Weekly Vulnerabilities Reports > December 24 to 30, 2018

Overview

222 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 166 products from 102 vendors including Debian, Opensuse, Canonical, Douco, and Schneider Electric. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Read", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "NULL Pointer Dereference".

  • 200 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 79 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 186 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Schneider Electric has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-28 CVE-2018-1000625 Battelle Use of Hard-coded Credentials vulnerability in Battelle V2I HUB 2.5.1

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account.

10.0
2018-12-24 CVE-2018-7800 Schneider Electric Use of Hard-coded Credentials vulnerability in Schneider-Electric Evlink Parking Firmware

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.

10.0
2018-12-28 CVE-2018-20577 Orange Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF.

9.4

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-28 CVE-2018-14988 MXQ Project Improper Input Validation vulnerability in MXQ Project MXQ TV BOX Firmware 4.4.2

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that contains an exported broadcast receiver application component that, when called, will make the device inoperable.

7.8
2018-12-28 CVE-2018-1000624 Battelle Improper Privilege Management vulnerability in Battelle V2I HUB 2.5.1

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality.

7.8
2018-12-26 CVE-2018-20404 Viatech Improper Input Validation vulnerability in Viatech Epia-E900 Firmware

ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD.

7.8
2018-12-24 CVE-2018-7835 Schneider Electric Path Traversal vulnerability in Schneider-Electric Iiot Monior 3.1.38

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.

7.8
2018-12-30 CVE-2018-20605 Txjia Code Injection vulnerability in Txjia Imcat 4.4

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.

7.5
2018-12-30 CVE-2018-20596 Jspxcms Server-Side Request Forgery (SSRF) vulnerability in Jspxcms 9.0.0

Jspxcms v9.0.0 allows SSRF.

7.5
2018-12-28 CVE-2018-5204 Infraware Global Unrestricted Upload of File with Dangerous Type vulnerability in Infraware-Global ML Report

ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method.

7.5
2018-12-28 CVE-2018-5203 Dextsolution Improper Input Validation vulnerability in Dextsolution Dextuploadx5

DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method.

7.5
2018-12-28 CVE-2018-20572 Wuzhicms SQL Injection vulnerability in Wuzhicms 4.1.0

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.

7.5
2018-12-28 CVE-2018-20569 Generic Content Management System Project SQL Injection vulnerability in Generic Content Management System Project Generic Content Management System

user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.

7.5
2018-12-28 CVE-2018-20568 Generic Content Management System Project SQL Injection vulnerability in Generic Content Management System Project Generic Content Management System

Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.

7.5
2018-12-28 CVE-2018-1000631 Battelle SQL Injection vulnerability in Battelle V2I HUB 3.0

Battelle V2I Hub 3.0 is vulnerable to SQL injection.

7.5
2018-12-28 CVE-2018-1000628 Battelle Unspecified vulnerability in Battelle V2I HUB 2.5.1

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function.

7.5
2018-12-28 CVE-2018-1000626 Battelle Unspecified vulnerability in Battelle V2I HUB 2.5.1

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key.

7.5
2018-12-27 CVE-2018-20508 Crashfix Project SQL Injection vulnerability in Crashfix Project Crashfix 1.0.4

CrashFix 1.0.4 has SQL Injection via the User[status] parameter.

7.5
2018-12-26 CVE-2018-19873 QT
Debian
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in Qt before 5.11.3.

7.5
2018-12-26 CVE-2018-20480 S CMS SQL Injection vulnerability in S-Cms 1.0

An issue was discovered in S-CMS 1.0.

7.5
2018-12-26 CVE-2018-20479 S CMS SQL Injection vulnerability in S-Cms 1.0

An issue was discovered in S-CMS 1.0.

7.5
2018-12-26 CVE-2018-20477 S CMS SQL Injection vulnerability in S-Cms 3.0

An issue was discovered in S-CMS 3.0.

7.5
2018-12-24 CVE-2018-20248 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Quick PDF Library

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

7.5
2018-12-24 CVE-2018-7836 Schneider Electric Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Iiot Monitor 3.1.38

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.

7.5
2018-12-24 CVE-2018-20433 Mchange
Debian
XXE vulnerability in multiple products

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

7.5
2018-12-28 CVE-2018-14998 Leagoo OS Command Injection vulnerability in Leagoo P1 Firmware

The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user.

7.2
2018-12-26 CVE-2018-18536 Asus Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports.

7.2
2018-12-26 CVE-2018-18535 Asus Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs).

7.2

158 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-30 CVE-2018-20613 Temmoku Project Cross-Site Request Forgery (CSRF) vulnerability in Temmoku Project Temmoku T1.09

TEMMOKU T1.09 Beta allows admin/user/add CSRF.

6.8
2018-12-30 CVE-2018-20612 Asthis Cross-Site Request Forgery (CSRF) vulnerability in Asthis Universal Website Asthis 2.3.11

UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.

6.8
2018-12-30 CVE-2018-20603 Lfdycms Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms LEI Feng TV CMS 3.8.6

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.

6.8
2018-12-30 CVE-2018-20598 Ucms Project Cross-Site Request Forgery (CSRF) vulnerability in Ucms Project Ucms 1.4.7

UCMS 1.4.7 has ?do=user_addpost CSRF.

6.8
2018-12-30 CVE-2018-20595 Hsweb Cross-Site Request Forgery (CSRF) vulnerability in Hsweb 3.0.4

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.

6.8
2018-12-28 CVE-2018-18696 Microstrategy Cross-Site Request Forgery (CSRF) vulnerability in Microstrategy 10.4.0026.0049/9.2.1

** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF.

6.8
2018-12-28 CVE-2018-20553 Broadcom Out-of-bounds Read vulnerability in Broadcom Tcpreplay

Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.

6.8
2018-12-28 CVE-2018-20552 Broadcom Out-of-bounds Read vulnerability in Broadcom Tcpreplay

Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.

6.8
2018-12-28 CVE-2018-20549 Libcaca Project
Canonical
Debian
Fedoraproject
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.

6.8
2018-12-28 CVE-2018-20548 Libcaca Project
Canonical
Fedoraproject
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.

6.8
2018-12-28 CVE-2018-20545 Libcaca Project
Canonical
Fedoraproject
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.

6.8
2018-12-28 CVE-2018-20542 Libxsmm Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libxsmm Project Libxsmm 1.10

There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address).

6.8
2018-12-28 CVE-2018-20541 Libxsmm Project Out-of-bounds Write vulnerability in Libxsmm Project Libxsmm 1.10

There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).

6.8
2018-12-28 CVE-2018-1000889 Logisim Evolution Project XXE vulnerability in Logisim-Evolution Project Logisim-Evolution

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration.

6.8
2018-12-28 CVE-2018-1000888 PHP
Canonical
Debian
Deserialization of Untrusted Data vulnerability in multiple products

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class.

6.8
2018-12-26 CVE-2018-19870 QT
Debian
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Qt before 5.11.3.

6.8
2018-12-26 CVE-2018-19616 Rockwellautomation Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000.

6.8
2018-12-26 CVE-2018-19182 Engelsystem Cross-Site Request Forgery (CSRF) vulnerability in Engelsystem 2.0.0

Engelsystem before commit hash 2e28336 allows CSRF.

6.8
2018-12-26 CVE-2018-15518 QT
Debian
Opensuse
Double Free vulnerability in multiple products

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.

6.8
2018-12-25 CVE-2018-20452 Libxls Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libxls Project Libxls 1.4.0

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.

6.8
2018-12-24 CVE-2018-20436 Telegram Server-Side Request Forgery (SSRF) vulnerability in Telegram and web

** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent.

6.8
2018-12-24 CVE-2018-20249 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Quick PDF Library

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

6.8
2018-12-24 CVE-2018-20247 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Quick PDF Library

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.

6.8
2018-12-24 CVE-2018-7801 Schneider Electric Code Injection vulnerability in Schneider-Electric Evlink Parking Firmware 3.1.133/3.2.012

A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.

6.8
2018-12-24 CVE-2018-7796 Schneider Electric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Powersuite 2

A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability.

6.8
2018-12-24 CVE-2018-19357 Xmplay Out-of-bounds Write vulnerability in Xmplay 3.8.3

XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file.

6.8
2018-12-24 CVE-2018-20429 Libming NULL Pointer Dereference vulnerability in Libming 0.4.8

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.

6.8
2018-12-24 CVE-2018-20428 Libming NULL Pointer Dereference vulnerability in Libming 0.4.8

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.

6.8
2018-12-24 CVE-2018-20427 Libming NULL Pointer Dereference vulnerability in Libming 0.4.8

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.

6.8
2018-12-24 CVE-2018-20426 Libming NULL Pointer Dereference vulnerability in Libming 0.4.8

libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.

6.8
2018-12-24 CVE-2018-20425 Libming NULL Pointer Dereference vulnerability in Libming 0.4.8

libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.

6.8
2018-12-24 CVE-2018-20423 Comsenz Unspecified vulnerability in Comsenz Discuzx X3.4

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.

6.8
2018-12-24 CVE-2018-20422 Comsenz Improper Authentication vulnerability in Comsenz Discuzx X3.4

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).

6.8
2018-12-24 CVE-2018-20419 Douco Cross-Site Request Forgery (CSRF) vulnerability in Douco Douphp 1.5

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.

6.8
2018-12-30 CVE-2018-20599 Ucms Project Code Injection vulnerability in Ucms Project Ucms 1.4.7

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.

6.5
2018-12-28 CVE-2018-1000630 Battelle SQL Injection vulnerability in Battelle V2I HUB 2.5.1

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection.

6.5
2018-12-24 CVE-2018-7832 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric Pro-Face Gp-Pro EX

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

6.5
2018-12-24 CVE-2018-7802 Schneider Electric SQL Injection vulnerability in Schneider-Electric Evlink Parking Firmware

A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.

6.5
2018-12-24 CVE-2018-8920 Synology Improper Encoding or Escaping of Output vulnerability in Synology Diskstation Manager

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

6.5
2018-12-24 CVE-2018-19248 Epson Missing Authentication for Critical Function vulnerability in Epson Workforce Wf-2861 Firmware 10.48Lq22I3/10.51.Lq20I6/10.52.Lq17Ia

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.

6.4
2018-12-28 CVE-2018-20576 Orange Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number.

5.8
2018-12-28 CVE-2018-20547 Libcaca Project
Canonical
Debian
Fedoraproject
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.

5.8
2018-12-28 CVE-2018-20546 Libcaca Project
Canonical
Fedoraproject
Debian
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

5.8
2018-12-24 CVE-2018-20424 Comsenz Improper Input Validation vulnerability in Comsenz Discuzx X3.4

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.

5.8
2018-12-28 CVE-2018-15005 Zteusa Unspecified vulnerability in Zteusa ZTE Zmax Champ Firmware 5.0.3

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset.

5.6
2018-12-28 CVE-2018-14987 MXQ Project Incorrect Permission Assignment for Critical Resource vulnerability in MXQ Project MXQ TV BOX Firmware 4.4.2

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that dynamically registers a broadcast receiver app component named com.android.server.MasterClearReceiver instead of statically registering it in the AndroidManifest.xml file of the core Android package, as done in Android Open Source Project (AOSP) code for Android 4.4.2.

5.6
2018-12-28 CVE-2018-14985 Leagoo Unspecified vulnerability in Leagoo Z5C Firmware 6.0

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that contains an exported broadcast receiver that allows any app co-located on the device to programmatically initiate a factory reset.

5.6
2018-12-27 CVE-2018-20519 74Cms Improper Input Validation vulnerability in 74Cms 4.2.111

An issue was discovered in 74cms v4.2.111.

5.5
2018-12-24 CVE-2018-15465 Cisco Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface.

5.5
2018-12-24 CVE-2018-20420 Weberp Incorrect Permission Assignment for Critical Resource vulnerability in Weberp 4.15

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.

5.5
2018-12-30 CVE-2018-20614 CIM Project Improper Input Validation vulnerability in CIM Project CIM 0.9.3

public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.

5.0
2018-12-30 CVE-2018-20609 Txjia Information Exposure vulnerability in Txjia Imcat 4.4

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.

5.0
2018-12-30 CVE-2018-20608 Txjia Information Exposure vulnerability in Txjia Imcat 4.4

imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.

5.0
2018-12-30 CVE-2018-20607 Txjia Information Exposure vulnerability in Txjia Imcat 4.4

imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.

5.0
2018-12-30 CVE-2018-20606 Txjia Information Exposure vulnerability in Txjia Imcat 4.4

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.

5.0
2018-12-30 CVE-2018-20602 Lfdycms Information Exposure vulnerability in Lfdycms LEI Feng TV CMS 3.8.6

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.

5.0
2018-12-28 CVE-2018-14986 Leagoo Information Exposure vulnerability in Leagoo Z5C Firmware

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) containing an exported content provider named com.android.messaging.datamodel.MessagingContentProvider.

5.0
2018-12-28 CVE-2018-14984 Leagoo Information Exposure vulnerability in Leagoo Z5C Firmware

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) with an exported broadcast receiver app component named com.android.messaging.trackersender.TrackerSender.

5.0
2018-12-28 CVE-2018-20578 Nuttx Infinite Loop vulnerability in Nuttx

An issue was discovered in NuttX before 7.27.

5.0
2018-12-28 CVE-2018-20575 Orange Improper Input Validation vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S

Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update.

5.0
2018-12-28 CVE-2018-18667 Pylon Network Integer Overflow or Wraparound vulnerability in Pylon-Network Pylontoken

The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812.

5.0
2018-12-28 CVE-2018-18666 Swft Integer Overflow or Wraparound vulnerability in Swft Swftcoin

The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-12-28 CVE-2018-18665 Nexxuscoin Integer Overflow or Wraparound vulnerability in Nexxuscoin Nexxustoken

The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-12-28 CVE-2018-20571 Damicms Information Exposure vulnerability in Damicms 6.0.1

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.

5.0
2018-12-28 CVE-2018-20567 Douco Incorrect Permission Assignment for Critical Resource vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

5.0
2018-12-28 CVE-2018-20566 Douco Path Traversal vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

5.0
2018-12-28 CVE-2018-17539 F5
Ipinfusion
The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.
5.0
2018-12-28 CVE-2018-1000890 Frontaccounting SQL Injection vulnerability in Frontaccounting 2.4.5

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.

5.0
2018-12-28 CVE-2018-1000627 Battelle Insufficiently Protected Credentials vulnerability in Battelle V2I HUB 2.5.1

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file.

5.0
2018-12-26 CVE-2018-17987 Hashheroes Use of Insufficiently Random Values vulnerability in Hashheroes

The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.

5.0
2018-12-26 CVE-2018-11742 NEC Insufficiently Protected Credentials vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

5.0
2018-12-26 CVE-2018-11741 NEC Information Exposure vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.

5.0
2018-12-26 CVE-2018-20478 S CMS Information Exposure vulnerability in S-Cms 1.0

An issue was discovered in S-CMS 1.0.

5.0
2018-12-25 CVE-2018-20463 Jsmol2Wp Project Path Traversal vulnerability in Jsmol2Wp Project Jsmol2Wp 1.07

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress.

5.0
2018-12-25 CVE-2018-20445 Dlink Insufficiently Protected Credentials vulnerability in Dlink Dcm-604 Firmware and Dcm-704 Firmware

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.

5.0
2018-12-25 CVE-2018-20444 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Cga0111 Firmware Cga0111Ees13E23Ec8000R57121702170829Tru

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

5.0
2018-12-25 CVE-2018-20443 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Tc7200.D1I Firmware Tc7200.D1Ien23Ec7000R5712170406Hat

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

5.0
2018-12-25 CVE-2018-20442 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Tc7110.B Firmware Stc8.62.02

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

5.0
2018-12-25 CVE-2018-20441 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Tc7200.Th2V2 Firmware Sc05.00.22

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

5.0
2018-12-25 CVE-2018-20440 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Cwa0101 Firmware Cwa0101Ea23Ec7000R5712170315Skc

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

5.0
2018-12-25 CVE-2018-20439 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Dpc3928Sl Firmware D3928Slpsip13A010C3420R55105170214A

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

5.0
2018-12-25 CVE-2018-20438 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Tc7110.Ar Firmware

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

5.0
2018-12-25 CVE-2018-20437 Mrbird Path Traversal vulnerability in Mrbird Febs-Shiro

** DISPUTED ** An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05.

5.0
2018-12-24 CVE-2018-19232 Epson Unspecified vulnerability in Epson Workforce Wf-2861 Firmware 10.48Lq22I3/10.51.Lq20I6/10.52.Lq17Ia

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI.

5.0
2018-12-24 CVE-2018-18959 Epson Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Epson Workforce Wf-2861 Firmware 10.48Lq22I3/10.51.Lq20I6/10.52.Lq17Ia

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices.

5.0
2018-12-24 CVE-2018-18698 MI Insufficiently Protected Credentials vulnerability in MI Xiaomi Mi-A1 Firmware

An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices.

5.0
2018-12-24 CVE-2018-7837 Schneider Electric XXE vulnerability in Schneider-Electric Iiot Monior 3.1.38

An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.

5.0
2018-12-24 CVE-2018-8919 Synology Information Exposure vulnerability in Synology Diskstation Manager

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

5.0
2018-12-24 CVE-2018-20421 Ethereum Allocation of Resources Without Limits or Throttling vulnerability in Ethereum GO Ethereum 1.8.19

Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment.

5.0
2018-12-24 CVE-2018-20410 Wellintech Out-of-bounds Write vulnerability in Wellintech Kingscada 3.1/3.1.2/3.1.2.13

WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow.

5.0
2018-12-28 CVE-2018-15006 Zteusa Unspecified vulnerability in Zteusa ZTE Zmax Champ Firmware 6.0.1

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device.

4.9
2018-12-28 CVE-2018-15007 Skydevices OS Command Injection vulnerability in Skydevices SKY Elite 6.0L+ Firmware Sky/X6069Trxl601Sky/X6069Trxl601Sky:6.0/Mra58K/1482897127:User/Releasekeys

The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user.

4.6
2018-12-28 CVE-2018-7366 ZTE Incorrect Authorization vulnerability in ZTE Zxv10 B860Av2.1 Chinamobile Firmware

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.

4.6
2018-12-24 CVE-2018-7793 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.

4.6
2018-12-30 CVE-2018-20611 Txjia Cross-site Scripting vulnerability in Txjia Imcat 4.4

imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.

4.3
2018-12-30 CVE-2018-20600 Ucms Project Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7

sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.

4.3
2018-12-30 CVE-2018-20594 Hsweb Cross-site Scripting vulnerability in Hsweb 3.0.4

An issue was discovered in hsweb 3.0.4.

4.3
2018-12-30 CVE-2018-20593 Msweet
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

4.3
2018-12-30 CVE-2018-20592 Msweet
Fedoraproject
Use After Free vulnerability in multiple products

In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file.

4.3
2018-12-30 CVE-2018-20591 Libming Out-of-bounds Read vulnerability in Libming 0.4.8

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8.

4.3
2018-12-30 CVE-2018-20588 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.3

lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.

4.3
2018-12-30 CVE-2018-20584 Jasper Project
Debian
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
4.3
2018-12-30 CVE-2018-20583 Thephpleague Cross-site Scripting vulnerability in Thephpleague Commonmark

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).

4.3
2018-12-28 CVE-2018-15004 Coolpad Information Exposure Through Log Files vulnerability in Coolpad Canvas Firmware 7.0

The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user.

4.3
2018-12-28 CVE-2018-20574 Yaml CPP Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yaml-Cpp Project Yaml-Cpp 0.6.2

The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

4.3
2018-12-28 CVE-2018-20573 Yaml CPP Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yaml-Cpp Project Yaml-Cpp 0.6.2

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

4.3
2018-12-28 CVE-2018-20570 Jasper Project
Debian
Out-of-bounds Read vulnerability in multiple products

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

4.3
2018-12-28 CVE-2018-20551 Freedesktop
Canonical
Improper Input Validation vulnerability in multiple products

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

4.3
2018-12-28 CVE-2018-20544 Libcaca Project
Canonical
Debian
Divide By Zero vulnerability in multiple products

There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.

4.3
2018-12-28 CVE-2018-20543 Libxsmm Project Resource Exhaustion vulnerability in Libxsmm Project Libxsmm 1.10

There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service.

4.3
2018-12-28 CVE-2018-20540 Liblas Missing Release of Resource after Effective Lifetime vulnerability in Liblas 1.8.1

There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1.

4.3
2018-12-28 CVE-2018-20539 Liblas Improper Input Validation vulnerability in Liblas 1.8.1

There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.

4.3
2018-12-28 CVE-2018-20538 Nasm Use After Free vulnerability in Nasm Netwide Assembler 2.14.0

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.

4.3
2018-12-28 CVE-2018-20537 Liblas NULL Pointer Dereference vulnerability in Liblas 1.8.1

There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.

4.3
2018-12-28 CVE-2018-20536 Liblas Out-of-bounds Read vulnerability in Liblas 1.8.1

There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.

4.3
2018-12-28 CVE-2018-20535 Nasm Use After Free vulnerability in Nasm Netwide Assembler 2.14.0

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.

4.3
2018-12-28 CVE-2018-20534 Opensuse
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service.

4.3
2018-12-28 CVE-2018-20533 Opensuse
Canonical
NULL Pointer Dereference vulnerability in multiple products

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

4.3
2018-12-28 CVE-2018-20532 Opensuse
Canonical
NULL Pointer Dereference vulnerability in multiple products

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

4.3
2018-12-28 CVE-2018-1000629 Battelle Cross-site Scripting vulnerability in Battelle V2I HUB 2.5.1

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script.

4.3
2018-12-28 CVE-2018-15335 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server.

4.3
2018-12-28 CVE-2018-15334 F5 Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip Access Policy Manager

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

4.3
2018-12-27 CVE-2018-20524 Urlchatbox Cross-site Scripting vulnerability in Urlchatbox Chat Anywhere 2.4.0

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).

4.3
2018-12-27 CVE-2018-20520 1234N Cross-site Scripting vulnerability in 1234N Minicms 1.10

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.

4.3
2018-12-26 CVE-2018-20502 Axiosys Resource Exhaustion vulnerability in Axiosys Bento4 1.5.1627

An issue was discovered in Bento4 1.5.1-627.

4.3
2018-12-26 CVE-2018-19871 QT
Opensuse
Resource Exhaustion vulnerability in multiple products

An issue was discovered in Qt before 5.11.3.

4.3
2018-12-26 CVE-2018-19869 QT
Opensuse
Improper Input Validation vulnerability in multiple products

An issue was discovered in Qt before 5.11.3.

4.3
2018-12-26 CVE-2018-19799 Dolibarr Cross-site Scripting vulnerability in Dolibarr

Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.

4.3
2018-12-26 CVE-2018-19615 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions.

4.3
2018-12-26 CVE-2018-20486 Metinfo Cross-site Scripting vulnerability in Metinfo

MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.

4.3
2018-12-26 CVE-2018-20485 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.

4.3
2018-12-26 CVE-2018-20484 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.

4.3
2018-12-26 CVE-2018-0724 Qnap Cross-site Scripting vulnerability in Qnap Q'Center Virtual Appliance

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723.

4.3
2018-12-26 CVE-2018-0723 Qnap Cross-site Scripting vulnerability in Qnap Q'Center Virtual Appliance

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724.

4.3
2018-12-26 CVE-2018-20481 Freedesktop
Canonical
Debian
NULL Pointer Dereference vulnerability in multiple products

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

4.3
2018-12-26 CVE-2018-20476 S CMS Cross-site Scripting vulnerability in S-Cms 3.0

An issue was discovered in S-CMS 3.0.

4.3
2018-12-26 CVE-2018-20467 Imagemagick
Opensuse
Debian
Canonical
Infinite Loop vulnerability in multiple products

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption.

4.3
2018-12-25 CVE-2018-20464 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php.

4.3
2018-12-25 CVE-2018-20462 Jsmol2Wp Project Cross-site Scripting vulnerability in Jsmol2Wp Project Jsmol2Wp 1.07

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress.

4.3
2018-12-25 CVE-2018-20461 Radare Out-of-bounds Read vulnerability in Radare Radare2

In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.

4.3
2018-12-25 CVE-2018-20460 Radare Out-of-bounds Write vulnerability in Radare Radare2

In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.

4.3
2018-12-25 CVE-2018-20459 Radare Out-of-bounds Read vulnerability in Radare Radare2

In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457.

4.3
2018-12-25 CVE-2018-20458 Radare Out-of-bounds Read vulnerability in Radare Radare2

In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.

4.3
2018-12-25 CVE-2018-20457 Radare Out-of-bounds Read vulnerability in Radare Radare2

In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459.

4.3
2018-12-25 CVE-2018-20456 Radare Out-of-bounds Read vulnerability in Radare Radare2

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.

4.3
2018-12-25 CVE-2018-20455 Radare Out-of-bounds Write vulnerability in Radare Radare2

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.

4.3
2018-12-25 CVE-2018-20454 74Cms Cross-site Scripting vulnerability in 74Cms 4.2.111

An issue was discovered in 74cms v4.2.111.

4.3
2018-12-25 CVE-2018-20453 Libdoc Project Out-of-bounds Read vulnerability in Libdoc Project Libdoc

The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.

4.3
2018-12-25 CVE-2018-20451 Libdoc Project Out-of-bounds Read vulnerability in Libdoc Project Libdoc

The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.

4.3
2018-12-25 CVE-2018-20450 Libxls Project Double Free vulnerability in Libxls Project Libxls 1.4.0

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

4.3
2018-12-24 CVE-2018-18960 Epson Resource Exhaustion vulnerability in Epson Workforce Wf-2861 Firmware 10.48Lq22I3/10.51.Lq20I6/10.52.Lq17Ia

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices.

4.3
2018-12-24 CVE-2018-17197 Apache Infinite Loop vulnerability in Apache Tika

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

4.3
2018-12-24 CVE-2018-20431 GNU
Debian
NULL Pointer Dereference vulnerability in multiple products

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.

4.3
2018-12-24 CVE-2018-20430 GNU
Debian
Out-of-bounds Read vulnerability in multiple products

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.

4.3
2018-12-30 CVE-2018-20610 Txjia Path Traversal vulnerability in Txjia Imcat 4.4

imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.

4.0
2018-12-30 CVE-2018-20604 Lfdycms Path Traversal vulnerability in Lfdycms LEI Feng TV CMS 3.8.6

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file.

4.0
2018-12-28 CVE-2018-20528 Jeecms Server-Side Request Forgery (SSRF) vulnerability in Jeecms 9

JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.

4.0
2018-12-25 CVE-2018-20465 Craftcms Missing Encryption of Sensitive Data vulnerability in Craftcms Craft CMS

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.

4.0

36 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-12-28 CVE-2018-20579 Contiki NG Project Out-of-bounds Write vulnerability in Contiki-Ng Project Contiki-Ng 4.2

Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.

3.6
2018-12-30 CVE-2018-20601 Ucms Project Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7

UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.

3.5
2018-12-30 CVE-2018-20597 Ucms Project Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.

3.5
2018-12-30 CVE-2018-20590 Generic Content Management System Project Cross-site Scripting vulnerability in Generic Content Management System Project Generic Content Management System

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.

3.5
2018-12-30 CVE-2018-20589 Generic Content Management System Project Cross-site Scripting vulnerability in Generic Content Management System Project Generic Content Management System

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.

3.5
2018-12-28 CVE-2018-16638 Modx Cross-site Scripting vulnerability in Modx Evolution CMS

Evolution CMS 1.4.x allows XSS via the manager/ search parameter.

3.5
2018-12-28 CVE-2018-16637 Modx Cross-site Scripting vulnerability in Modx Evolution CMS

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.

3.5
2018-12-28 CVE-2018-16632 Jupo Cross-site Scripting vulnerability in Jupo Mezzanine 4.3.1

Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.

3.5
2018-12-28 CVE-2018-16630 Getkirby Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.

3.5
2018-12-28 CVE-2018-20565 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20564 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20563 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20562 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20561 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20560 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20559 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20558 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20557 Douco Cross-site Scripting vulnerability in Douco Douphp 1.5

An issue was discovered in DouCo DouPHP 1.5 20181221.

3.5
2018-12-28 CVE-2018-20530 Website Seller Script Project Cross-site Scripting vulnerability in Website Seller Script Project Website Seller Script 2.0.5

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.

3.5
2018-12-28 CVE-2018-1000887 Peel Cross-site Scripting vulnerability in Peel Shopping 9.1.0

Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter.

3.5
2018-12-26 CVE-2018-20217 MIT
Debian
Reachable Assertion vulnerability in multiple products

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17.

3.5
2018-12-25 CVE-2018-20448 Frog CMS Project Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5

Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.

3.5
2018-12-24 CVE-2018-8917 Synology Cross-site Scripting vulnerability in Synology Diskstation Manager

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

3.5
2018-12-24 CVE-2018-8918 Synology Cross-site Scripting vulnerability in Synology Router Manager

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

3.5
2018-12-24 CVE-2018-20418 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS 3.0.25

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.

3.5
2018-12-28 CVE-2018-15001 Vivo Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 1.0

The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage.

2.1
2018-12-28 CVE-2018-14992 Asus Unspecified vulnerability in Asus Zenfone 3 MAX Firmware 1.5.0.40

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it.

2.1
2018-12-28 CVE-2018-15333 F5 Unrestricted Upload of File with Dangerous Type vulnerability in F5 products

On versions 11.2.1.

2.1
2018-12-27 CVE-2018-20511 Linux
Debian
Information Exposure vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 4.18.11.

2.1
2018-12-26 CVE-2018-18537 Asus Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.

2.1
2018-12-26 CVE-2018-20483 GNU Information Exposure vulnerability in GNU Wget

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr.

2.1
2018-12-26 CVE-2018-17957 Suse Improper Authentication vulnerability in Suse Repository Mirroring Tool 1.0/1.1.0

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.

2.1
2018-12-28 CVE-2018-15002 Vivo Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 7.1.2

The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user.

1.9
2018-12-28 CVE-2018-14995 Zteusa Information Exposure Through Log Files vulnerability in Zteusa products

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device.

1.9
2018-12-28 CVE-2018-14979 Asus Information Exposure vulnerability in Asus Zenfone 3 MAX Firmware 7.0.0.55

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515).

1.9
2018-12-26 CVE-2018-20482 GNU
Debian
Opensuse
Infinite Loop vulnerability in multiple products

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

1.9