
2018-12-06 CVE-2018-19894 Thinkcmf SQL Injection vulnerability in Thinkcmf X2.2.2

ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.

6.5
2018-12-05 CVE-2018-19754 Oracle Missing Authorization vulnerability in Oracle Tarantella Enterprise

Tarantella Enterprise before 3.11 allows bypassing Access Control.

6.5
2018-12-04 CVE-2018-18646 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

6.5
2018-12-04 CVE-2018-19853 Hitshop Project Improper Privilege Management vulnerability in Hitshop Project Hitshop 20140715

An issue was discovered in hitshop through 2014-07-15.

6.5
2018-12-03 CVE-2018-4021 Netgate OS Command Injection vulnerability in Netgate Pfsense 2.4.4

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request.

6.5
2018-12-03 CVE-2018-4020 Netgate OS Command Injection vulnerability in Netgate Pfsense 2.4.4

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request.

6.5
2018-12-03 CVE-2018-4019 Netgate OS Command Injection vulnerability in Netgate Pfsense 2.4.4

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request.

6.5
2018-12-03 CVE-2018-1002000 Kibokolabs SQL Injection vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit.

6.5
2018-12-03 CVE-2018-19793 Jiacrontab Project Unspecified vulnerability in Jiacrontab Project Jiacrontab 1.4.5

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.

6.5
2018-12-07 CVE-2018-18313 Perl
Canonical
Debian
Redhat
Netapp
Apple
Out-Of-Bounds Read vulnerability in multiple products

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

6.4
2018-12-07 CVE-2018-15362 GE XXE vulnerability in GE Cimplicity 10.0/9.0R2/9.5

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0

6.4
2018-12-05 CVE-2018-16792 Solarwinds XXE vulnerability in Solarwinds Sftp/Scp Server 20180910

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

6.4
2018-12-05 CVE-2018-19857 Videolan
Debian
Access of Uninitialized Pointer vulnerability in multiple products

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative.

6.4
2018-12-03 CVE-2018-6440 Brocade Unspecified vulnerability in Brocade Fabric OS

A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.

6.4
2018-12-09 CVE-2018-19983 Silabs USE of Insufficiently Random Values vulnerability in Silabs Z-Wave S0 Firmware and Z-Wave S2 Firmware

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices.

6.1
2018-12-06 CVE-2018-16523 Amazon Divide BY Zero vulnerability in Amazon web Services Freertos and Freertos

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.

5.8
2018-12-05 CVE-2017-1622 IBM Improper Certificate Validation vulnerability in IBM Qradar Incident Forensics

IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate.

5.8
2018-12-03 CVE-2018-19796 Ninjaforms Open Redirect vulnerability in Ninjaforms Ninja Forms

An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.

5.8
2018-12-07 CVE-2018-1920 IBM XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2

IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-12-07 CVE-2018-1424 IBM XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2

IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-12-05 CVE-2018-1730 IBM XXE vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-12-04 CVE-2018-18647 Gitlab Missing Authorization vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

5.5
2018-12-07 CVE-2018-7080 Arubanetworks Unspecified vulnerability in Arubanetworks products

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points.

5.4
2018-12-04 CVE-2018-6101 Redhat
Debian
Google
Improper Input Validation vulnerability in multiple products

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.

5.1
2018-12-07 CVE-2018-1883 IBM Unspecified vulnerability in IBM MQ

A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API.

5.0
2018-12-07 CVE-2018-19939 Xiaomi Null Pointer Dereference vulnerability in Xiaomi MI A2 Lite Firmware and Redmi 6 Firmware

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.

5.0
2018-12-07 CVE-2018-19935 PHP
Debian
Null Pointer Dereference vulnerability in PHP

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

5.0
2018-12-06 CVE-2018-9565 Google Out-Of-Bounds Read vulnerability in Google Android 9.0

In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow.

5.0
2018-12-06 CVE-2018-9562 Google Out-Of-Bounds Read vulnerability in Google Android 9.0

In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size.

5.0
2018-12-05 CVE-2018-19753 Oracle Path Traversal vulnerability in Oracle Tarantella Enterprise

Tarantella Enterprise before 3.11 allows Directory Traversal.

5.0
2018-12-05 CVE-2018-16791 Solarwinds Insufficiently Protected Credentials vulnerability in Solarwinds Sftp/Scp Server

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts.

5.0
2018-12-05 CVE-2018-1732 IBM Information Exposure vulnerability in IBM Qradar Advisor With Watson

IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users.

5.0
2018-12-05 CVE-2018-1648 IBM Inadequate Encryption Strength vulnerability in IBM Qradar Incident Forensics

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2018-12-05 CVE-2018-19865 QT
Opensuse
Information Exposure Through LOG Files vulnerability in multiple products

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

5.0
2018-12-04 CVE-2018-18648 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

5.0
2018-12-04 CVE-2018-18641 Gitlab Cleartext Storage of Sensitive Information vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

5.0
2018-12-04 CVE-2018-17975 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2.

5.0
2018-12-04 CVE-2018-17939 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2.

5.0
2018-12-04 CVE-2018-7956 Huawei Unspecified vulnerability in Huawei products

Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20.

5.0
2018-12-04 CVE-2018-12319 Asustor Cross-Site Scripting vulnerability in Asustor Data Master 3.1.1

Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.

5.0
2018-12-04 CVE-2018-12309 Asustor Path Traversal vulnerability in Asustor Data Master 3.1.1

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter.

5.0
2018-12-04 CVE-2018-12306 Asustor Path Traversal vulnerability in Asustor Data Master 3.1.1

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.

5.0
2018-12-04 CVE-2018-19591 GNU
Fedoraproject
Improper Input Validation vulnerability in multiple products

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed.

5.0
2018-12-04 CVE-2018-16478 Simplehttpserver Project Path Traversal vulnerability in Simplehttpserver Project Simplehttpserver

A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.

5.0
2018-12-03 CVE-2018-14709 Drobo Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.

5.0
2018-12-03 CVE-2018-14703 Drobo Incorrect Permission Assignment for Critical Resource vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.

5.0
2018-12-03 CVE-2018-14702 Drobo Information Exposure vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.

5.0
2018-12-03 CVE-2018-14700 Drobo Information Exposure Through LOG Files vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter.

5.0
2018-12-03 CVE-2018-14696 Drobo Information Exposure vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.

5.0
2018-12-03 CVE-2018-14695 Drobo Information Exposure vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter.

5.0
2018-12-03 CVE-2018-7116 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Intelligent Management Center

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'.

5.0
2018-12-03 CVE-2018-7115 HP
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Intelligent Management Center

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows.

5.0
2018-12-03 CVE-2018-16855 Powerdns Out-Of-Bounds Read vulnerability in Powerdns Recursor

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.

5.0
2018-12-08 CVE-2018-19967 XEN
Debian
Improper Input Validation vulnerability in multiple products

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.

4.9
2018-12-08 CVE-2018-19964 XEN Unspecified vulnerability in XEN 4.11.0/4.11.1

An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.

4.9
2018-12-05 CVE-2018-15773 Dell Information Exposure vulnerability in Dell Data Protection | Encryption

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability.

4.9
2018-12-04 CVE-2018-6982 Vmware
Apple
USE of Uninitialized Resource vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.

4.9
2018-12-03 CVE-2018-7112 HP Unspecified vulnerability in HP products

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information.

4.9
2018-12-08 CVE-2018-19965 XEN
Citrix
Debian
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code.
4.7
2018-12-07 CVE-2018-19001 Philips Inadequate Encryption Strength vulnerability in Philips Healthsuite Health

Philips HealthSuite Health Android App, all versions.

4.6
2018-12-07 CVE-2017-14888 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.

4.6
2018-12-06 CVE-2018-6757 Mcafee
Microsoft
Unspecified vulnerability in Mcafee True KEY

Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.

4.6
2018-12-06 CVE-2018-6756 Mcafee
Microsoft
Unspecified vulnerability in Mcafee True KEY

Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.

4.6
2018-12-06 CVE-2018-6755 Mcafee
Microsoft
Incorrect Permission Assignment FOR Critical Resource vulnerability in Mcafee True KEY

Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.

4.6
2018-12-06 CVE-2018-9560 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check.

4.6
2018-12-06 CVE-2018-9559 Google Out-Of-Bounds Write vulnerability in Google Android

In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error.

4.6
2018-12-05 CVE-2018-1941 IBM Improper Privilege Management vulnerability in IBM Campaign

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions.

4.6
2018-12-04 CVE-2018-0468 Cisco USE of Hard-Coded Credentials vulnerability in Cisco Energy Management Suite 5.2

A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data.

4.6
2018-12-03 CVE-2018-19824 Linux
Canonical
Debian
USE After Free vulnerability in Linux Kernel

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

4.6
2018-12-03 CVE-2018-19792 Litespeedtech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Litespeedtech Openlitespeed

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.

4.6
2018-12-07 CVE-2018-19960 Onionshare Improper Input Validation vulnerability in Onionshare

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.

4.4
2018-12-06 CVE-2018-15332 F5
Apple
Linux
Race Condition vulnerability in F5 products

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

4.4
2018-12-09 CVE-2018-19653 Hashicorp Cryptographic Issues vulnerability in Hashicorp Consul

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented.

4.3
2018-12-07 CVE-2018-5812 Libraw
Canonical
Null Pointer Dereference vulnerability in multiple products

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

4.3
2018-12-07 CVE-2018-5811 Libraw
Canonical
Out-Of-Bounds Read vulnerability in multiple products

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

4.3
2018-12-07 CVE-2018-5806 Libraw
Redhat
Null Pointer Dereference vulnerability in multiple products

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.

4.3
2018-12-07 CVE-2018-5804 Libraw Incorrect Type Conversion OR Cast vulnerability in Libraw

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.

4.3
2018-12-07 CVE-2018-5801 Libraw
Redhat
Canonical
Debian
Null Pointer Dereference vulnerability in multiple products

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

4.3
2018-12-07 CVE-2018-5800 Libraw
Redhat
Canonical
Debian
Off-By-One Error vulnerability in multiple products

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

4.3
2018-12-07 CVE-2017-16910 Libraw
Canonical
Out-Of-Bounds Read vulnerability in multiple products

An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

4.3
2018-12-07 CVE-2018-1663 IBM Information Exposure vulnerability in IBM Datapower Gateway

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2018-12-07 CVE-2018-19932 GNU
Netapp
Integer Overflow OR Wraparound vulnerability in multiple products

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.

4.3
2018-12-06 CVE-2018-19926 Zenitel Cross-Site Scripting vulnerability in Zenitel Ip-Stationweb Firmware

Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.

4.3
2018-12-06 CVE-2018-19924 Sales Company Management System Project Cross-Site Scripting vulnerability in Sales & Company Management System Project Sales & Company Management System

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06.

4.3
2018-12-06 CVE-2018-16603 Amazon Information Exposure vulnerability in Amazon web Services Freertos and Freertos

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.

4.3
2018-12-06 CVE-2018-16602 Amazon Information Exposure vulnerability in Amazon web Services Freertos and Freertos

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.

4.3
2018-12-06 CVE-2018-16600 Amazon Information Exposure vulnerability in Amazon web Services Freertos and Freertos

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.

4.3
2018-12-06 CVE-2018-16599 Amazon Information Exposure vulnerability in Amazon web Services Freertos and Freertos

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.

4.3
2018-12-06 CVE-2018-16598 Amazon Confused Deputy vulnerability in Amazon web Services Freertos and Freertos

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component.

4.3
2018-12-06 CVE-2018-16527 Amazon Information Exposure vulnerability in Amazon web Services Freertos and Freertos

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.

4.3
2018-12-06 CVE-2018-16524 Amazon Information Exposure vulnerability in Amazon web Services Freertos and Freertos

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.

4.3
2018-12-06 CVE-2018-19922 Actiontec Cross-Site Scripting vulnerability in Actiontec C1000A Firmware

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.

4.3
2018-12-06 CVE-2018-19921 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Opmanager

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.

4.3
2018-12-06 CVE-2018-18362 Symantec Cross-Site Scripting vulnerability in Symantec Norton Password Manager

Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.

4.3
2018-12-06 CVE-2018-9552 Google Out-Of-Bounds Write vulnerability in Google Android

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check.

4.3
2018-12-06 CVE-2018-1525 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM I2 Enterprise Insight Analysis 2.1.7/2.1.8

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2018-12-06 CVE-2018-1504 IBM Improper Input Validation vulnerability in IBM I2 Enterprise Insight Analysis 2.1.7/2.1.8

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim.

4.3
2018-12-06 CVE-2018-19891 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Coder 1.29.9.2

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2.

4.3
2018-12-06 CVE-2018-19890 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Coder 1.29.9.2

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2.

4.3
2018-12-06 CVE-2018-19889 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Coder 1.29.9.2

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2.

4.3
2018-12-06 CVE-2018-19888 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Coder 1.29.9.2

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2.

4.3
2018-12-06 CVE-2018-19887 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Coder 1.29.9.2

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2.

4.3
2018-12-06 CVE-2018-19886 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Coder 1.29.9.2

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2.

4.3
2018-12-06 CVE-2018-19882 Artifex Null Pointer Dereference vulnerability in Artifex Mupdf 1.14.0

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.

4.3
2018-12-06 CVE-2018-19881 Artifex Resource Exhaustion vulnerability in Artifex Mupdf 1.14.0

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

4.3
2018-12-05 CVE-2018-19877 Adiscon Cross-Site Scripting vulnerability in Adiscon Loganalyzer

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.

4.3
2018-12-05 CVE-2018-19876 Cairographics USE After Free vulnerability in Cairographics Cairo 1.16.0

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

4.3
2018-12-05 CVE-2018-19786 Hashicorp Information Exposure Through LOG Files vulnerability in Hashicorp Vault

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.

4.3
2018-12-04 CVE-2018-18645 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

4.3
2018-12-04 CVE-2018-18642 Gitlab Cross-Site Scripting vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

4.3
2018-12-04 CVE-2018-18991 Spidercontrol Cross-Site Scripting vulnerability in Spidercontrol Scada Webserver

Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser.

4.3
2018-12-04 CVE-2018-7987 Huawei Out-Of-Bounds Write vulnerability in Huawei P20 Firmware

There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00).

4.3
2018-12-04 CVE-2018-6116 Google
Redhat
Debian
Null Pointer Dereference vulnerability in Google Chrome

A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

4.3
2018-12-04 CVE-2018-6115 Google Improper Input Validation vulnerability in Google Chrome

Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.

4.3
2018-12-04 CVE-2018-6108 Redhat
Debian
Google
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
4.3
2018-12-04 CVE-2018-6107 Redhat
Debian
Google
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
4.3
2018-12-04 CVE-2018-6105 Redhat
Debian
Google
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
4.3
2018-12-04 CVE-2018-6104 Redhat
Debian
Google
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
4.3
2018-12-04 CVE-2018-6103 Redhat
Debian
Google
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
4.3
2018-12-04 CVE-2018-6102 Redhat
Debian
Google
Improper Input Validation vulnerability in multiple products

Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

4.3
2018-12-04 CVE-2018-6099 Redhat
Debian
Google
Information Exposure vulnerability in multiple products

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

4.3
2018-12-04 CVE-2018-6098 Redhat
Debian
Google
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
4.3
2018-12-04 CVE-2018-6095 Redhat
Debian
Google
Information Exposure vulnerability in multiple products

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.

4.3
2018-12-04 CVE-2018-6089 Google
Redhat
Debian
Improper Input Validation vulnerability in Google Chrome

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

4.3
2018-12-04 CVE-2018-12305 Asustor Cross-Site Scripting vulnerability in Asustor Data Master 3.1.1

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.

4.3
2018-12-04 CVE-2018-19843 Radare Out-Of-Bounds Read vulnerability in Radare Radare2

opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.

4.3
2018-12-04 CVE-2018-19842 Radare Out-Of-Bounds Read vulnerability in Radare Radare2

getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.

4.3
2018-12-04 CVE-2018-19841 Wavpack
Canonical
Fedoraproject
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

4.3
2018-12-04 CVE-2018-19840 Wavpack
Canonical
Fedoraproject
Opensuse
Infinite Loop vulnerability in multiple products

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

4.3
2018-12-04 CVE-2018-19839 Sass Lang Out-Of-Bounds Read vulnerability in Sass-Lang Libsass

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

4.3
2018-12-04 CVE-2018-19838 Sass Lang Resource Exhaustion vulnerability in Sass-Lang Libsass

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

4.3
2018-12-04 CVE-2018-19837 Sass Lang Resource Exhaustion vulnerability in Sass-Lang Libsass

In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.

4.3
2018-12-03 CVE-2018-14704 Drobo Cross-Site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.

4.3
2018-12-03 CVE-2018-14698 Drobo Cross-Site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.

4.3
2018-12-03 CVE-2018-14697 Drobo Cross-Site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115

Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.

4.3
2018-12-03 CVE-2018-19836 Metinfo Improper Control of Dynamically-Managed Code Resources vulnerability in Metinfo 6.1.3

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value.

4.3
2018-12-03 CVE-2018-19835 Metinfo Cross-Site Scripting vulnerability in Metinfo 6.1.3

Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.

4.3
2018-12-03 CVE-2018-19826 Sass Lang Infinite Loop vulnerability in Sass-Lang Libsass 3.5.5

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters.

4.3
2018-12-03 CVE-2018-6332 Facebook Data Processing Errors vulnerability in Facebook Hhvm

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources.

4.3
2018-12-03 CVE-2018-19797 Sass Lang Null Pointer Dereference vulnerability in Sass-Lang Libsass 3.5.5

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

4.3
2018-12-03 CVE-2018-19794 Internet2 Cross-Site Scripting vulnerability in Internet2 Grouper 2.2/2.3

Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter.

4.3
2018-12-06 CVE-2018-1935 IBM Information Exposure vulnerability in IBM Connections 5.0/5.5/6.0

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages.

4.0
2018-12-05 CVE-2018-15797 Pivotal Software Information Exposure Through LOG Files vulnerability in Pivotal Software Cloud Foundry NFS Volume

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand.

4.0
2018-12-05 CVE-2018-1697 IBM Information Exposure vulnerability in IBM Maximo Asset Management 7.6

IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request.

4.0
2018-12-05 CVE-2018-19859 Openrefine Path Traversal vulnerability in Openrefine

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.

4.0
2018-12-04 CVE-2018-18644 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

4.0
2018-12-04 CVE-2018-18640 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.

4.0
2018-12-04 CVE-2018-17976 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2.

4.0
2018-12-04 CVE-2018-12318 Asustor Information Exposure vulnerability in Asustor Data Master 3.1.1

Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.

4.0
2018-12-04 CVE-2018-12315 Asustor Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.

4.0
2018-12-04 CVE-2018-12308 Asustor Information Exposure vulnerability in Asustor Data Master 3.1.1

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.

4.0
2018-12-03 CVE-2018-19791 Litespeedtech Improper Input Validation vulnerability in Litespeedtech Openlitespeed

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

4.0

43 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-03 CVE-2018-3854 Intuit Information Exposure vulnerability in Intuit Quicken 2018 5.2.2

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2.

3.6
2018-12-07 CVE-2018-16861 Theforeman Cross-Site Scripting vulnerability in Theforeman Foreman

A cross-site scripting (XSS) flaw was found in the foreman component of satellite.

3.5
2018-12-07 CVE-2018-1896 IBM Injection vulnerability in IBM Connections 5.0/5.5/6.0

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.

3.5
2018-12-06 CVE-2018-19927 Zenitel Cross-Site Scripting vulnerability in Zenitel Ip-Stationweb Firmware

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter.

3.5
2018-12-06 CVE-2018-19919 Pixelimity Cross-Site Scripting vulnerability in Pixelimity 1.0

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.

3.5
2018-12-06 CVE-2018-19915 Domainmod Cross-Site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.

3.5
2018-12-06 CVE-2018-19914 Domainmod Cross-Site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.

3.5
2018-12-06 CVE-2018-19913 Domainmod Cross-Site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.

3.5
2018-12-06 CVE-2018-1871 IBM Cross-Site Scripting vulnerability in IBM Financial Transaction Manager

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting.

3.5
2018-12-06 CVE-2018-19892 Domainmod Cross-Site Scripting vulnerability in Domainmod

DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.

3.5
2018-12-05 CVE-2018-1728 IBM Cross-Site Scripting vulnerability in IBM Qradar Incident Forensics

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting.

3.5
2018-12-04 CVE-2018-12311 Asustor Cross-Site Scripting vulnerability in Asustor Data Master 3.1.1

Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.

3.5
2018-12-04 CVE-2018-12310 Asustor Cross-Site Scripting vulnerability in Asustor Data Master 3.1.1

Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.

3.5
2018-12-04 CVE-2018-11348 Yunohost Cross-Site Scripting vulnerability in Yunohost

Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application.

3.5
2018-12-04 CVE-2018-16633 Pluck CMS Cross-Site Scripting vulnerability in Pluck-Cms Pluck 4.7.7

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.

3.5
2018-12-04 CVE-2018-16631 Intelliants Cross-Site Scripting vulnerability in Intelliants Subrion CMS 4.2.1

Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.

3.5
2018-12-04 CVE-2018-16629 Intelliants Cross-Site Scripting vulnerability in Intelliants Subrion CMS 4.2.1

panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.

3.5
2018-12-04 CVE-2018-16628 Getkirby Cross-Site Scripting vulnerability in Getkirby Kirby 2.5.12

panel/login in Kirby v2.5.12 allows XSS via a blog name.

3.5
2018-12-04 CVE-2018-19849 Yzmcms Cross-Site Scripting vulnerability in Yzmcms 5.2

An issue was discovered in YzmCMS 5.2.

3.5
2018-12-03 CVE-2018-1002009 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002008 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002007 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002006 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter

These vulnerabilities require administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002005 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter

These vulnerabilities require administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002004 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002003 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002002 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

3.5
2018-12-03 CVE-2018-1002001 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

3.5
2018-12-07 CVE-2017-15835 Google Infinite Loop vulnerability in Google Android

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.

3.3
2018-12-03 CVE-2018-16869 Nettle Project Information Exposure Through Discrepancy vulnerability in Nettle Project Nettle

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data.

3.3
2018-12-03 CVE-2018-16868 GNU Information Exposure Through Discrepancy vulnerability in GNU Gnutls

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data.

3.3
2018-12-09 CVE-2018-19982 Powermanager Improper Certificate Validation vulnerability in Powermanager KT Mc01507L Z-Wave S0 Firmware

An issue was discovered on KT MC01507L Z-Wave S0 devices.

2.9
2018-12-06 CVE-2018-9566 Google Out-Of-Bounds Read vulnerability in Google Android

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check.

2.9
2018-12-06 CVE-2018-19665 Qemu
Opensuse
Integer Overflow OR Wraparound vulnerability in multiple products

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

2.7
2018-12-06 CVE-2018-9554 Google Information Exposure vulnerability in Google Android

In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass.

2.1
2018-12-06 CVE-2018-9548 Google Missing Authorization vulnerability in Google Android

In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation.

2.1
2018-12-06 CVE-2018-1505 IBM Information Exposure vulnerability in IBM I2 Enterprise Insight Analysis 2.1.7/2.1.8

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system.

2.1
2018-12-05 CVE-2018-12155 Intel Information Exposure vulnerability in Intel Integrated Performance Primitives

Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2018-12-05 CVE-2018-1650 IBM USE of Hard-Coded Credentials vulnerability in IBM Qradar Incident Forensics

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator.

2.1
2018-12-05 CVE-2018-1568 IBM Information Exposure vulnerability in IBM Qradar Incident Forensics

IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system.

2.1
2018-12-04 CVE-2018-5496 Netapp Information Exposure vulnerability in Netapp Data Ontap

Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

2.1
2018-12-05 CVE-2018-19608 ARM Improper Privilege Management vulnerability in ARM Mbed TLS

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

1.9
2018-12-04 CVE-2018-19854 Linux
Canonical
Information Exposure vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 4.19.3.

1.9