Quantcast
Channel: CISA All NCAS Products
Viewing all 3440 articles
Browse latest View live

ISC Releases Security Advisories for BIND

May 18, 2018, 2:05 pm
$
0
0
Original release date: May 18, 2018

The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

NCCIC encourages users and administrators to review ISC Knowledge Base Articles AA-01602 and AA-01606 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Mozilla Releases Security Update for Thunderbird

May 18, 2018, 6:15 pm
$
0
0
Original release date: May 18, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-141: Vulnerability Summary for the Week of May 14, 2018

May 21, 2018, 3:29 am
$
0
0
Original release date: May 21, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
actiontec_electronics -- wcb6200q_firmware
 		An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network.2018-05-14not yet calculatedCVE-2018-10252
CONFIRM
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2017-11240
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4917
BID
SECTRACK
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2017-11307
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4918
BID
SECTRACK
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2017-11253
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2017-11306
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2017-11250
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2017-11308
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4938
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4940
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4942
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-05-19not yet calculatedCVE-2018-4939
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4941
BID
MISC
adobe -- connectAdobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4921
BID
SECTRACK
MISC
adobe -- connect
 		Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4994
BID
SECTRACK
MISC
adobe -- connect
 		Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.2018-05-19not yet calculatedCVE-2018-4923
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop
 		Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4873
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop
 		Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4992
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop
 		Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.2018-05-19not yet calculatedCVE-2018-4991
BID
SECTRACK
MISC
adobe -- digital_editions
 		Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4925
BID
MISC
adobe -- digital_editions
 		Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4926
BID
MISC
adobe -- dreamweaver_cc
 		Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4924
BID
SECTRACK
MISC
adobe -- experience_manager
 		Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4930
BID
MISC
adobe -- experience_manager
 		Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4931
BID
MISC
adobe -- experience_manager
 		Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4929
BID
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4944
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4919
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4936
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4937
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4935
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 		Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4920
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4933
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4932
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4934
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- indesignAdobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4927
BID
MISC
adobe -- indesign
 		Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4928
BID
MISC
adobe -- phonegap_push
 		Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.2018-05-19not yet calculatedCVE-2018-4943
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.2018-05-15not yet calculatedCVE-2018-7499
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.2018-05-15not yet calculatedCVE-2018-7503
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.2018-05-15not yet calculatedCVE-2018-7505
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.2018-05-15not yet calculatedCVE-2018-10591
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.2018-05-15not yet calculatedCVE-2018-10590
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.2018-05-15not yet calculatedCVE-2018-10589
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.2018-05-15not yet calculatedCVE-2018-7497
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.2018-05-15not yet calculatedCVE-2018-8845
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.2018-05-15not yet calculatedCVE-2018-7495
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.2018-05-15not yet calculatedCVE-2018-8841
BID
MISC
advantech -- webaccess
 		In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.2018-05-15not yet calculatedCVE-2018-7501
BID
MISC
apache -- orc
 		In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.2018-05-18not yet calculatedCVE-2018-8015
CONFIRM
apache -- tomcat
 		The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.2018-05-16not yet calculatedCVE-2018-8014
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
arris -- touchstone_telephony_gateway_tg1682g_routers
 		Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."2018-05-14not yet calculatedCVE-2018-10989
MISC
arris -- touchstone_telephony_gateway_tg1682g_routers
 		On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.2018-05-14not yet calculatedCVE-2018-10990
MISC
asus -- rt-ac1200hp_firmware
 		Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0583
JVN
MISC
asus -- rt-ac68u_firmware
 		Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0582
JVN
MISC
asus -- rt-ac87u_firmware
 		Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0581
JVN
MISC
atlassian -- application_links
 		The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.2018-05-14not yet calculatedCVE-2017-16860
BID
CONFIRM
atlassian -- jira
 		The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.2018-05-14not yet calculatedCVE-2018-5230
CONFIRM
atlassian -- jira
 		The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.2018-05-16not yet calculatedCVE-2018-5231
BID
CONFIRM
celsys -- clip_studio_series
 		Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2018-05-14not yet calculatedCVE-2018-0580
MISC
JVN
MISC
cisco -- digital_network_architecture_center
 		A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.2018-05-16not yet calculatedCVE-2018-0268
BID
CONFIRM
cisco -- digital_network_architecture_center
 		A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929.2018-05-16not yet calculatedCVE-2018-0222
BID
CONFIRM
cisco -- digital_network_architecture_center
 		A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394.2018-05-16not yet calculatedCVE-2018-0271
BID
CONFIRM
cisco -- enterprise_nfv_infrastructure_software
 		A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631.2018-05-16not yet calculatedCVE-2018-0323
BID
CONFIRM
cisco -- enterprise_nfv_infrastructure_software
 		A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access with a non-root user account to the underlying Linux operating system on the affected device. Due to the system design, access to the Linux shell could allow execution of additional attacks that may have a significant impact on the affected system. This vulnerability affects Cisco devices that are running release 3.7.1, 3.6.3, or earlier releases of Cisco Enterprise NFV Infrastructure Software (NFVIS) when access to the SCP server is allowed on the affected device. Cisco NFVIS Releases 3.5.x and 3.6.x do allow access to the SCP server by default, while Cisco NFVIS Release 3.7.1 does not. Cisco Bug IDs: CSCvh25026.2018-05-16not yet calculatedCVE-2018-0279
CONFIRM
cisco -- enterprise_nfv_infrastructure_software
 		A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious parameters. An exploit could allow the attacker to execute arbitrary commands with a non-root user account on the underlying Linux operating system of the affected device. Cisco Bug IDs: CSCvi09723.2018-05-16not yet calculatedCVE-2018-0324
BID
CONFIRM
cisco -- firepower_threat_defense
 		A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets received out of order. An attacker could exploit this vulnerability by sending a crafted SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured SSL AC policy to block SSL traffic. Cisco Bug IDs: CSCvg09316.2018-05-16not yet calculatedCVE-2018-0297
BID
CONFIRM
cisco -- identity_services_engine
 		A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308.2018-05-16not yet calculatedCVE-2018-0289
BID
SECTRACK
CONFIRM
cisco -- identity_services_engine
 		A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg86743.2018-05-16not yet calculatedCVE-2018-0327
BID
SECTRACK
CONFIRM
cisco -- identity_services_engine
 		A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection. If an attacker attempted to import the same EAP-TLS certificate to the ISE trust store, it could trigger a DoS condition on the affected system. This exploit vector would require the attacker to have valid administrator credentials. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance. Cisco Bug IDs: CSCve31857.2018-05-16not yet calculatedCVE-2018-0277
BID
SECTRACK
CONFIRM
cisco -- iot_field_network_director
 		A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could create a new, privileged account to obtain full control over the device interface. This vulnerability affects Connected Grid Network Management System, if running a software release prior to IoT-FND Release 3.0; and IoT Field Network Director, if running a software release prior to IoT-FND Release 4.1.1-6 or 4.2.0-123. Cisco Bug IDs: CSCvi02448.2018-05-16not yet calculatedCVE-2018-0270
CONFIRM
cisco -- ip_phone_7800_and_8800_series_phones
 		A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066.2018-05-16not yet calculatedCVE-2018-0325
BID
SECTRACK
CONFIRM
cisco -- meeting_server
 		A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product. This vulnerability affects Cisco Meeting Server deployments that are running Cisco Meeting Server Software Releases 2.0, 2.1, 2.2, and 2.3. Cisco Bug IDs: CSCve79693, CSCvf91393, CSCvg64656, CSCvh30725, CSCvi86363.2018-05-16not yet calculatedCVE-2018-0280
BID
SECTRACK
CONFIRM
cisco -- socialminer
 		A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368.2018-05-16not yet calculatedCVE-2018-0290
BID
CONFIRM
cisco -- telepresence_server_software
 		A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCun79565.2018-05-16not yet calculatedCVE-2018-0326
BID
SECTRACK
CONFIRM
cisco -- unified_communications_manager_and_unified_presence
 		A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.2018-05-16not yet calculatedCVE-2018-0328
BID
SECTRACK
SECTRACK
CONFIRM
citrix -- netscaler_application_delivery_controller_and_netscaler_gateway
 		The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.2018-05-17not yet calculatedCVE-2018-7218
SECTRACK
CONFIRM
cloud_foundry_foundation -- uaaCloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.2018-05-15not yet calculatedCVE-2018-1262
CONFIRM
cloudwu/cstring -- cloudwu/cstring
 		An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability that could lead to a program crash.2018-05-14not yet calculatedCVE-2018-11097
MISC

coreos -- tectonic


 		CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users are able to list all Namespaces through the Console, resulting in an information disclosure. Tectonic's exposure of an unauthenticated API endpoint containing information regarding the internal state of the cluster can provide an attacker with information that may assist in other attacks against the cluster. For example, an attacker may not have the permissions required to list all namespaces in the cluster but can instead leverage this vulnerability to enumerate the namespaces and then begin to check each namespace for weak authorization policies that may allow further escalation of privileges.2018-05-18not yet calculatedCVE-2018-5256
CONFIRM
CONFIRM
d-link -- dir-550a_and_dir-604m_devices
 		On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.2018-05-18not yet calculatedCVE-2018-10967
MISC
d-link -- dir-550a_and_dir-604m_devices
 		On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.2018-05-18not yet calculatedCVE-2018-10968
MISC
d-link -- dir-816_a2_routers
 		Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.2018-05-13not yet calculatedCVE-2018-11013
MISC
doorgets -- doorgets
 		dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.2018-05-15not yet calculatedCVE-2018-11126
MISC
e107 -- e107
 		e107 2.1.7 has CSRF resulting in arbitrary user deletion.2018-05-15not yet calculatedCVE-2018-11127
MISC
estsoft -- alzip
 		ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.2018-05-17not yet calculatedCVE-2018-10027
MISC
MISC
ethereum -- hexagon_token
 		An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the "burnOverflow" issue.2018-05-19not yet calculatedCVE-2018-11239
MISC
ethereum -- rasputin_online_coin_token
 		The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.2018-05-13not yet calculatedCVE-2018-10944
MISC
exiv2 -- exiv2
 		In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.2018-05-13not yet calculatedCVE-2018-11037
MISC
filedownloader -- filedownloader
 		util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.2018-05-18not yet calculatedCVE-2018-11248
MISC
foxit -- readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.2018-05-17not yet calculatedCVE-2018-9948
CONFIRM
MISC
foxit -- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Width structures. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5420.2018-05-17not yet calculatedCVE-2018-10488
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425.2018-05-17not yet calculatedCVE-2018-9976
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rect Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5434.2018-05-17not yet calculatedCVE-2018-9961
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.2018-05-17not yet calculatedCVE-2018-9958
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record append method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5375.2018-05-17not yet calculatedCVE-2018-9941
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5424.2018-05-17not yet calculatedCVE-2018-10492
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5473.2018-05-17not yet calculatedCVE-2018-9949
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5549.2018-05-17not yet calculatedCVE-2018-9963
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Bone Weight Modifier structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5423.2018-05-17not yet calculatedCVE-2018-10491
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.2018-05-17not yet calculatedCVE-2018-9938
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D 3DView objects. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5493.2018-05-17not yet calculatedCVE-2018-10494
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5755.2018-05-17not yet calculatedCVE-2018-9972
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Coord Dimensions objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5397.2018-05-17not yet calculatedCVE-2018-10478
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D Texture Resource structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5408.2018-05-17not yet calculatedCVE-2018-10481
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5529.2018-05-17not yet calculatedCVE-2018-9954
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Key Frame structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5399.2018-05-17not yet calculatedCVE-2018-10479
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When parsing arguments passed to the resetData method, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5618.2018-05-17not yet calculatedCVE-2018-9957
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setTimeOut method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5471.2018-05-17not yet calculatedCVE-2018-9946
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files embedded inside PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5419.2018-05-17not yet calculatedCVE-2018-10487
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5586.2018-05-17not yet calculatedCVE-2018-10495
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA borderColor attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5436.2018-05-17not yet calculatedCVE-2018-1173
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5382.2018-05-17not yet calculatedCVE-2018-9945
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5494.2018-05-17not yet calculatedCVE-2018-9983
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA boundItem method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5579.2018-05-17not yet calculatedCVE-2018-9969
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5895.2018-05-17not yet calculatedCVE-2018-9974
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5569.2018-05-17not yet calculatedCVE-2018-9965
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSimple_Calculate method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5491.2018-05-17not yet calculatedCVE-2018-1180
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762.2018-05-17not yet calculatedCVE-2018-9975
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the formattedValue attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5527.2018-05-17not yet calculatedCVE-2018-9952
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5488.2018-05-17not yet calculatedCVE-2018-1177
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of layout elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5373.2018-05-17not yet calculatedCVE-2018-9939
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376.2018-05-17not yet calculatedCVE-2018-9942
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.104. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5754.2018-05-17not yet calculatedCVE-2018-9971
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758.2018-05-17not yet calculatedCVE-2018-9973
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5571.2018-05-17not yet calculatedCVE-2018-9967
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the name attribute of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5568.2018-05-17not yet calculatedCVE-2018-9964
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483.2018-05-17not yet calculatedCVE-2018-9982
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Modifier Chain objects in U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5427.2018-05-17not yet calculatedCVE-2018-9977
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5410.2018-05-17not yet calculatedCVE-2018-10483
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DataSubBlock structures in GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5490.2018-05-17not yet calculatedCVE-2018-1179
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570.2018-05-17not yet calculatedCVE-2018-9966
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the interactive attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5438.2018-05-17not yet calculatedCVE-2018-1175
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495.2018-05-17not yet calculatedCVE-2018-9984
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5489.2018-05-17not yet calculatedCVE-2018-1178
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442.2018-05-17not yet calculatedCVE-2018-1176
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the layout sheet attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5374.2018-05-17not yet calculatedCVE-2018-9940
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Shading objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5393.2018-05-17not yet calculatedCVE-2018-10474
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the textColor Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5433.2018-05-17not yet calculatedCVE-2018-9960
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5312.2018-05-17not yet calculatedCVE-2018-9935
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5396.2018-05-17not yet calculatedCVE-2018-10477
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Final Maximum Resolution attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5426.2018-05-17not yet calculatedCVE-2018-10493
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395.2018-05-17not yet calculatedCVE-2018-10476
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5580.2018-05-17not yet calculatedCVE-2018-9970
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411.2018-05-17not yet calculatedCVE-2018-10484
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5472.2018-05-17not yet calculatedCVE-2018-9947
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the title attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5617.2018-05-17not yet calculatedCVE-2018-9956
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370.2018-05-17not yet calculatedCVE-2018-9936
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNodes method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5528.2018-05-17not yet calculatedCVE-2018-9953
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addLink method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5379.2018-05-17not yet calculatedCVE-2018-9944
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D CLOD Base Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5392.2018-05-17not yet calculatedCVE-2018-10473
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Light Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5394.2018-05-17not yet calculatedCVE-2018-10475
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CPDF_Object objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5414.2018-05-17not yet calculatedCVE-2018-9951
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the U3D Node Name buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5401.2018-05-17not yet calculatedCVE-2018-10480
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Annotation's author attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5435.2018-05-17not yet calculatedCVE-2018-9962
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the bitmapDPI attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5437.2018-05-17not yet calculatedCVE-2018-1174
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431.2018-05-17not yet calculatedCVE-2018-9981
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5413.2018-05-17not yet calculatedCVE-2018-9950
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418.2018-05-17not yet calculatedCVE-2018-10486
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Continuation objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5429.2018-05-17not yet calculatedCVE-2018-9979
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5572.2018-05-17not yet calculatedCVE-2018-9968
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5428.2018-05-17not yet calculatedCVE-2018-9978
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within U3D Texture Height structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5412.2018-05-17not yet calculatedCVE-2018-10485
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5430.2018-05-17not yet calculatedCVE-2018-9980
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371.2018-05-17not yet calculatedCVE-2018-9937
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377.2018-05-17not yet calculatedCVE-2018-9943
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5422.2018-05-17not yet calculatedCVE-2018-10490
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5421.2018-05-17not yet calculatedCVE-2018-10489
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409.2018-05-17not yet calculatedCVE-2018-10482
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531.2018-05-17not yet calculatedCVE-2018-9955
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the pageNum document attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5432.2018-05-17not yet calculatedCVE-2018-9959
CONFIRM
MISC
frog_cms -- frog_cms
 		An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.2018-05-14not yet calculatedCVE-2018-11098
MISC
ge -- pacsystems
 		In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.2018-05-18not yet calculatedCVE-2018-8867
MISC
gnu -- glibc
 		An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.2018-05-18not yet calculatedCVE-2017-18269
MISC
MISC
MISC
gnu -- glibc
 		stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.2018-05-18not yet calculatedCVE-2018-11236
MISC
MISC
gnu -- glibc
 		An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.2018-05-18not yet calculatedCVE-2018-11237
MISC
h5dbtree.c -- h5dbtree.c
 		A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.2018-05-16not yet calculatedCVE-2018-11203
MISC
hdfgroup -- hdf5
 		A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.2018-05-16not yet calculatedCVE-2018-11202
MISC
hdfgroup -- hdf5
 		A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.2018-05-16not yet calculatedCVE-2018-11205
MISC
hdfgroup -- hdf5
 		A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.2018-05-16not yet calculatedCVE-2018-11204
MISC
hdfgroup -- hdf5
 		A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.2018-05-16not yet calculatedCVE-2018-11207
MISC
hdfgroup -- hdf5
 		A out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.2018-05-16not yet calculatedCVE-2018-11206
MISC
honeywell_matrikonopc -- matrikonopc_explorer
 		Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries.2018-05-17not yet calculatedCVE-2018-8714
BID
MISC
CONFIRM
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.2018-05-17not yet calculatedCVE-2018-1463
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.2018-05-17not yet calculatedCVE-2018-1433
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.2018-05-17not yet calculatedCVE-2018-1466
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.2018-05-17not yet calculatedCVE-2018-1461
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.2018-05-17not yet calculatedCVE-2018-1434
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.2018-05-17not yet calculatedCVE-2018-1438
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.2018-05-17not yet calculatedCVE-2018-1465
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.2018-05-17not yet calculatedCVE-2018-1464
CONFIRM
CONFIRM
CONFIRM
XF
ibm -- san_volume_controller_and_storwize_and_spectrum_virtualize_and_flashsystem
 		IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.2018-05-17not yet calculatedCVE-2018-1462
CONFIRM
CONFIRM
CONFIRM
XF
ignite_realtime -- openfire
 		An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.2018-05-15not yet calculatedCVE-2017-2815
MISC
ilias -- ilias
 		The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.2018-05-17not yet calculatedCVE-2018-11118
MISC
MISC
MISC
ilias -- ilias
 		Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.2018-05-18not yet calculatedCVE-2018-10306
MISC
MISC
MISC
ilias -- ilias
 		ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.2018-05-17not yet calculatedCVE-2018-11119
MISC
MISC
ilias -- ilias
 		Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.2018-05-17not yet calculatedCVE-2018-11120
MISC
MISC
ilias -- ilias
 		error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.2018-05-18not yet calculatedCVE-2018-10307
MISC
MISC
ilias -- ilias
 		Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.2018-05-17not yet calculatedCVE-2018-11117
MISC
MISC
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.2018-05-18not yet calculatedCVE-2017-18272
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.2018-05-18not yet calculatedCVE-2017-18271
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.2018-05-18not yet calculatedCVE-2017-18273
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.2018-05-18not yet calculatedCVE-2018-11251
CONFIRM
infinispan -- infinispan
 		Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.2018-05-15not yet calculatedCVE-2018-1131
CONFIRM
intel -- configuration_utilities
 		Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service.2018-05-15not yet calculatedCVE-2018-3661
CONFIRM
intel -- graphics_driver
 		Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.2018-05-15not yet calculatedCVE-2018-3611
CONFIRM
intel -- online_connect_access
 		Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access.2018-05-15not yet calculatedCVE-2018-3634
CONFIRM
intelbras -- ncloud_300_devices
 		An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.2018-05-15not yet calculatedCVE-2018-11094
MISC
EXPLOIT-DB
inteno -- iopsys_firmware
 		p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.2018-05-16not yet calculatedCVE-2018-10123
MISC
EXPLOIT-DB
jbig2enc -- jbig2enc
 		jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.2018-05-17not yet calculatedCVE-2018-11230
MISC
jenkins -- jenkins
 		jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).2018-05-15not yet calculatedCVE-2017-2610
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).2018-05-15not yet calculatedCVE-2017-2603
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).2018-05-15not yet calculatedCVE-2017-2602
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).2018-05-15not yet calculatedCVE-2017-2600
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).2018-05-15not yet calculatedCVE-2017-2608
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).2018-05-15not yet calculatedCVE-2017-2613
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.2018-05-15not yet calculatedCVE-2017-2612
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).2018-05-15not yet calculatedCVE-2017-2604
BID
CONFIRM
CONFIRM
CONFIRM
kubernetes -- kubernetes_cri-o
 		Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.2018-05-18not yet calculatedCVE-2018-1000400
MISC
libav -- libav
 		An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.2018-05-17not yet calculatedCVE-2018-11224
MISC
MISC
libav -- libav
 		An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.2018-05-14not yet calculatedCVE-2018-11102
MISC
MISC
libjpeg -- libjpeg
 		An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.2018-05-16not yet calculatedCVE-2018-11212
MISC
libjpeg -- libjpeg
 		An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.2018-05-16not yet calculatedCVE-2018-11213
MISC
libjpeg -- libjpeg
 		An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.2018-05-16not yet calculatedCVE-2018-11214
MISC
libming -- libming
 		The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.2018-05-13not yet calculatedCVE-2018-11017
MISC
libming -- libming
 		The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.2018-05-14not yet calculatedCVE-2018-11095
MISC
MISC
libming -- libming
 		The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.2018-05-14not yet calculatedCVE-2018-11100
MISC
MISC
libming -- libming
 		The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.2018-05-17not yet calculatedCVE-2018-11226
MISC
MISC
libming -- libming
 		The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.2018-05-17not yet calculatedCVE-2018-11225
MISC
MISC
linux -- linux_kernel
 		kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.2018-05-15not yet calculatedCVE-2018-1087
MISC
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
CONFIRM
UBUNTU
DEBIAN
linux -- linux_kernel
 		In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.2018-05-18not yet calculatedCVE-2017-18270
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel
 		The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.2018-05-18not yet calculatedCVE-2018-11232
MISC
MISC
MISC
livezilla -- live_chat
 		chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.2018-05-16not yet calculatedCVE-2018-10810
CONFIRM
medtronic -- n'vision_clinician_programmer
 		Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest.2018-05-18not yet calculatedCVE-2018-8849
CONFIRM
BID
MISC
microsoft -- windows_2012r2_stemcells
 		Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.2018-05-17not yet calculatedCVE-2018-1276
CONFIRM
mimo -- baby_2_devices
 		Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack.2018-05-15not yet calculatedCVE-2018-10825
MISC
misp -- misp
 		app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.2018-05-18not yet calculatedCVE-2018-11245
MISC
moxa -- edr-810An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14434
MISC
moxa -- edr-810
 		An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-12128
MISC
moxa -- edr-810
 		An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-12121
MISC
moxa -- edr-810
 		An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14437
MISC
moxa -- edr-810
 		An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-12125
MISC
moxa -- edr-810
 		An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14433
MISC
moxa -- edr-810
 		An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-12120
MISC
moxa -- edr-810
 		An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.2018-05-14not yet calculatedCVE-2017-12123
MISC
moxa -- edr-810
 		Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14438
MISC
moxa -- edr-810
 		An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-12126
MISC
moxa -- edr-810
 		An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14432
MISC
moxa -- edr-810
 		An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.2018-05-14not yet calculatedCVE-2017-12129
MISC
moxa -- edr-810
 		An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-12124
MISC
moxa -- edr-810
 		A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.2018-05-14not yet calculatedCVE-2017-12127
MISC
moxa -- edr-810
 		An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14436
MISC
moxa -- edr-810
 		Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14439
MISC
moxa -- edr-810
 		An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability.2018-05-14not yet calculatedCVE-2017-14435
MISC
multiple_vendors -- multiple_email_clients
 		The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.2018-05-16not yet calculatedCVE-2017-17689
BID
MISC
MISC
MISC
MISC
CONFIRM
mybb -- mybb
 		MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.2018-05-13not yet calculatedCVE-2018-10678
BID
MISC
mybiz -- myprocurenet
 		An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.2018-05-14not yet calculatedCVE-2018-11090
MISC
MISC
mybiz -- myprocurenet
 		An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server.2018-05-14not yet calculatedCVE-2018-11091
MISC
MISC
nagios -- nagios
 		A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.2018-05-16not yet calculatedCVE-2018-10738
MISC
nagios -- nagios
 		A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.2018-05-16not yet calculatedCVE-2018-10735
MISC
nagios -- nagios
 		A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.2018-05-16not yet calculatedCVE-2018-10737
MISC
nagios -- nagios
 		A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.2018-05-16not yet calculatedCVE-2018-10736
MISC
nessus -- nessus
 		In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.2018-05-18not yet calculatedCVE-2018-1148
SECTRACK
CONFIRM
nessus -- nessus
 		In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.2018-05-18not yet calculatedCVE-2018-1147
SECTRACK
CONFIRM
node.js -- node.js
 		The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.2018-05-17not yet calculatedCVE-2018-7158
CONFIRM
node.js -- node.js
 		The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.2018-05-17not yet calculatedCVE-2018-7159
CONFIRM
node.js -- node.js
 		The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.2018-05-17not yet calculatedCVE-2018-7160
CONFIRM
open_whisper_systems -- signal-desktop
 		Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\DESKTOP-XXXXX\Temp\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).2018-05-17not yet calculatedCVE-2018-11101
FULLDISC
open_whisper_systems -- signal-desktop
 		js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.2018-05-14not yet calculatedCVE-2018-10994
MISC
MISC
MISC
MISC
MISC
openemr -- openemr
 		interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.2018-05-18not yet calculatedCVE-2018-9250
MISC
MISC
pbootcms -- pbootcms
 		An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.2018-05-13not yet calculatedCVE-2018-11018
MISC
pdfparser -- pdfparser
 		The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.2018-05-17not yet calculatedCVE-2018-11128
FULLDISC
phoenix_contact -- fl_switch_products
 		All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).2018-05-17not yet calculatedCVE-2018-10728
CONFIRM
phoenix_contact -- fl_switch_products
 		All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.2018-05-17not yet calculatedCVE-2018-10730
CONFIRM
phoenix_contact -- fl_switch_products
 		All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.2018-05-17not yet calculatedCVE-2018-10729
CONFIRM
phoenix_contact -- fl_switch_products
 		All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).2018-05-17not yet calculatedCVE-2018-10731
CONFIRM
phprap -- phprap
 		PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.2018-05-13not yet calculatedCVE-2018-11032
MISC
phprap -- phprap
 		application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.2018-05-13not yet calculatedCVE-2018-11031
MISC
pivotal -- greenplum_command_center
 		Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.2018-05-11not yet calculatedCVE-2018-1280
BID
CONFIRM
pivotal -- spring_integration_zip
 		Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.2018-05-15not yet calculatedCVE-2018-1263
BID
CONFIRM
pivotal -- spring_integration_zip
 		Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.2018-05-11not yet calculatedCVE-2018-1261
BID
CONFIRM
pivotal -- spring_security_oauth
 		Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.2018-05-11not yet calculatedCVE-2018-1260
BID
CONFIRM
podofo -- podofo
 		An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.2018-05-18not yet calculatedCVE-2018-11254
MISC
podofo -- podofo
 		An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.2018-05-18not yet calculatedCVE-2018-11255
MISC
podofo -- podofo
 		An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.2018-05-18not yet calculatedCVE-2018-11256
MISC
printeron -- printeron_enterprise
 		PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest.2018-05-17not yet calculatedCVE-2018-10326
MISC
printeron -- printeron_enterprise
 		PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.2018-05-17not yet calculatedCVE-2018-10327
MISC
project_pier -- project_pier
 		PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.2018-05-16not yet calculatedCVE-2018-10759
FULLDISC
projectpier -- projectpier
 		Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.2018-05-16not yet calculatedCVE-2018-10760
FULLDISC
qualcomm -- android
 		In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.2018-05-17not yet calculatedCVE-2018-3568
CONFIRM
CONFIRM
qualcomm -- android
 		In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.2018-05-17not yet calculatedCVE-2017-15855
MISC
MISC
qualcomm -- android
 		In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.2018-05-17not yet calculatedCVE-2018-3567
CONFIRM
CONFIRM
qualcomm -- android
 		In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.2018-05-17not yet calculatedCVE-2018-5827
CONFIRM
CONFIRM
red_hat_and_fedora -- red_hat_enterprise_linux_and_fedora
 		DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.2018-05-17not yet calculatedCVE-2018-1111
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
EXPLOIT-DB
rockwell -- automation_arena
 		Rockwell Automation Arena versions 16.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data.2018-05-14not yet calculatedCVE-2018-8843
BID
MISC
schneider_electric -- ampla_mes
 		Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.2018-05-18not yet calculatedCVE-2017-9637
CONFIRM
BID
MISC
schneider_electric -- ampla_mes
 		Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.2018-05-18not yet calculatedCVE-2017-9635
CONFIRM
BID
MISC
schneider_electric -- clearscada
 		In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).2018-05-14not yet calculatedCVE-2017-6021
BID
MISC
shanghai -- 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.2018-05-13not yet calculatedCVE-2018-11034
MISC
EXPLOIT-DB
shanghai -- 2345_security_guard
 		In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.2018-05-13not yet calculatedCVE-2018-11035
MISC
siemens -- simatic_s7-400
 		A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.2018-05-16not yet calculatedCVE-2018-4850
CONFIRM
CONFIRM
sitebridge -- joruri_gw
 		Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0568
JVN
MISC
solarwinds -- serv-uA denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.2018-05-16not yet calculatedCVE-2018-10241
MISC
solarwinds -- serv-u_mftSolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.2018-05-16not yet calculatedCVE-2018-10240
MISC
stream.cc -- stream.cc
 		The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.2018-05-13not yet calculatedCVE-2018-11033
MISC
symantec -- intelligencecenter
 		Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.2018-05-17not yet calculatedCVE-2017-18268
BID
CONFIRM
symantec -- ssl_visibility
 		Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.2018-05-17not yet calculatedCVE-2017-15533
BID
CONFIRM
t-joy -- kinepass
 		The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2018-05-14not yet calculatedCVE-2018-0591
MISC
JVN
MISC

the_squid_software_foundation -- squid

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.2018-05-16not yet calculatedCVE-2018-1172
CONFIRM
MISC
tinyxml2 -- tinyxml2
 		TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so.2018-05-16not yet calculatedCVE-2018-11210
MISC
totemo -- totemomail_encryption_gateway
 		totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack.2018-05-18not yet calculatedCVE-2018-6562
MISC
BUGTRAQ
MISC
upx -- upx
 		PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.2018-05-18not yet calculatedCVE-2018-11243
MISC
MISC
MISC
vcftools -- vcftools
 		The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.2018-05-17not yet calculatedCVE-2018-11129
FULLDISC
vcftools -- vcftools
 		The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file.2018-05-17not yet calculatedCVE-2018-11099
FULLDISC
vcftools -- vcftools
 		The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.2018-05-17not yet calculatedCVE-2018-11130
FULLDISC
wordpress -- wordpress
 		Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0579
JVN
CONFIRM
wordpress -- wordpress
 		The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.2018-05-18not yet calculatedCVE-2018-11244
MISC
CONFIRM
wordpress -- wordpress
 		Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0588
JVN
CONFIRM
wordpress -- wordpress
 		Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0587
JVN
CONFIRM
wordpress -- wordpress
 		There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.2018-05-15not yet calculatedCVE-2018-11105
MISC
MISC
wordpress -- wordpress
 		Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0590
JVN
CONFIRM
wordpress -- wordpress
 		Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0586
JVN
CONFIRM
wordpress -- wordpress
 		Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0589
JVN
CONFIRM
wordpress -- wordpress
 		Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0577
JVN
MISC
wordpress -- wordpress
 		Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0578
JVN
CONFIRM
wordpress -- wordpress
 		Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0585
JVN
CONFIRM
wordpress -- wordpress
 		Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-05-14not yet calculatedCVE-2018-0576
JVN
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


TA18-141A: Side-Channel Vulnerability Variants 3a and 4

May 21, 2018, 1:54 pm
$
0
0
Original release date: May 21, 2018 | Last revised: May 22, 2018

Systems Affected

CPU hardware implementations

Overview

On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems.

Description

Common CPU hardware implementations are vulnerable to the side-channel attacks known as Spectre and Meltdown. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.

Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to

  • Read arbitrary privileged data; and
  • Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

  • Variant 1: Bounds Check Bypass – CVE-2017-5753
  • Variant 2: Branch Target Injection – CVE-2017-5715
  • Variant 3: Rogue Data Cache Load – CVE-2017-5754
  • Variant 3a: Rogue System Register Read – CVE-2018-3640  
  • Variant 4: Speculative Store Bypass – CVE-2018-3639

Impact

Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on affected systems.

Solution

Mitigation

NCCIC recommends users and administrators

  • Refer to their hardware and software vendors for patches or microcode,
  • Use a test environment to verify each patch before implementing, and
  • Ensure that performance is monitored for critical applications and services.
    • Consult with vendors and service providers to mitigate any degradation effects, if possible.
    • Consult with Cloud Service Providers to mitigate and resolve any impacts resulting from host operating system patching and mandatory rebooting, if applicable.

The following table contains links to advisories and patches published in response to the vulnerabilities. This table will be updated as information becomes available.

Link to Vendor InformationDate Added
AMDMay 21, 2018
ARMMay 21, 2018
IntelMay 22, 2018
MicrosoftMay 21, 2018
RedhatMay 21, 2018

References

Revision History

  • May 21, 2018: Initial version
  • May 22, 2018: Added information and link to Intel in table

This product is provided subject to this Notification and this Privacy & Use policy.


Tragedy-Related Scams

May 21, 2018, 4:20 pm
$
0
0
Original release date: May 21, 2018

In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of fraudulent activity, NCCIC encourages users and administrators to review NCCIC's Tips on Using Caution With Email Attachments and Avoiding Social Engineering and Phishing Attacks as well as the Federal Trade Commission's article on Before Giving to a Charity.

This product is provided subject to this Notification and this Privacy & Use policy.


VPNFilter Destructive Malware

May 23, 2018, 6:03 am
$
0
0
Original release date: May 23, 2018

NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols.

VPNFilter has a destructive capability that can make the affected device unusable. Because the malware can be triggered to affect devices individually or multiple devices at once, VPNFilter has the potential to cut off internet access for hundreds of thousands of users.

NCCIC encourages users and administrators to review the Cisco blog post on VPNFilter and NCCIC's Tip on Home Network Security for recommendations and to ensure that their devices are updated with the latest patches. NCCIC will provide updated information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Article on Building a Digital Defense with Credit Reports

May 23, 2018, 1:37 pm
$
0
0
Original release date: May 23, 2018

FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers' credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk.

NCCIC encourages consumers to review the FBI Article and NCCIC's Tip on Preventing and Responding to Identity Theft.

This product is provided subject to this Notification and this Privacy & Use policy.


IRS Warns Tax Professionals of Phishing Scam

May 24, 2018, 4:37 pm
$
0
0
Original release date: May 24, 2018

The Internal Revenue Service (IRS) has issued a news release warning tax professionals to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials. Tax practitioners should be wary of unsolicited emails and forward email phishing attempts related to this scam to phishing@irs.gov.

NCCIC encourages users and administrators to review the IRS news release and NCCIC’s Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Securing Mobile Devices During Summer Travel

May 25, 2018, 10:27 am
$
0
0
Original release date: May 25, 2018

As summer begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

NCCIC encourages users to review the NCCIC Tips on Holiday Traveling with Personal Internet-Enabled DevicesCybersecurity for Electronic Devices, and International Mobile Safety. The suggested security practices in these Tips will help travelers secure their portable devices during the summer travel season and throughout the year.

This product is provided subject to this Notification and this Privacy & Use policy.


TA18-145A: Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

May 25, 2018, 11:22 am
$
0
0
Original release date: May 25, 2018

Systems Affected

  • Small office/home office (SOHO) routers
  • Networked devices
  • Network-attached storage (NAS) devices

Overview

Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.

DHS and FBI encourage SOHO router owners to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by email at CyWatch@fbi.gov. Each submitted report should include as much informaiton as possible, specifically the date, time, location, type of activity, number of people, the type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

Description

The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilter malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices. The initial exploit vector for this malware is currently unknown.

The malware uses a modular functionality on SOHO routers to collect intelligence, exploit LAN devices, and block actor-configurable network traffic. The malware can render a device inoperable, and has destructive functionality across routers, network-attached storage devices, and central processing unit (CPU) architectures running embedded Linux. The command and control mechanism implemented by the malware uses a combination of secure sockets layer (SSL) with client-side certificates for authentication and TOR protocols, complicating network traffic detection and analysis.

Impact

Negative consequences of VPNFilter malware infection include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware.

Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions of firmware, which often contain patches for vulnerabilities.

Rebooting affected devices will cause non-persistent portions of the malware to be removed from the system. Network defenders should ensure that first-stage malware is removed from the devices, and appropriate network-level blocking is in place prior to rebooting affected devices. This will ensure that second stage malware is not downloaded again after reboot.

While the paths at each stage of the malware can vary across device platforms, processes running with the name "vpnfilter" are almost certainly instances of the second stage malware. Terminating these processes and removing associated processes and persistent files that execute the second stage malware would likely remove this malware from targeted devices.

References

Revision History

  • May 25, 2018: Initial Version

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-148: Vulnerability Summary for the Week of May 21, 2018

May 28, 2018, 4:09 am
$
0
0
Original release date: May 28, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
abb -- srea-01
 		In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.2018-05-24not yet calculatedCVE-2017-9664
BID
MISC
accellion -- kitewords
 		Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.2018-05-24not yet calculatedCVE-2017-9421
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4918
BID
SECTRACK
MISC
adobe -- acrobat_and_reader
 		Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4917
BID
SECTRACK
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4941
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4938
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4942
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4940
BID
MISC
adobe -- coldfusion
 		Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-05-19not yet calculatedCVE-2018-4939
BID
MISC
adobe -- connect
 		Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.2018-05-19not yet calculatedCVE-2018-4923
BID
SECTRACK
MISC
adobe -- connect
 		Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4994
BID
SECTRACK
MISC
adobe -- connect
 		Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4921
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop_applicationAdobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4873
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop_application
 		Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.2018-05-19not yet calculatedCVE-2018-4991
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop_application
 		Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4992
BID
SECTRACK
MISC
adobe -- digital_editions
 		Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4925
BID
MISC
adobe -- digital_editions
 		Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4926
BID
MISC
adobe -- dreamweaver_cc
 		Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4924
BID
SECTRACK
MISC
adobe -- experience_manager
 		Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4930
BID
MISC
adobe -- experience_manager
 		Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4931
BID
MISC
adobe -- experience_manager
 		Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4929
BID
MISC
adobe -- flash_playerAdobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4936
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 		Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4920
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4933
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4934
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 		Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4919
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4937
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4944
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4932
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 		Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4935
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- indesign
 		Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4927
BID
MISC
adobe -- indesign
 		Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4928
BID
MISC
adobe -- phonegap_push_plugin
 		Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.2018-05-19not yet calculatedCVE-2018-4943
BID
MISC
apache -- batik
 		In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.2018-05-24not yet calculatedCVE-2018-8013
BID
MLIST
MLIST
CONFIRM
apache -- nifi
 		Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-05-23not yet calculatedCVE-2018-1309
CONFIRM
apache -- nifi
 		Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-05-23not yet calculatedCVE-2018-1310
CONFIRM
apache -- orc
 		In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.2018-05-18not yet calculatedCVE-2018-8015
BID
CONFIRM
apache -- solr
 		This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.2018-05-21not yet calculatedCVE-2018-8010
BID
MISC
apache -- zookeeper
 		No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.2018-05-21not yet calculatedCVE-2018-8012
BID
SECTRACK
MISC
appnitro_software -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411
MISC
MISC
appnitro_software -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410
MISC
MISC
appnitro_software -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409
MISC
MISC
asustor -- as6202t_adm
 		An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.2018-05-21not yet calculatedCVE-2018-11340
MISC
asustor -- as6202t_adm
 		An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.2018-05-21not yet calculatedCVE-2018-11346
MISC
asustor -- as6202t_adm
 		A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.2018-05-21not yet calculatedCVE-2018-11343
MISC
asustor -- as6202t_adm
 		An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system.2018-05-21not yet calculatedCVE-2018-11345
MISC
asustor -- as6202t_adm
 		Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.2018-05-21not yet calculatedCVE-2018-11341
MISC
asustor -- as6202t_adm
 		A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.2018-05-21not yet calculatedCVE-2018-11342
MISC
asustor -- as6202t_adm
 		A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.2018-05-21not yet calculatedCVE-2018-11344
MISC
ati_systems -- emergency_mass_notification_systems
 		In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.2018-05-25not yet calculatedCVE-2018-8862
BID
MISC
ati_systems -- emergency_mass_notification_systems
 		In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.2018-05-25not yet calculatedCVE-2018-8864
BID
MISC
beaconmedaes -- scroll_medical_air_systems
 		In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.2018-05-24not yet calculatedCVE-2018-7526
MISC
beaconmedaes -- scroll_medical_air_systems
 		In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.2018-05-24not yet calculatedCVE-2018-7518
MISC
bearadmin -- bearadmin
 		An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.2018-05-24not yet calculatedCVE-2018-11413
MISC
bearadmin -- bearadmin
 		An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.2018-05-24not yet calculatedCVE-2018-11414
MISC
becton_dickinson_and_company -- bd_kiestra_inoquia_systems
 		A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.2018-05-24not yet calculatedCVE-2018-10593
MISC
CONFIRM
becton_dickinson_and_company -- bd_kiestra_systems
 		A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.2018-05-24not yet calculatedCVE-2018-10595
MISC
CONFIRM
bitdroid -- werewolf_online_app_android
 		The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.2018-05-26not yet calculatedCVE-2018-11505
MISC
citrix -- xenmobile_server
 		There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10653
CONFIRM
citrix -- xenmobile_server
 		There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10652
CONFIRM
citrix -- xenmobile_server
 		There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10654
CONFIRM
citrix -- xenmobile_server
 		There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10648
CONFIRM
citrix -- xenmobile_server
 		There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10650
CONFIRM
citrix -- xenmobile_server
 		There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10649
CONFIRM
citrix -- xenmobile_server
 		There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10651
CONFIRM
ckeditor_5 -- ckeditor_5
 		Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.2018-05-22not yet calculatedCVE-2018-11093
CONFIRM
CONFIRM
clippercms -- clippercms
 		Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.2018-05-24not yet calculatedCVE-2018-11332
MISC
cloudera -- hue
 		Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.2018-05-22not yet calculatedCVE-2015-8094
CONFIRM
CONFIRM
CONFIRM
MISC
cloudfoundry -- cloudfoundry
 		Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.2018-05-23not yet calculatedCVE-2018-1193
CONFIRM
cockpit_project -- cockpit
 		Cockpit 0.5.5 has XSS via a collection, form, or region.2018-05-25not yet calculatedCVE-2018-11471
MISC
codecanyon.net -- easyservice_billing
 		A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445
MISC
codecanyon.net -- easyservice_billing
 		A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444
MISC

codecanyon.net -- easyservice_billing


 		A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442
MISC
codecanyon.net -- easyservice_billing
 		The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443
MISC

codecanyon.net -- horse_market_sell_and_rent_portal_script


 		Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.2018-05-21not yet calculatedCVE-2018-11096
EXPLOIT-DB
cppcms -- cppcms
 		An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module.2018-05-22not yet calculatedCVE-2018-11367
MISC
curl -- curl
 		curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.2018-05-24not yet calculatedCVE-2018-1000301
BID
SECTRACK
CONFIRM
MLIST
UBUNTU
UBUNTU
DEBIAN
curl -- curl
 		curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.2018-05-24not yet calculatedCVE-2018-1000300
BID
SECTRACK
CONFIRM
UBUNTU
d-link -- dsl-3782_router
 		A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.2018-05-23not yet calculatedCVE-2018-8898
MISC
EXPLOIT-DB
dahua_technology-- ip_devices
 		Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.2018-05-23not yet calculatedCVE-2017-9317
CONFIRM
delta_electronics -- industrial_automation_tpeditor
 		In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871
MISC
discount -- discount
 		The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-25not yet calculatedCVE-2018-11468
MISC
discount -- discount
 		The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-26not yet calculatedCVE-2018-11503
MISC
discount -- discount
 		The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-26not yet calculatedCVE-2018-11504
MISC
dolibarr -- dolibarr
 		The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.2018-05-22not yet calculatedCVE-2018-10092
MLIST
CONFIRM
CONFIRM
MISC
dolibarr -- dolibarr
 		SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.2018-05-22not yet calculatedCVE-2018-10094
MLIST
CONFIRM
CONFIRM
MISC
dolibarr -- dolibarr
 		SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.2018-05-22not yet calculatedCVE-2018-9019
CONFIRM
CONFIRM
dolibarr -- dolibarr
 		Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.2018-05-22not yet calculatedCVE-2018-10095
MLIST
CONFIRM
CONFIRM
MISC
domainmod -- domainmod
 		DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.2018-05-24not yet calculatedCVE-2018-11404
MISC
domainmod -- domainmod
 		DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.2018-05-24not yet calculatedCVE-2018-11403
MISC
ethereum -- dimoncoin_token
 		The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.2018-05-24not yet calculatedCVE-2018-11411
MISC
ethereum -- ether_cartel
 		The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.2018-05-22not yet calculatedCVE-2018-11329
MISC
fortinet -- fortios
 		A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.2018-05-24not yet calculatedCVE-2017-14187
SECTRACK
CONFIRM
fortinet -- fortios
 		An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.2018-05-25not yet calculatedCVE-2017-14185
CONFIRM
foxit -- foxit_reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5680.2018-05-24not yet calculatedCVE-2018-5679
MISC
CONFIRM
foxit -- foxit_reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678.2018-05-24not yet calculatedCVE-2018-5676
MISC
CONFIRM
foxit -- foxit_reader
 		An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process.2018-05-24not yet calculatedCVE-2018-7406
MISC
CONFIRM
foxit -- foxit_reader
 		An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.2018-05-24not yet calculatedCVE-2018-7407
MISC
CONFIRM
foxit -- foxit_reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678.2018-05-24not yet calculatedCVE-2018-5674
MISC
CONFIRM
foxit -- foxit_reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679.2018-05-24not yet calculatedCVE-2018-5680
MISC
CONFIRM
foxit -- foxit_reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5679 and CVE-2018-5680.2018-05-24not yet calculatedCVE-2018-5677
MISC
CONFIRM
foxit -- foxit_reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.2018-05-24not yet calculatedCVE-2018-5675
MISC
CONFIRM
foxit -- foxit_reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676.2018-05-24not yet calculatedCVE-2018-5678
MISC
CONFIRM
frappe_technologies -- erpnext
 		An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.2018-05-21not yet calculatedCVE-2018-11339
MISC
MISC
EXPLOIT-DB
ge_automation -- pacssystems
 		In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.2018-05-18not yet calculatedCVE-2018-8867
BID
MISC
giflib -- giflib
 		The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11489
MISC
giflib -- giflib
 		The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11490
MISC
gnome_project -- gnome_web
 		ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.2018-05-23not yet calculatedCVE-2018-11396
CONFIRM
gnu -- gnu_c_library
 		An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.2018-05-18not yet calculatedCVE-2018-11237
BID
MISC
EXPLOIT-DB
gnu -- gnu_c_library
 		stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.2018-05-18not yet calculatedCVE-2018-11236
BID
MISC
MISC
haproxy -- haproxy
 		Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.2018-05-25not yet calculatedCVE-2018-11469
CONFIRM
hawtio -- hawtio
 		hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.2018-05-22not yet calculatedCVE-2017-2617
BID
REDHAT
CONFIRM
hp -- network_operations_management_ultimate
 		SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.2018-05-22not yet calculatedCVE-2018-6493
BID
SECTRACK
CONFIRM
hp -- network_operations_management_ultimate
 		Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.2018-05-22not yet calculatedCVE-2018-6492
BID
SECTRACK
CONFIRM
hp -- service_manager_software_web_tier
 		Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.2018-05-22not yet calculatedCVE-2018-6494
BID
SECTRACK
CONFIRM
huawei -- 1288h_and_288H
 		Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7902
CONFIRM
huawei -- 1288h_and_288H
 		Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7903
CONFIRM
huawei -- 1288h_and_288H
 		Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7904
CONFIRM
huawei -- ibmc
 		The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.2018-05-24not yet calculatedCVE-2018-7942
CONFIRM
huawei -- smart_phones
 		Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.2018-05-24not yet calculatedCVE-2017-17158
CONFIRM
huwaei -- multiple_products
 		Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal.2018-05-24not yet calculatedCVE-2017-17315
CONFIRM
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.2018-05-25not yet calculatedCVE-2018-1452
CONFIRM
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.2018-05-25not yet calculatedCVE-2018-1544
CONFIRM
SECTRACK
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.2018-05-25not yet calculatedCVE-2018-1488
CONFIRM
SECTRACK
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.2018-05-25not yet calculatedCVE-2018-1565
CONFIRM
SECTRACK
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.2018-05-25not yet calculatedCVE-2018-1451
CONFIRM
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.2018-05-25not yet calculatedCVE-2018-1449
CONFIRM
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.2018-05-25not yet calculatedCVE-2018-1459
CONFIRM
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.2018-05-25not yet calculatedCVE-2018-1515
CONFIRM
SECTRACK
XF
ibm -- db2
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045.2018-05-25not yet calculatedCVE-2018-1450
CONFIRM
XF
ibm -- storediq
 		IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331.2018-05-22not yet calculatedCVE-2018-1583
CONFIRM
XF
ibm -- storwize_v7000
 		The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.2018-05-25not yet calculatedCVE-2018-1467
CONFIRM
XF
ibm -- tivoli_application_dependency_discovery_manager
 		IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.2018-05-24not yet calculatedCVE-2013-3023
CONFIRM
XF
ibm -- tivoli_application_dependency_discovery_manager
 		The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.2018-05-24not yet calculatedCVE-2013-3018
CONFIRM
XF
ibm -- urbancode_deploy
 		IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.2018-05-25not yet calculatedCVE-2017-1752
CONFIRM
XF
ibm -- websphere_application_server
 		IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.2018-05-24not yet calculatedCVE-2013-3024
CONFIRM
XF
ilias -- ilias
 		ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.2018-05-23not yet calculatedCVE-2018-10428
MISC
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
MISC
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.2018-05-18not yet calculatedCVE-2017-18273
CONFIRM
MLIST
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.2018-05-18not yet calculatedCVE-2018-11251
CONFIRM
MLIST
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.2018-05-18not yet calculatedCVE-2017-18271
CONFIRM
MLIST
iscripts -- eswap
 		iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.2018-05-22not yet calculatedCVE-2018-11372
MISC
iscripts -- eswap
 		iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.2018-05-22not yet calculatedCVE-2018-11373
MISC
iscripts -- eswap
 		iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.2018-05-25not yet calculatedCVE-2018-11470
MISC
jboss -- jboss_jbossas
 		Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.2018-05-22not yet calculatedCVE-2016-8656
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
jboss -- undertow_web_server
 		In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.2018-05-21not yet calculatedCVE-2018-1067
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
jenkins -- jenkins
 		Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).2018-05-23not yet calculatedCVE-2017-2598
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 		jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.2018-05-22not yet calculatedCVE-2017-2609
BID
CONFIRM
CONFIRM
jenkins -- jenkins
 		jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.2018-05-21not yet calculatedCVE-2017-2607
BID
CONFIRM
jerryscript -- jerryscript
 		An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.2018-05-24not yet calculatedCVE-2018-11418
MISC
jerryscript -- jerryscript
 		An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.2018-05-24not yet calculatedCVE-2018-11419
MISC
joomla! -- joomla!
 		In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.2018-05-22not yet calculatedCVE-2018-6378
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.2018-05-22not yet calculatedCVE-2018-11321
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.2018-05-22not yet calculatedCVE-2018-11323
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.2018-05-22not yet calculatedCVE-2018-11322
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.2018-05-22not yet calculatedCVE-2018-11327
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.2018-05-22not yet calculatedCVE-2018-11325
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.2018-05-22not yet calculatedCVE-2018-11326
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.2018-05-22not yet calculatedCVE-2018-11328
BID
SECTRACK
MISC
joomla! -- joomla!
 		An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.2018-05-22not yet calculatedCVE-2018-11324
BID
SECTRACK
MISC
jpegoptim -- jpegoptim
 		jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-24not yet calculatedCVE-2018-11416
MISC
MISC
k2 -- smartforms
 		Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.2018-05-24not yet calculatedCVE-2018-9920
BUGTRAQ
kemp_technologies -- loadmaster_operating_system_long_term_support
 		A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.2018-05-25not yet calculatedCVE-2018-9091
CONFIRM
kliqqi -- kliqqi
 		Kliqqi 2.0.2 has CSRF in admin/admin_users.php.2018-05-24not yet calculatedCVE-2018-11405
MISC

kubernetes-incubator/cri-o -- kubernetes-incubator/cri-o


 		Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.2018-05-18not yet calculatedCVE-2018-1000400
BID
MISC
liblouis -- liblouis
 		An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-24not yet calculatedCVE-2018-11410
MISC
MISC
liblouis -- liblouis
 		Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.2018-05-25not yet calculatedCVE-2018-11440
MISC
libsass -- libsass
 		A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11499
MISC
linux -- linux_kernelkernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.2018-05-21not yet calculatedCVE-2018-1108
BID
CONFIRM
DEBIAN
linux -- linux_kernel
 		In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.2018-05-24not yet calculatedCVE-2018-11412
MISC
MISC
linux -- linux_kernel
 		The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.2018-05-24not yet calculatedCVE-2018-1000199
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
linux -- linux_kernel
 		In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.2018-05-18not yet calculatedCVE-2017-18270
CONFIRM
BID
CONFIRM
CONFIRM
lizard -- lizard
 		In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.2018-05-26not yet calculatedCVE-2018-11498
MISC
long_range_zip -- long_range_zip
 		In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.2018-05-26not yet calculatedCVE-2018-11496
MISC
magnicomp -- sysinfo
 		MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.2018-05-21not yet calculatedCVE-2018-7268
MISC
BUGTRAQ
MISC
makemytrip.com -- makemytrip_app_android
 		An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.2018-05-20not yet calculatedCVE-2018-11242
MISC
EXPLOIT-DB
mcafee -- data_loss_prevention_endpoint
 		Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.2018-05-25not yet calculatedCVE-2018-6664
SECTRACK
CONFIRM
mcafee -- network_security_management
 		Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.2018-05-25not yet calculatedCVE-2017-3961
CONFIRM
mcafee -- virusscan_enterprise
 		Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.2018-05-25not yet calculatedCVE-2018-6674
BID
SECTRACK
CONFIRM
micro_focus -- client_for_oes
 		The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.2018-05-21not yet calculatedCVE-2018-7687
MISC
MISC
micro_focus -- multiple_products
 		Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).2018-05-23not yet calculatedCVE-2018-6495
SECTRACK
CONFIRM
microsoft -- office
 		A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.2018-05-23not yet calculatedCVE-2018-8176
BID
SECTRACK
CONFIRM
microsoft -- windows
 		A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.2018-05-21not yet calculatedCVE-2018-8142
BID
CONFIRM
monstra -- monstra_cms
 		Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).2018-05-25not yet calculatedCVE-2018-11472
MISC
MISC
monstra -- monstra_cms
 		Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.2018-05-25not yet calculatedCVE-2018-11475
MISC
monstra -- monstra_cms
 		Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.2018-05-25not yet calculatedCVE-2018-11474
MISC
monstra -- monstra_cms
 		Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).2018-05-25not yet calculatedCVE-2018-11473
MISC
MISC
moodle -- moodle
 		An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.2018-05-25not yet calculatedCVE-2018-1133
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1134
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.2018-05-25not yet calculatedCVE-2018-1136
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.2018-05-25not yet calculatedCVE-2018-1137
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1135
CONFIRM
multiple_vendors -- multiple_products
 		Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.2018-05-22not yet calculatedCVE-2018-3639
CONFIRM
BID
SECTRACK
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
EXPLOIT-DB
CONFIRM
CERT-VN
CONFIRM
CERT
multiple_vendors -- multiple_products
 		Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.2018-05-22not yet calculatedCVE-2018-3640
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CISCO
CONFIRM
CERT-VN
CONFIRM
CERT
mupdf -- mupdfIn MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.2018-05-24not yet calculatedCVE-2018-1000040
CONFIRM
MISC
MISC
MISC
MISC
MISC
mupdf -- mupdf
 		In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.2018-05-24not yet calculatedCVE-2018-1000039
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
mupdf -- mupdf
 		In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.2018-05-24not yet calculatedCVE-2018-1000038
CONFIRM
CONFIRM
MISC
mupdf -- mupdf
 		In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.2018-05-24not yet calculatedCVE-2018-1000036
MISC
mupdf -- mupdf
 		In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.2018-05-24not yet calculatedCVE-2018-1000037
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
MISC
mybb -- mybb
 		An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.2018-05-21not yet calculatedCVE-2018-11092
CONFIRM
CONFIRM
EXPLOIT-DB
myscada -- mypro
 		A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.2018-05-20not yet calculatedCVE-2018-11311
MISC
MISC
EXPLOIT-DB
netapp -- oncommand_unified_manager
 		NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.2018-05-24not yet calculatedCVE-2018-5487
CONFIRM
netapp -- oncommand_unified_manager
 		NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.2018-05-24not yet calculatedCVE-2018-5485
CONFIRM
octopus -- deploy
 		In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.2018-05-21not yet calculatedCVE-2018-11320
CONFIRM
opencart -- opencart
 		In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.2018-05-23not yet calculatedCVE-2018-11231
MISC
opencart -- opencart
 		OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.2018-05-26not yet calculatedCVE-2018-11495
MISC
opencart -- opencart
 		The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].2018-05-26not yet calculatedCVE-2018-11494
MISC
openflow -- openflow
 		OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.2018-05-24not yet calculatedCVE-2018-1000155
MISC
osisoft -- pi_coresight
 		PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.2018-05-25not yet calculatedCVE-2017-9641
BID
MISC
CONFIRM
pbootcms -- pbootcms
 		An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.2018-05-22not yet calculatedCVE-2018-11369
MISC
pdfgen -- pdfgen
 		jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.2018-05-22not yet calculatedCVE-2018-11363
MISC
MISC
phpmywind -- phpmywind
 		PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.2018-05-26not yet calculatedCVE-2018-11487
MISC
phpscriptsmall.com -- website_seller_script
 		PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.2018-05-26not yet calculatedCVE-2018-11501
MISC
pluck -- pluck
 		An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.2018-05-21not yet calculatedCVE-2018-11330
MISC
MISC
pluck -- pluck
 		An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.2018-05-21not yet calculatedCVE-2018-11331
MISC
MISC
procps-ng/procps -- procps-ng/procps
 		procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.2018-05-23not yet calculatedCVE-2018-1126
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 		procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.2018-05-23not yet calculatedCVE-2018-1125
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 		procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).2018-05-23not yet calculatedCVE-2018-1123
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 		procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.2018-05-23not yet calculatedCVE-2018-1122
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 		procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.2018-05-23not yet calculatedCVE-2018-1124
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISC
publiccms -- publiccms
 		An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.2018-05-26not yet calculatedCVE-2018-11500
MISC
radare -- radare2
 		The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.2018-05-22not yet calculatedCVE-2018-11384
MISC
MISC
radare -- radare2
 		The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11377
MISC
MISC
MISC
radare -- radare2
 		The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.2018-05-22not yet calculatedCVE-2018-11378
MISC
MISC
radare -- radare2
 		The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.2018-05-22not yet calculatedCVE-2018-11376
MISC
MISC
radare -- radare2
 		The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11375
MISC
MISC
radare -- radare2
 		The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.2018-05-22not yet calculatedCVE-2018-11380
MISC
MISC
radare -- radare2
 		The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.2018-05-22not yet calculatedCVE-2018-11383
MISC
MISC
radare -- radare2
 		The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11381
MISC
MISC
radare -- radare2
 		The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11382
MISC
MISC
radare -- radare2
 		The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.2018-05-22not yet calculatedCVE-2018-11379
MISC
MISC
radio_thermostat -- ct50_and_ct80
 		The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860.2018-05-20not yet calculatedCVE-2018-11315
MISC
readstat -- readstat
 		sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.2018-05-22not yet calculatedCVE-2018-11365
MISC
readstat -- readstat
 		sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.2018-05-22not yet calculatedCVE-2018-11364
MISC
sap -- internet_transaction_server
 		SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.2018-05-24not yet calculatedCVE-2018-11415
MISC
EXPLOIT-DB
simplisafe -- simplisafe_original
 		In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.2018-05-24not yet calculatedCVE-2018-11400
MISC
simplisafe -- simplisafe_original
 		SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.2018-05-24not yet calculatedCVE-2018-11399
MISC
simplisafe -- simplisafe_original
 		SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.2018-05-24not yet calculatedCVE-2018-11402
MISC
simplisafe -- simplisafe_original
 		In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.2018-05-24not yet calculatedCVE-2018-11401
MISC
skycaiji -- skycaiji
 		SkyCaiji 1.2 allows CSRF to add an Administrator user.2018-05-22not yet calculatedCVE-2018-11371
MISC
square_enix -- final_fantasy_xiv
 		ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.2018-05-23not yet calculatedCVE-2018-7295
MISC
trend_micro -- email_encryption_gateway
 		A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10352
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 		An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10355
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 		A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10354
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 		A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10353
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 		A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10351
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 		A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10356
CONFIRM
MISC
trend_micro -- endpoint_application_control
 		A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10357
CONFIRM
MISC
trend_micro -- maximum_security
 		An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6235
CONFIRM
MISC
trend_micro -- maximum_security
 		A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6236
CONFIRM
MISC
trend_micro -- maximum_security
 		A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6233
CONFIRM
MISC
trend_micro -- maximum_security
 		A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6232
CONFIRM
MISC
trend_micro -- maximum_security
 		An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6234
CONFIRM
MISC
trend_micro -- smart_protection_server
 		A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.2018-05-25not yet calculatedCVE-2018-6237
CONFIRM
MISC
trend_micro -- smart_protection_server
 		A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-10350
CONFIRM
MISC

vim-syntastic/syntastic -- vim-syntastic/syntastic


 		Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed.2018-05-20not yet calculatedCVE-2018-11319
MISC
MISC
MISC
vmware -- fusion
 		VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.2018-05-22not yet calculatedCVE-2018-6962
BID
SECTRACK
CONFIRM
vmware -- workstation
 		VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.2018-05-22not yet calculatedCVE-2018-6963
BID
SECTRACK
CONFIRM
windscribe -- windscribe
 		The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.2018-05-25not yet calculatedCVE-2018-11479
MISC
windscribe -- windscribe
 		Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.2018-05-23not yet calculatedCVE-2018-11334
MISC
wireshark -- wireshark
 		In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.2018-05-22not yet calculatedCVE-2018-11358
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.2018-05-22not yet calculatedCVE-2018-11356
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.2018-05-22not yet calculatedCVE-2018-11357
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.2018-05-22not yet calculatedCVE-2018-11355
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.2018-05-22not yet calculatedCVE-2018-11362
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.2018-05-22not yet calculatedCVE-2018-11360
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.2018-05-22not yet calculatedCVE-2018-11359
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.2018-05-22not yet calculatedCVE-2018-11361
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.2018-05-22not yet calculatedCVE-2018-11354
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress
 		init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.2018-05-22not yet calculatedCVE-2018-11366
MISC
MISC
MISC
MISC
wuzhi_cms -- wuzhi_cms
 		An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.2018-05-26not yet calculatedCVE-2018-11493
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

May 29, 2018, 5:18 am
$
0
0
Original release date: May 29, 2018

Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:

  • a remote access tool (RAT), commonly known as Joanap; and
  • a Server Message Block (SMB) worm, commonly known as Brambul.

The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and enable network exploitation. DHS and FBI are distributing these IP addresses and other IOCs to enable network defense and reduce exposure to any North Korean government malicious cyber activity.

This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on how to report incidents. If users or administrators detect activity associated with these malware families, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

See the following links for a downloadable copy of IOCs:

NCCIC conducted analysis on four malware samples and produced a Malware Analysis Report (MAR). MAR-10135536.3 – RAT/Worm examines the tactics, techniques, and procedures observed in the malware. Visit MAR-10135536.3 – HIDDEN COBRA RAT/Worm for the report and associated IOCs.

Description

According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical infrastructure sectors. Users and administrators should review the information related to Joanap and Brambul from the Operation Blockbuster Destructive Malware Report [1] in conjunction with the IP addresses listed in the .csv and .stix files provided within this alert. Like many of the families of malware used by HIDDEN COBRA actors, Joanap, Brambul, and other previously reported custom malware tools, may be found on compromised network nodes. Each malware tool has different purposes and functionalities.

Joanap malware is a fully functional RAT that is able to receive multiple commands, which can be issued by HIDDEN COBRA actors remotely from a command and control server. Joanap typically infects a system as a file dropped by other HIDDEN COBRA malware, which users unknowingly downloaded either when they visit sites compromised by HIDDEN COBRA actors, or when they open malicious email attachments.

During analysis of the infrastructure used by Joanap malware, the U.S. Government identified 87 compromised network nodes. The countries in which the infected IP addresses are registered are as follows:

  • Argentina
  • Belgium
  • Brazil
  • Cambodia
  • China
  • Colombia
  • Egypt
  • India
  • Iran
  • Jordan
  • Pakistan
  • Saudi Arabia
  • Spain
  • Sri Lanka
  • Sweden
  • Taiwan
  • Tunisia

Malware often infects servers and systems without the knowledge of system users and owners. If the malware can establish persistence, it could move laterally through a victim’s network and any connected networks to infect nodes beyond those identified in this alert.

Brambul malware is a brute-force authentication worm that spreads through SMB shares. SMBs enable shared access to files between users on a network. Brambul malware typically spreads by using a list of hard-coded login credentials to launch a brute-force password attack against an SMB protocol for access to a victim’s networks.

Technical Details

Joanap

Joanap is a two-stage malware used to establish peer-to-peer communications and to manage botnets designed to enable other operations. Joanap malware provides HIDDEN COBRA actors with the ability to exfiltrate data, drop and run secondary payloads, and initialize proxy communications on a compromised Windows device. Other notable functions include

  • file management,
  • process management,
  • creation and deletion of directories, and
  • node management.

Analysis indicates the malware encodes data using Rivest Cipher 4 encryption to protect its communication with HIDDEN COBRA actors. Once installed, the malware creates a log entry within the Windows System Directory in a file named mssscardprv.ax. HIDDEN COBRA actors use this file to capture and store victims’ information such as the host IP address, host name, and the current system time.

Brambul

Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.

Analysts suspect the malware targets insecure or unsecured user accounts and spreads through poorly secured network shares. Once the malware establishes unauthorized access on the victim’s systems, it communicates information about victim’s systems to HIDDEN COBRA actors using malicious email addresses. This information includes the IP address and host name—as well as the username and password—of each victim’s system. HIDDEN COBRA actors can use this information to remotely access a compromised system via the SMB protocol.

Analysis of a newer variant of Brambul malware identified the following built-in functions for remote operations:

  • harvesting system information,
  • accepting command-line arguments,
  • generating and executing a suicide script,
  • propagating across the network using SMB,
  • brute forcing SMB login credentials, and
  • generating Simple Mail Transport Protocol email messages containing target host system information.

Detection and Response

This alert’s IOC files provide HIDDEN COBRA IOCs related to Joanap and Brambul. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public. Possible impacts include

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Keep operating systems and software up-to-date with the latest patches. Most attacks target vulnerable applications and operating systems. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of least privilege to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Scan for and remove suspicious email attachments. If a user opens a malicious attachment and enables macros, embedded code will execute the malware on the machine. Enterprises and organizations should consider blocking email messages from suspicious sources that contain attachments. For information on safely handling email attachments, see Using Caution with Email Attachments. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Disable Microsoft’s File and Printer Sharing service, if not required by the user’s organization. If this service is required, use strong passwords or Active Directory authentication. See Choosing and Protecting Passwords for more information on creating strong passwords.
  • Enable a personal firewall on organization workstations and configure it to deny unsolicited connection requests.

Response to Unauthorized Network Access

Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

References

Revision History

  • May 29, 2018: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


North Korean Malicious Cyber Activity

May 29, 2018, 7:08 am
$
0
0
Original release date: May 29, 2018

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

In conjunction with the release of this TA, NCCIC has released a Malware Analysis Report (MAR) that provides analysis on samples of Joanap and Brambul malware.

NCCIC encourages users and administrators to review TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm and MAR-10135536-3 – HIDDEN COBRA RAT/Worm. For more information, visit https://www.us-cert.gov/HiddenCobra.

This product is provided subject to this Notification and this Privacy & Use policy.


AR18-149A: MAR-10135536-3 - HIDDEN COBRA RAT/Worm

May 29, 2018, 9:19 am
$
0
0
Original release date: May 29, 2018

Description

Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise.

This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.

Summary

Description

This submission includes four unique files. The first is an installer for additional malware: a Remote Access Trojan (RAT) and a malicious Dynamic Link Library (DLL) that functions as a Server Message Block (SMB) Worm. The fourth file is another SMB worm in the form of a Windows 32-bit executable.

Both SMB worms attempt to spread locally and to random IP addresses on the public Internet by attempting to brute force vulnerable systems using a built-in list of common passwords. The RAT included with the SMB worm provides the attacker with the ability to deliver additional malware, run local commands, and exfiltrate data.

For a downloadable copy of IOCs see:

Emails (2)

misswang8107@gmail.com

redhat@gmail.com

Submitted Files (4)

077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885 (4731CBAEE7ACA37B596E38690160A7...)

a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717 (scardprv.dll)

ea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781 (Wmmvsvc.dll)

fe7d35d19af5f5ae2939457a06868754b8bdd022e1ff5bdbe4e7c135c48f9a16 (298775B04A166FF4B8FBD3609E7169...)

Findings

077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885

Tags

backdoortrojanworm

Details
Name4731CBAEE7ACA37B596E38690160A749
Size208896 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD54731cbaee7aca37b596e38690160a749
SHA180fac6361184a3e24b33f6acb8688a6b7276b0f2
SHA256077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885
SHA5129fdc1bf087d3e2fa80ff4ed749b11a2b3f863bed7a59850f6330fc1467c38eed052eee0337d2f82f9fe8e145f68199b966ae3c08f7ad1475b665beb8cd29f6d7
ssdeep6144:M6atGpHk4NdSksOBbNUyb4ajb1TWiYW9ebYwtJEGLYMYR4:Msdk4NdSksOv
Entropy7.731026
Antivirus
AVGBackDoor.Generic14.ARHX
AhnlabTrojan/Win32.Npkon
AviraBDS/Joanap.A.11
BitDefenderGen:Variant.Barys.57573
ClamAVWin.Trojan.Agent-1388737
CyrenW32/Zegost.AA.gen!Eldorado
ESETWin32/Scadprv.A trojan
EmsisoftGen:Variant.Barys.57573 (B)
F-secureGen:Variant.Barys.57573
IkarusWorm.Win32.Agent
K7Backdoor ( 04c4b9d11 )
McAfeeW32/FunCash!worm
Microsoft Security EssentialsBackdoor:Win32/Joanap.J!dha
NANOAVTrojan.Win32.Agent.crilzb
Quick HealBackdoor.Joanap
SophosMal/EncPk-AGS
SymantecTrojan.Gen.2
Systweaktrojan.agent
TrendMicroBKDR_JOANAP.AC
TrendMicro House CallBKDR_JOANAP.AC
Vir.IT eXplorerBackdoor.Win32.Generic.ARHX
VirusBlokAdaWorm.Agent
Zillya!Worm.Agent.Win32.3373
nProtectWorm/W32.Agent.208896.AK
Yara Rules
hidden_cobra_consolidated.yararule Enfal_Generic { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "BRAMBUL,JOANAP" MD5_1 = "483B95B1498B615A1481345270BFF87D" MD5_2 = "4731CBAEE7ACA37B596E38690160A749" MD5_3 = "CD60FD107BAACCAFA6C24C1478C345C8" MD5_4 = "298775B04A166FF4B8FBD3609E716945" Info = "Detects Hidden Cobra SMB Worm / RAT" strings: $s0 = {6D737373636172647072762E6178} $s1 = {6E3472626872697138393076393D3032333D30312A2628542D30513332354A314E3B4C4B} $s2 = {72656468617440676D61696C2E636F6D} $s3 = {6D69737377616E673831303740676D61696C2E636F6D} $s4 = {534232755365435632564474} $s5 = {794159334D6559704275415756426341} $s6 = {705641325941774242347A41346167664B6232614F7A4259} $s7 = {AE8591916D586DE4F6FB8EE2F0BBF1F9} $s8 = {F96D5DD36D6D9A87DD6D506D6D6D516D} $s9 = {43616E6E6F74206372656174652072656D6F74652066696C652E} $s10 = {43616E6E6F74206F70656E2072656D6F74652066696C65} $s11 = {663D547D75128D85FCFEFFFF5056} $s12 = {663D547D75128D85FCFEFFFF5056E88C060000E9A9000000663D557D7512} $s13 = {663D567D750F8D85FCFEFFFF5056E891070000EB7C663D577D} $s14 = {3141327A3342347935433678374438773945307624465F754774487349724A71} $s15 = {393032356A6864686F333965686532} condition: ($s0) or ($s1) or ($s2) or ($s3) or ($s4 and $s5 and $s6) or ($s7 and $s8) or ($s9 and $s10 and $s11) or ($s12 and $s13) or ($s14 and $s15) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2011-09-14 01:53:24-04:00
Import Hashe8cd12071a8e823ebc434c8ee3e23203
PE Sections
MD5NameRaw SizeEntropy
bf69e0e64bdafa28b31e3c2134e1d696header40960.658046
27f1df91dc992ababc89460f771a6026.text245766.227301
249e10a4ad0a58c3db84eb2f69db5db5.rdata40964.367702
88b5582d4d361c92e9234abf0942ed9e.data40962.546586
a18b7869b3bfd4a2ef0d03c96fa09221.rsrc1720327.969250
Packers/Compilers/Cryptors
Installer VISE Custom
Process List
ProcessPIDPPID
077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885.exe2628(2588)
Relationships
077d9e0e12...Droppeda1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717
077d9e0e12...Droppedea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781
Description

This 32-bit Windows executable file drops two malicious applications.

The first (a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717) is a fully functioning RAT.

The second application (ea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781) is a SMB worm that will spread to local subnets and external networks.

a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717

Tags

backdoorbottrojanworm

Details
Namescardprv.dll
Size77824 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD54613f51087f01715bf9132c704aea2c2
SHA16b1ddf0e63e04146d68cd33b0e18e668b29035c4
SHA256a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717
SHA51237fa5336d1554557250e4a3bcb4ccfca79f4873264cb161dee340d35a2f8f17f7853fe942809bb343ac1eae0a37122b5e8fd703a9b820ec96abb65c8327c1b6a
ssdeep768:qtT2AxNtcgpqLepcy2y6/chYdP8KuSFM+Cs5CBaho9S4AJKqBz8MZdVsrQVBnVGa:qwONtBqL1dDMrs5CN9S4A3HOYBnVL
Entropy6.138177
Antivirus
AVGAgent3.BAPF
AhnlabTrojan/Win32.Dllbot
AviraTR/Gendal.6762100
BitDefenderGen:Variant.Graftor.Elzob.3935
ClamAVWin.Trojan.Agent-1388765
ESETa variant of Win32/Scadprv.A trojan
EmsisoftGen:Variant.Graftor.Elzob.3935 (B)
F-secureGen:Variant.Graftor.Elzob.3935
IkarusWorm.Win32.Agent
K7Trojan ( 0001659c1 )
McAfeeW32/FunCash!worm
Microsoft Security EssentialsBackdoor:Win32/Joanap.B!dha
NANOAVTrojan.Win32.Agent.cwccco
Quick HealBackdoor.Duzzer.A5
SophosMal/Generic-L
SymantecBackdoor.Joanap
Systweakmalware.gen-20120501
TrendMicroBKDR_JOANAP.AC
TrendMicro House CallBKDR_JOANAP.AC
Vir.IT eXplorerTrojan.Win32.Agent3.BAPF
VirusBlokAdaWorm.Agent
Zillya!Worm.Agent.Win32.5702
nProtectWorm/W32.Agent.77824.CJ
Yara Rules
hidden_cobra_consolidated.yararule Enfal_Generic { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "BRAMBUL,JOANAP" MD5_1 = "483B95B1498B615A1481345270BFF87D" MD5_2 = "4731CBAEE7ACA37B596E38690160A749" MD5_3 = "CD60FD107BAACCAFA6C24C1478C345C8" MD5_4 = "298775B04A166FF4B8FBD3609E716945" Info = "Detects Hidden Cobra SMB Worm / RAT" strings: $s0 = {6D737373636172647072762E6178} $s1 = {6E3472626872697138393076393D3032333D30312A2628542D30513332354A314E3B4C4B} $s2 = {72656468617440676D61696C2E636F6D} $s3 = {6D69737377616E673831303740676D61696C2E636F6D} $s4 = {534232755365435632564474} $s5 = {794159334D6559704275415756426341} $s6 = {705641325941774242347A41346167664B6232614F7A4259} $s7 = {AE8591916D586DE4F6FB8EE2F0BBF1F9} $s8 = {F96D5DD36D6D9A87DD6D506D6D6D516D} $s9 = {43616E6E6F74206372656174652072656D6F74652066696C652E} $s10 = {43616E6E6F74206F70656E2072656D6F74652066696C65} $s11 = {663D547D75128D85FCFEFFFF5056} $s12 = {663D547D75128D85FCFEFFFF5056E88C060000E9A9000000663D557D7512} $s13 = {663D567D750F8D85FCFEFFFF5056E891070000EB7C663D577D} $s14 = {3141327A3342347935433678374438773945307624465F754774487349724A71} $s15 = {393032356A6864686F333965686532} condition: ($s0) or ($s1) or ($s2) or ($s3) or ($s4 and $s5 and $s6) or ($s7 and $s8) or ($s9 and $s10 and $s11) or ($s12 and $s13) or ($s14 and $s15) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2011-09-14 01:38:38-04:00
Import Hashf6f7b2e00921129d18061822197111cd
PE Sections
MD5NameRaw SizeEntropy
c745765d5ae0458d76c721b8a82eca52header40960.763991
f16ff24a6d95e0e0711eccae4283bbe5.text409606.506011
b89bb8a288d739a27d7021183336413c.rdata204806.655349
fcd7ede94211c9d653bd8cc776feb8be.data40964.326483
56dc69f697f36158eefefdde895f39b6.rsrc40960.613739
20601cf5d6aecb9837dcc1747847c5a2.reloc40964.068756
Packers/Compilers/Cryptors
Microsoft Visual C++ 6.0 DLL
Relationships
a1c483b0ee...Dropped_By077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885
Description

This 32-bit Windows DLL is written to disk and then loaded by the file "4731CBAEE7ACA37B596E38690160A749".

This malware has been identified as a RAT, providing a remote actor with the ability to exfiltrate data, drop and run secondary payloads, and provide proxy capabilities on a compromised Windows device. The malware binds to port 443 and listens for incoming connections from a remote operator, using the Rivest Cipher 4 (RC4) encryption algorithm to protect communications with its Command and Control (C2).

The malware also creates a log entry in a file named “mssscardprv.ax”, located in the %WINDIR%\system32 folder. The log entry includes the victim's Internet Protocol (IP) address, host name, and current system time.

ea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781

Tags

backdoorbottrojanworm

Details
NameWmmvsvc.dll
Size91664 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5e86c2f4fc88918246bf697b6a404c3ea
SHA19b7609349a4b9128b9db8f11ac1c77728258862c
SHA256ea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781
SHA512f6097c66a526ba7a3c918b1c7fccae03c812046d642a4adb62ee7a24cbcee889c0348020ae7e2e82ee3f284b311f049ed596edb22b90153cadc11c646d4f9a45
ssdeep768:9eY/pEwKWcwP/bY4XxlGLup3Tq1LpDLJkDcw3f9zj:MitnU4viJJDw3Z
Entropy3.156854
Antivirus
AVGPSW.Generic9.ACQQ
AhnlabTrojan/Win32.Dllbot
AviraBDS/Joanap.A.8
BitDefenderGen:Variant.Symmi.49274
ClamAVWin.Trojan.Agent-1388727
CyrenW32/Trojan.WXKV-0327
ESETa variant of Win32/Agent.NJF worm
EmsisoftGen:Variant.Symmi.49274 (B)
F-secureGen:Variant.Symmi.49274
IkarusWorm.Win32.Agent
K7Trojan ( 00515bda1 )
McAfeeGeneric PWS.tr
Microsoft Security EssentialsBackdoor:Win32/Joanap.A!dha
NANOAVTrojan.Win32.Agent.cqilax
NetGateTrojan.Win32.Malware
Quick HealBackdoor.Joanap
SophosMal/Generic-L
SymantecW32.Brambul
Vir.IT eXplorerTrojan.Win32.Generic.ACQQ
VirusBlokAdaWorm.Agent
Zillya!Worm.Agent.Win32.3549
nProtectWorm/W32.Agent.91664
Yara Rules
hidden_cobra_consolidated.yararule Enfal_Generic { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "BRAMBUL,JOANAP" MD5_1 = "483B95B1498B615A1481345270BFF87D" MD5_2 = "4731CBAEE7ACA37B596E38690160A749" MD5_3 = "CD60FD107BAACCAFA6C24C1478C345C8" MD5_4 = "298775B04A166FF4B8FBD3609E716945" Info = "Detects Hidden Cobra SMB Worm / RAT" strings: $s0 = {6D737373636172647072762E6178} $s1 = {6E3472626872697138393076393D3032333D30312A2628542D30513332354A314E3B4C4B} $s2 = {72656468617440676D61696C2E636F6D} $s3 = {6D69737377616E673831303740676D61696C2E636F6D} $s4 = {534232755365435632564474} $s5 = {794159334D6559704275415756426341} $s6 = {705641325941774242347A41346167664B6232614F7A4259} $s7 = {AE8591916D586DE4F6FB8EE2F0BBF1F9} $s8 = {F96D5DD36D6D9A87DD6D506D6D6D516D} $s9 = {43616E6E6F74206372656174652072656D6F74652066696C652E} $s10 = {43616E6E6F74206F70656E2072656D6F74652066696C65} $s11 = {663D547D75128D85FCFEFFFF5056} $s12 = {663D547D75128D85FCFEFFFF5056E88C060000E9A9000000663D557D7512} $s13 = {663D567D750F8D85FCFEFFFF5056E891070000EB7C663D577D} $s14 = {3141327A3342347935433678374438773945307624465F754774487349724A71} $s15 = {393032356A6864686F333965686532} condition: ($s0) or ($s1) or ($s2) or ($s3) or ($s4 and $s5 and $s6) or ($s7 and $s8) or ($s9 and $s10 and $s11) or ($s12 and $s13) or ($s14 and $s15) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2011-09-14 11:42:30-04:00
Import Hashf0087d7b90876a2769f2229c6789fcf3
Company NameMicrosoft Corporation
File DescriptionMicrosoft XML Encoder/Transcoder
Internal Namexpsshrm.dll
Legal Copyright© Microsoft Corporation. All rights reserved.
Original Filenamexpsshrm.dll
Product NameMicrosoft® Windows Media Services
Product Version9.00.00.4503
PE Sections
MD5NameRaw SizeEntropy
037e97300efd533dd48d334d30bdc408header40960.759334
4b5019185bb0b82273442dae3f15f105.text245766.083997
9e5a1cfda72f8944cd5e35e33a2a73b0.rdata40963.267725
47982ac1b20cac03adcfd62f5881b79c.data491521.087883
b971ab49349a660c70cb6987b7fb3ed3.rsrc40961.140488
ad5750c9584c0eba32643810ab6e8a53.reloc40962.515288
Packers/Compilers/Cryptors
Microsoft Visual C++ 6.0 DLL
Relationships
ea46ed5aed...Dropped_By077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885
ea46ed5aed...Connected_Toredhat@gmail.com
ea46ed5aed...Connected_Tomisswang8107@gmail.com
Description

This file is a malicious 32-bit Windows DLL that is written to disk then loaded by the file "4731CBAEE7ACA37B596E38690160A749".

When executed, the DLL attempts to contact all of the Internet Protocol (IP) addresses on the victim's local subnet. If the malware is able to connect to these IP addresses, it will attempt to gain unauthorized access via the SMB protocol on port 445 using a brute-force password attack. The malware contains an embedded password list consisting of commonly used passwords and generates random external IP addresses, which it attempts to attack.

If the malware successfully gains access to another system, it will send an email containing the system's IP address, hostname, username, and password to the following addresses:

--Begin email addresses--
redhat@gmail.com
misswang8107@gmail.com
--End email addresses--

The malware uses the victim's system folder to create a shared folder named "adnim$" by running the following commands via a remotely run service:

--Begin commands utilized to create SMB share--
cmd.exe /q /c net share adnim$=%SystemRoot%
cmd.exe /q /c net share adnim$=%%SystemRoot%% /GRANT:%s,FULL
--End commands utilized to create SMB share--

The malware will then copy itself to newly created shared folder as a file named "mssscardprv.ax". After copying the malware to the new system it then runs the file on the victim system using a malicious service. The adnim$ share will then be deleted from the remote system using the following command:

--Begin command used to delete share--
'cmd.exe /q /c net share adnim$ /delete'
--End command used to delete share--

The malware determines if Remote Desktop Protocol (RDP) is enabled by attempting to connect to port 3389. If it is able to connect to this port, the malware will report RDP is available on the compromised system. This information is provided to the operator using the malicious email address provided earlier.

This malware can communicate with the RAT identified as "scardprv.dll" (4613f51087f01715bf9132c704aea2c2). The communication is protected with the Rivest Cipher 4 (RC4) encryption protocol. When attempting to propagate, the malware uses the following three usernames combined with a password brute-force attack:

--Begin malicious usernames used by SMB worm--
Administrateur
Administrador
Administrator
--End malicious usernames used by SMB worm--

Although the malware uses numerous embedded passwords in its brute force attacks, within our environment the malware consistently used the following "Lan Manager Response" in its SMB attacks:

--Begin static Lan Manager response--
8C15084FA541079A000000000000000000
--End static Lan Manager response--

This hexadecimal value may be useful in detecting this worm as it communicates over port 445 and attempts to spread. Specifically, when the malware attempts to run a remote service to create the "adnim$" share, the following network traffic is generated:

--Begin network signature--
ASCII: cmd.exe /q /c net share adnim$=%SystemRoot% /GRANT:Administrator,FULL
HEX: 636D642E657865202F71202F63206E65742073686172652061646E696D243D2553797374656D526F6F7425202F4752414E543A41646D696E6973747261746F722C46554C4C
--End network signature--

fe7d35d19af5f5ae2939457a06868754b8bdd022e1ff5bdbe4e7c135c48f9a16

Tags

backdoortrojanworm

Details
Name298775B04A166FF4B8FBD3609E716945
Size86016 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD5298775b04a166ff4b8fbd3609e716945
SHA12e0f666831f64d7383a11b444e2c16b38231f481
SHA256fe7d35d19af5f5ae2939457a06868754b8bdd022e1ff5bdbe4e7c135c48f9a16
SHA512adc9bb5a2116134ddf57d1b1765d5981c55828aa8c6719964b0e2eeb6c9068a2acaa98c2e03227a406a4fbfa2f007f5eb9f57a61e3749b8eb0d73b1881328fbf
ssdeep768:i+cDn8nAQ5Toz4c0+u5jrdXs+W+aCNkiC8xeC3cs:i+M8ndTozOn5jxF/US0s
Entropy2.873816
Antivirus
ClamAVWin.Trojan.Agent-1388727
ESETa variant of Win32/Agent.NVC worm
McAfeeGenericRXCB-TI!298775B04A16
Microsoft Security EssentialsBackdoor:Win32/Joanap.A!dha
SymantecHeur.AdvML.B
Yara Rules
hidden_cobra_consolidated.yararule Enfal_Generic { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "BRAMBUL,JOANAP" MD5_1 = "483B95B1498B615A1481345270BFF87D" MD5_2 = "4731CBAEE7ACA37B596E38690160A749" MD5_3 = "CD60FD107BAACCAFA6C24C1478C345C8" MD5_4 = "298775B04A166FF4B8FBD3609E716945" Info = "Detects Hidden Cobra SMB Worm / RAT" strings: $s0 = {6D737373636172647072762E6178} $s1 = {6E3472626872697138393076393D3032333D30312A2628542D30513332354A314E3B4C4B} $s2 = {72656468617440676D61696C2E636F6D} $s3 = {6D69737377616E673831303740676D61696C2E636F6D} $s4 = {534232755365435632564474} $s5 = {794159334D6559704275415756426341} $s6 = {705641325941774242347A41346167664B6232614F7A4259} $s7 = {AE8591916D586DE4F6FB8EE2F0BBF1F9} $s8 = {F96D5DD36D6D9A87DD6D506D6D6D516D} $s9 = {43616E6E6F74206372656174652072656D6F74652066696C652E} $s10 = {43616E6E6F74206F70656E2072656D6F74652066696C65} $s11 = {663D547D75128D85FCFEFFFF5056} $s12 = {663D547D75128D85FCFEFFFF5056E88C060000E9A9000000663D557D7512} $s13 = {663D567D750F8D85FCFEFFFF5056E891070000EB7C663D577D} $s14 = {3141327A3342347935433678374438773945307624465F754774487349724A71} $s15 = {393032356A6864686F333965686532} condition: ($s0) or ($s1) or ($s2) or ($s3) or ($s4 and $s5 and $s6) or ($s7 and $s8) or ($s9 and $s10 and $s11) or ($s12 and $s13) or ($s14 and $s15) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2018-01-05 01:22:45-05:00
Import Hash9f298eba36baa47b98a60cf36fdb2301
PE Sections
MD5NameRaw SizeEntropy
8a5b06109c3bd4323fa3318f9874d529header40960.703885
413f30d4d86037b75958b45b9efbe1de.text204806.302858
82b41fefc9aa74a2430f1421fd5fe5b3.rdata40963.748024
b6f17870ca5f45d4c75e18024e6e1180.data532481.067897
cda5ef1038742e5ef46b9cfa269b0434.rsrc40960.608792
Packers/Compilers/Cryptors
Microsoft Visual C++ v6.0
Process List
ProcessPIDPPID
fe7d35d19af5f5ae2939457a06868754b8bdd022e1ff5bdbe4e7c135c48f9a16.exe2436(2408)
Description

This file is a malicious 32-bit Windows executable file designed to scan the local network and the Internet for machines that are accessible and have open SMB ports. Once the malware gains access to a remote machine, it will deliver a malicious payload. This file accepts the following command-line arguments for execution:

--Begin arguments--
-i ==> Create service
-u ==> Control and delete service
-s ==> Start service
-r ==> Run not as a service
-k ==> ControlService
--End arguments--


When executed with the "-i" argument, the malware installs and executes itself as the following service:

--Begin service information--
ServiceName = "RdpCertification"
DisplayName = "Remote Desktop Certification Services"
DesiredAccess = SERVICE_ALL_ACCESS
ServiceType = SERVICE_WIN32_OWN_PROCESS|SERVICE_INTERACTIVE_PROCESS
StartType = SERVICE_AUTO_START
BinaryPathName = "%current directory%\298775B04A166FF4B8FBD3609E716945.exe"
--End service information--


The malware creates a mutual exclusion (Mutex) object named "PlatFormSDK20150201", then generates a list of IP addresses using a domain generation algorithm (DGA). The DGA uses the system time in the algorithm to create the list of IP addresses.

It generates network traffic over Transmission Control Protocol (TCP) ports 80 and 445 via the victims' IP addresses and the generated IP addresses.

Sample HTTP request:

--Begin HTTP request--
OPTIONS / HTTP/1.1
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/5.1.2600
Host: 159.154.100.0
Content-Length: 0
Connection: Keep-Alive
--End HTTP request--

Once successfully connected to other Windows hosts or the generated IP addresses using port 445, the malware attempts to use a hard-coded list of passwords for SMB connections. If the password is correctly guessed, a file share is established. The malware uses the following methods to access shares on the remote systems:

To gain access to remote systems it uses ($IPC) share via “\\remote system IP\$IPC”
It checks for existing shares by using “\\hostname\adnim$\system32”

It will create a new share named "adnim$" using the following command:

--Begin new share command--
“cmd.exe /q /c net share adnim$=%SystemRoot%”
“cmd.exe /q /c net share adnim$=%%SystemRoot%% /GRANT:%s,FULL”
--End new share command—


Once a file share is successfully established, the malware uploads a copy of a payload "C:\WINDOWS\TEMP\TMP1.tmp" and installs it as a service. The malware payload that is uploaded and then run on the newly infected host was not available at the time of analysis.

The remote network share is removed after infection using the following command:

--Begin command--
“cmd.exe /q /c net share adnim$ /delete”
--End command--

Once the payload has been uploaded and executed, the malware uses Simple Mail Transfer Protocol (SMTP) to send collected data. The data provides infection status to a remote operator.

Displayed below are the domain names of the service providers used to send data:

--Begin SMTP domain information--
"www.hotmail.com"
--End SMTP domain information--

Displayed is the structure of the email sent:

--Begin email structure format--
SUBJECT: %s%s%s
TO: Joana <%s>%s
FROM: <%s>%s
DATA%s
RCPT TO: <%s>%s
MAIL FROM: <%s>%s
AUTH LOGIN%s
HELO %s%s
--End email structure format--


Displayed is a list of brute force passwords used to establish connections:

--Begin brute force password--
!@#$
!@#$%
!@#$%^
!@#$%^&
!@#$%^&*
!@#$%^&*()
"KGS!@#$%"
0000
00000
000000
00000000
1111
11111
111111
11111111
11122212
1212
121212
123123
123321
1234
12345
123456
1234567
12345678
123456789
123456^%$#@!
1234qwer
123abc
123asd
123qwe
1313
1q2w3e
1q2w3e4r
1qaz2wsx
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
4321
54321
654321
6969
666666
7777
8888
88888
888888
8888888
88888888
Admin
abc123
abc@123
abcd
admin
admin123
admin!23
admin!@#
administrator
administrador
asdf
asdfg
asdfgh
asdf123
asdf!23
baseball
backup
blank
cisco
compaq
control
computer
cookie123
database
dbpassword
db1234
default
dell
enable
fish
foobar
gateway
guest
golf
harley
home
iloveyou
internet
letmein
Login
login
love
manager
oracle
owner
pass
passwd
password
p@ssword
password1
password!
passw0rd
Password1
pa55w0rd
pw123
q1w2e3
q1w2e3r4
q1w2e3r4t5
q1w2e3r4t5y6
qazwsx
qazwsxedc
qwer
qwert
qwerty
!QAZxsw2
root
secret
server
sqlexec
shadow
super
sybase
temp
temp123
test
test!
test1
test123
test!23
winxp
win2000
win2003
Welcome1
Welcome123
xxxx
yxcv
zxcv
Administrator
Admin
--End brute force password--

redhat@gmail.com

Details
Addressredhat@gmail.com
Relationships
redhat@gmail.comConnected_Fromea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781

misswang8107@gmail.com

Details
Addressmisswang8107@gmail.com
Relationships
misswang8107@gmail.comConnected_Fromea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781

Relationship Summary

077d9e0e12...Droppeda1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717
077d9e0e12...Droppedea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781
a1c483b0ee...Dropped_By077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885
ea46ed5aed...Dropped_By077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885
ea46ed5aed...Connected_Toredhat@gmail.com
ea46ed5aed...Connected_Tomisswang8107@gmail.com
redhat@gmail.comConnected_Fromea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781
misswang8107@gmail.comConnected_Fromea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781

Recommendations

NCCIC would like to remind users and administrators to consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumbdrives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate ACLs.

Additional information on malware incident prevention and handling can be found in NIST's Special Publication 800-83, Guide to Malware Incident Prevention & Handling for Desktops and Laptops.

Contact Information

NCCIC continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact US-CERT and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the NCCIC at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to NCCIC? Malware samples can be submitted via three methods:

NCCIC encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on the NCCIC/US-CERT homepage at www.us-cert.gov.

Revisions

  • May 29, 2018: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

May 29, 2018, 4:58 pm
$
0
0
Original release date: May 29, 2018

Google has released Chrome version 67.0.3396.62 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Apple Releases Security Updates

June 1, 2018, 2:30 pm
$
0
0
Original release date: June 01, 2018

Apple has released a security update for macOS High Sierra and supplemental updates for Sierra and El Capitan to address multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Apple security page for macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-155: Vulnerability Summary for the Week of May 28, 2018

June 4, 2018, 5:16 am
$
0
0
Original release date: June 04, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info

1000ch -- dwebp-bin


 		dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10633
MISC

aerospike -- aerospike-client-nodejs


 		aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10558
MISC
air-sdk -- air-sdk
 		air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10603
MISC
airbrake -- node-airbrake
 		The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.2018-05-31not yet calculatedCVE-2016-10530
MISC
MISC
alexyoung -- jadedown
 		jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2016-10520
MISC
andzdroid -- paypal-ipn
 		paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.2018-05-29not yet calculatedCVE-2014-10067
MISC
MISC
appgyver -- steroids
 		Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10581
MISC

appium -- appium-chromedriver


 		appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10557
MISC
apple -- safari
 		webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash.2018-06-01not yet calculatedCVE-2018-11646
MISC
MISC
appnitro -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411
MISC
EXPLOIT-DB
MISC

arian -- selenium-wrapper


 		selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10628
MISC

arrayfire -- arrayfire-js


 		arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10598
MISC
artifex -- ghostscript
 		psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.2018-06-01not yet calculatedCVE-2018-11645
MISC
MISC

artiomshapovalov -- tomita-parser


 		tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10666
MISC
arve0 -- node-geoip-country
 		geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10568
MISC
atob -- atob
 		atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.2018-05-29not yet calculatedCVE-2018-3745
MISC
auth0 -- node-jsonwebtokenIn jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).2018-05-29not yet calculatedCVE-2015-9235
MISC
MISC
MISC
MISC

barretts -- node-iedriver


 		iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10562
MISC

bem-archive -- imageoptim


 		imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10596
MISC

bionode -- bionode-sra


 		bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10613
MISC
bitmain -- antminer_d3_and_l3+_and_s9_devices
 		Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.2018-05-31not yet calculatedCVE-2018-11220
EXPLOIT-DB

bloodaxe -- npm-native-opencv

native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10658
MISC

bluesmoon -- node-geoip


 		adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.2018-05-29not yet calculatedCVE-2016-10680
MISC
bmw -- multiple_vehiclesThe Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9318
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.2018-05-31not yet calculatedCVE-2018-9322
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.2018-05-31not yet calculatedCVE-2018-9313
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9320
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9312
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.2018-05-31not yet calculatedCVE-2018-9314
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9311
BID
MISC
MISC

broccoli -- broccoli


 		broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10635
MISC
brother -- hl-l2340d_and_hl-l2380dw_series_printers
 		Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.2018-06-01not yet calculatedCVE-2018-11581
MISC

bulain -- grunt-webdriver-qunit


 		grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10606
MISC

caspervonb -- bitty


 		Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.2018-05-31not yet calculatedCVE-2016-10561
MISC
clippercms -- clippercms
 		ClipperCMS 1.3.3 allows Session Fixation.2018-05-30not yet calculatedCVE-2018-11571
MISC
clippercms -- clippercms
 		ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.2018-05-30not yet calculatedCVE-2018-11572
MISC
cloudcmd -- console-io
 		console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.2018-05-31not yet calculatedCVE-2016-10532
MISC
cmseasy -- cmseasy
 		An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.2018-06-02not yet calculatedCVE-2018-11679
MISC
MISC
cmseasy -- cmseasy
 		An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.2018-06-02not yet calculatedCVE-2018-11680
MISC
cnpm -- node-operadriver
 		operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10565
MISC
cobalt-cli -- cobalt-cli
 		cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10597
MISC
codecanyon.net -- easyservice_billing
 		The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 		A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 		A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 		A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442
MISC
EXPLOIT-DB
coderaiser -- node-restafary
 		restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.2018-05-31not yet calculatedCVE-2016-10528
MISC

connected-web -- product-monitor


 		product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10567
MISC
creatiwity -- witycms
 		Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.2018-05-28not yet calculatedCVE-2018-11512
MISC
MISC
EXPLOIT-DB
cscms -- cscms
 		An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.2018-05-29not yet calculatedCVE-2018-11527
MISC

dalekjs -- dalek-browser-chrome

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10604
MISC
dalekjs -- dalek-browser-chrome-canary
 		dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10584
MISC
dalekjs -- dalek-browser-ie
 		dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10605
MISC

dalekjs -- dalek-browser-ie


 		dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10612
MISC

danielcardoso -- html-pages


 		The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.2018-05-29not yet calculatedCVE-2018-3744
MISC
MISC
danielfm -- jshamcrestjshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.2018-05-31not yet calculatedCVE-2016-10521
MISC
dataiku -- dataiku_dss
 		The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.2018-05-28not yet calculatedCVE-2018-10732
MISC
MISC

davidmarkclements -- install-nw


 		install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10566
MISC
dchem -- node-ibapi
 		ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10593
MISC
dcodeio -- closurecompiler.js
 		closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10582
MISC

ddopson -- node-sauce-connect


 		sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10599
MISC
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 		Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.2018-05-29not yet calculatedCVE-2018-1241
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 		Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.2018-05-29not yet calculatedCVE-2018-1235
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 		Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.2018-05-29not yet calculatedCVE-2018-1242
FULLDISC
BID
delta_electronics -- automation_tpeditor
 		In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871
BID
MISC
dirtyhairy -- node-libxl
 		libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10585
MISC
domainmod -- domainmod
 		DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.2018-05-30not yet calculatedCVE-2018-11559
MISC
domainmod -- domainmod
 		DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.2018-05-30not yet calculatedCVE-2018-11558
MISC
dtao -- fancy-server
 		Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.2018-05-31not yet calculatedCVE-2014-10066
MISC
dtsearch -- dtsearch
 		A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.2018-05-29not yet calculatedCVE-2018-11488
MISC
MISC
MISC
dwyl -- hapi-auth-jwt2
 		When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.2018-05-29not yet calculatedCVE-2016-10525
MISC
MISC
MISC
electron-userland -- electron-packager
 		electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.2018-05-31not yet calculatedCVE-2016-10534
MISC
MISC
ems_software -- ems_master_calendar
 		Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.2018-06-01not yet calculatedCVE-2018-11628
MISC
MISC

eosio -- eos

An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.2018-05-29not yet calculatedCVE-2018-11548
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.2018-05-31not yet calculatedCVE-2018-11598
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.2018-05-31not yet calculatedCVE-2018-11592
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.2018-05-31not yet calculatedCVE-2018-11593
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.2018-05-31not yet calculatedCVE-2018-11594
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.2018-05-31not yet calculatedCVE-2018-11596
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.2018-05-31not yet calculatedCVE-2018-11597
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.2018-05-31not yet calculatedCVE-2018-11595
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.2018-05-31not yet calculatedCVE-2018-11591
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.2018-05-31not yet calculatedCVE-2018-11590
MISC
MISC
MISC

eversport -- node-unicodetable

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10578
MISC
exiv2 -- exiv2
 		Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.2018-05-29not yet calculatedCVE-2018-11531
CONFIRM
f5 -- big-ip
 		A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.2018-06-01not yet calculatedCVE-2018-5525
SECTRACK
CONFIRM
f5 -- big-ip
 		Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.2018-06-01not yet calculatedCVE-2018-5524
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue.2018-06-01not yet calculatedCVE-2018-5513
SECTRACK
CONFIRM
f5 -- big-ip
 		Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.2018-06-01not yet calculatedCVE-2018-5526
SECTRACK
CONFIRM
f5 -- big-ip
 		Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.2018-06-01not yet calculatedCVE-2017-6153
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.2018-06-01not yet calculatedCVE-2018-5521
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.2018-06-01not yet calculatedCVE-2018-5523
SECTRACK
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.2018-06-01not yet calculatedCVE-2018-5522
CONFIRM

felixrieseberg -- windows-build-tools


 		windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2017-16003
MISC
MISC

fengmk2 -- node-curl


 		httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10614
MISC
fibjs -- fibjs
 		fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10621
MISC
flif-hub -- flif
 		An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.2018-05-28not yet calculatedCVE-2018-11507
MISC
florianholzapfel -- express-restify-mongoose
 		express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.2018-05-31not yet calculatedCVE-2016-10533
MISC
MISC
fortinet -- fortiauthenticator
 		A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator below 5.3.0 versions "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.2018-05-31not yet calculatedCVE-2018-9186
CONFIRM
fortinet -- fortios
 		An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.2018-05-25not yet calculatedCVE-2017-14185
BID
CONFIRM

fresc81 -- node-curses


 		curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10615
MISC
gaelb -- massif
 		massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10682
MISC
gaoxuyan -- gaoxuyangaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-05-29not yet calculatedCVE-2017-16153
MISC
MISC

gergelyke -- apk-parser2


 		apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10632
MISC
giflib -- giflib
 		The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11490
BID
MISC
giflib -- giflib
 		The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11489
BID
MISC

giggio -- node-chromedriver


 		Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10579
MISC
git -- git
 		In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.2018-05-30not yet calculatedCVE-2018-11233
BID
SECTRACK
MISC
git -- git
 		In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.2018-05-30not yet calculatedCVE-2018-11235
BID
SECTRACK
MISC
MISC
DEBIAN
EXPLOIT-DB
gitlab -- community_edition_and_enterprise_edition
 		An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.2018-05-31not yet calculatedCVE-2018-10379
CONFIRM
google -- android
 		The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.2018-05-29not yet calculatedCVE-2018-11544
MISC
google -- android
 		The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.2018-05-26not yet calculatedCVE-2018-11505
MISC
EXPLOIT-DB
graphviz -- graphviz
 		NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.2018-05-30not yet calculatedCVE-2018-10196
CONFIRM
MISC
FEDORA
FEDORA
graylog -- graylog
 		Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.2018-06-01not yet calculatedCVE-2018-11650
MISC
MISC
graylog -- graylog
 		Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.2018-06-01not yet calculatedCVE-2018-11651
MISC
MISC
greencms -- greencms
 		An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.2018-06-01not yet calculatedCVE-2018-11671
MISC
greencms -- greencms
 		An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.2018-06-01not yet calculatedCVE-2018-11670
MISC

groupon -- selenium-download


 		selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10559
MISC

hakatashi -- kindlegen


 		Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10575
MISC
hapijs -- hapi
 		Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).2018-05-29not yet calculatedCVE-2015-9241
MISC
MISC
MISC
hapijs -- hapi
 		call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules.2018-05-31not yet calculatedCVE-2016-10543
MISC
MISC
hapijs -- hapi
 		Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route.2018-05-31not yet calculatedCVE-2015-9236
MISC
MISC
MISC
hapijs -- hapi
 		When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).2018-05-29not yet calculatedCVE-2015-9243
MISC
MISC

hapijs -- inert

The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.2018-05-29not yet calculatedCVE-2014-10068
MISC
MISC
MISC
haproxy -- haproxy
 		Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.2018-05-25not yet calculatedCVE-2018-11469
BID
CONFIRM
UBUNTU
haxefoundation -- npm-haxe
 		haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10602
MISC
hcl -- ivr_systems
 		A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).2018-05-30not yet calculatedCVE-2018-11518
MISC
MISC
MISC
MISC

headless-browser-lite -- headless-browser-lite


 		headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10625
MISC
hekto -- hekto
 		Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.2018-06-01not yet calculatedCVE-2018-3743
MISC

hokaccha -- jwt-simple


 		Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.2018-05-31not yet calculatedCVE-2016-10555
MISC
MISC
MISC
MISC
huawei -- espace_desktop
 		There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.2018-06-01not yet calculatedCVE-2018-7976
CONFIRM
huawei -- multiple_smart_phones
 		Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.2018-06-01not yet calculatedCVE-2017-17171
CONFIRM
huawei -- servers
 		The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.2018-06-01not yet calculatedCVE-2018-7949
CONFIRM
huawei -- servers
 		The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.2018-06-01not yet calculatedCVE-2018-7951
CONFIRM
huawei -- servers
 		The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.2018-06-01not yet calculatedCVE-2018-7950
CONFIRM
hue -- hue
 		Hue 3.12 has XSS via the /pig/save/ name and script parameters.2018-06-01not yet calculatedCVE-2018-11649
MISC
hyperledger -- iroha
 		Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.2018-06-01not yet calculatedCVE-2018-3756
CONFIRM

hypery2k -- galenframework-cli


 		galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10560
MISC

i18next -- i18next


 		i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.2018-05-29not yet calculatedCVE-2017-16010
MISC
MISC
ibm -- api_connect
 		IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.2018-05-31not yet calculatedCVE-2018-1532
CONFIRM
XF
ibm -- content_navigator
 		IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219.2018-05-31not yet calculatedCVE-2018-1496
CONFIRM
XF
ibm -- db2_for_linux_and_unix_and_windows
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.2018-05-25not yet calculatedCVE-2018-1450
CONFIRM
XF
ibm -- flashsystem_v840_and_v900_products
 		IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.2018-05-29not yet calculatedCVE-2018-1495
CONFIRM
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767.2018-05-29not yet calculatedCVE-2018-1369
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777.2018-05-29not yet calculatedCVE-2018-1376
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.2018-05-29not yet calculatedCVE-2018-1370
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.2018-05-29not yet calculatedCVE-2018-1375
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.2018-05-29not yet calculatedCVE-2017-1768
CONFIRM
XF
ibm -- storwize_v7000_unified_management_web_interface
 		The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.2018-05-25not yet calculatedCVE-2018-1467
CONFIRM
BID
XF
ibm -- urbancode_deployIBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.2018-05-25not yet calculatedCVE-2017-1752
CONFIRM
BID
XF

ibmdb -- node-ibm_db


 		ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10577
MISC
MISC
igniteui -- igniteui
 		igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.2018-05-31not yet calculatedCVE-2016-10552
MISC
imagemagick -- imagemagickIn ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.2018-06-01not yet calculatedCVE-2018-11656
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.2018-05-31not yet calculatedCVE-2018-11624
MISC
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.2018-06-01not yet calculatedCVE-2018-11655
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.2018-05-31not yet calculatedCVE-2018-11625
MISC
imsobear -- node-browser
 		node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10618
MISC
install-g-test -- install-g-test
 		install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10630
MISC

ipfs -- npm-go-ipfs-dep


 		During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.2018-05-31not yet calculatedCVE-2016-10563
MISC
MISC
isaacs -- csrf-lite
 		csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.2018-05-31not yet calculatedCVE-2016-10535
MISC
MISC
isaacs -- minimatch
 		Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.2018-05-31not yet calculatedCVE-2016-10540
MISC
janpot -- mongodb-instance
 		mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10572
MISC
jashkenas -- backbone
 		backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.2018-05-31not yet calculatedCVE-2016-10537
MISC
MISC

jefflembeck -- pngcrush-installer


 		pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10570
MISC
jfhbrook -- node-ecstatic
 		Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.2018-05-29not yet calculatedCVE-2015-9242
MISC
MISC
MISC
jigowatt -- php_login_&_user_management
 		An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file.2018-05-29not yet calculatedCVE-2018-11392
MISC
BUGTRAQ
CONFIRM
jonschlinkert -- remarkable
 		Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.2018-05-31not yet calculatedCVE-2014-10065
MISC
MISC

jser -- jser-stat

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10592
MISC
MISC
jshttp -- negotiator
 		negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.2018-05-31not yet calculatedCVE-2016-10539
MISC

jugglinmike -- selenium-chromedriver


 		selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10624
MISC
jvminstall -- jvminstall
 		jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10631
MISC

k-kinzal -- scala-bin


 		scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10627
MISC

k-kinzal -- scalajs-standalone-bin

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10634
MISC

karimsa -- pennyworth


 		pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10619
MISC
keystonejs -- keystone
 		Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.2018-05-29not yet calculatedCVE-2015-9240
MISC

killmag10 -- nodeschnaps


 		nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10622
MISC

koorchik -- node-mystem3


 		mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10626
MISC
kubernetes -- kubernetes
 		In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.2018-06-01not yet calculatedCVE-2018-1002100
CONFIRM
CONFIRM
MISC
legion_of_the_bouncy_castle -- bouncy_castle_jce_providerIn Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.2018-06-01not yet calculatedCVE-2016-1000338
CONFIRM
liblouis -- liblouis
 		Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.2018-05-30not yet calculatedCVE-2018-11577
MISC
MISC
liblouis -- liblouis
 		Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.2018-05-25not yet calculatedCVE-2018-11440
BID
MISC
libmobi -- libmobi
 		The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11437
FULLDISC
libmobi -- libmobi
 		The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11436
FULLDISC
libmobi -- libmobi
 		The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11438
FULLDISC
libmobi -- libmobi
 		The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11432
FULLDISC
libmobi -- libmobi
 		The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11435
FULLDISC
libmobi -- libmobi
 		The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11433
FULLDISC
libmobi -- libmobi
 		The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11434
FULLDISC

liluo -- ipip


 		ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10594
MISC
linux -- linux_kernel
 		The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.2018-05-28not yet calculatedCVE-2018-11508
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel
 		The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.2018-05-28not yet calculatedCVE-2018-11506
MISC
MISC
MISC
little_cms -- little_cms
 		tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file.2018-05-30not yet calculatedCVE-2018-11556
MISC
MISC
little_cms -- little_cms
 		tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file.2018-05-30not yet calculatedCVE-2018-11555
MISC
MISC
ljharb -- qs
 		The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.2018-05-31not yet calculatedCVE-2014-10064
MISC
lutron_electronics -- multiple_products
 		Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11681
MISC
lutron_electronics -- multiple_products
 		Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11682
MISC
lutron_electronics -- multiple_products
 		Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11629
MISC

macacajs -- macaca-chromedriver


 		macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10623
MISC
macacajs -- macaca-chromedriver
 		macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10586
MISC
mahara -- mahara
 		Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.2018-06-01not yet calculatedCVE-2018-11195
CONFIRM
CONFIRM
mahara -- mahara
 		Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.2018-05-30not yet calculatedCVE-2018-11565
CONFIRM
CONFIRM
mahara -- mahara
 		Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.2018-06-01not yet calculatedCVE-2018-11196
CONFIRM
CONFIRM
markedjs -- marked
 		marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.2018-05-31not yet calculatedCVE-2016-10531
MISC
MISC
MISC
mcafee -- data_loss_prevention_endpoint
 		Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.2018-05-25not yet calculatedCVE-2018-6664
BID
SECTRACK
CONFIRM
md4c -- md4cmd_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.2018-05-29not yet calculatedCVE-2018-11547
MISC
md4c -- md4c
 		md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.2018-05-29not yet calculatedCVE-2018-11546
MISC
md4c -- md4c
 		md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.2018-05-29not yet calculatedCVE-2018-11536
MISC
md4c -- md4c
 		md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.2018-05-29not yet calculatedCVE-2018-11545
MISC
miniupnp -- ngiflib
 		ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.2018-05-30not yet calculatedCVE-2018-11575
MISC
MISC
miniupnp -- ngiflib
 		ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.2018-06-01not yet calculatedCVE-2018-11657
MISC
miniupnp -- ngiflib
 		GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.2018-05-30not yet calculatedCVE-2018-11578
MISC
MISC
miniupnp -- ngiflib
 		ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.2018-05-30not yet calculatedCVE-2018-11576
MISC
MISC
misp -- misp
 		An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.2018-05-30not yet calculatedCVE-2018-11562
CONFIRM
modx -- revolution
 		MODX Revolution 2.6.3 has XSS.2018-06-01not yet calculatedCVE-2018-10382
CONFIRM
CONFIRM
moodle -- moodleAn issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.2018-05-25not yet calculatedCVE-2018-1133
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1135
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1134
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.2018-05-25not yet calculatedCVE-2018-1136
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.2018-05-25not yet calculatedCVE-2018-1137
BID
CONFIRM
moox -- reduce-css-calc
 		Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function.2018-05-31not yet calculatedCVE-2016-10548
MISC
MISC
mozilla -- nunjucks
 		Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.2018-05-31not yet calculatedCVE-2016-10547
MISC
MISC
MISC
mqttjs -- mqtt-packet
 		MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.2018-05-31not yet calculatedCVE-2016-10523
MISC
MISC
MISC
mybb -- mybb
 		An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.2018-05-28not yet calculatedCVE-2018-11430
EXPLOIT-DB
mybb -- mybb
 		An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.2018-05-29not yet calculatedCVE-2018-11532
MISC
EXPLOIT-DB
myscada -- mypro
 		mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.2018-05-28not yet calculatedCVE-2018-11517
MISC
MISC
mysqljs -- mysqljs
 		mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16047
MISC
mysqljs -- mysql
 		Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.2018-05-29not yet calculatedCVE-2015-9244
MISC
MISC
natus -- xltek_neuroworks_8An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2858
MISC
natus -- xltek_neuroworks_8
 		An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2852
MISC
natus -- xltek_neuroworks_8
 		An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2860
MISC
nch_software -- axon_pbx
 		There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.2018-06-01not yet calculatedCVE-2018-11552
FULLDISC
nch_software -- axon_pbx
 		AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.2018-06-01not yet calculatedCVE-2018-11551
FULLDISC
nikto -- nikto
 		CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.2018-06-01not yet calculatedCVE-2018-11652
MISC
node-js-libs -- cli
 		The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.2018-05-31not yet calculatedCVE-2016-10538
MISC
MISC
MISC
node-tkinter -- node-tkinter
 		node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16062
MISC
nodeca -- embedza
 		embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10569
MISC
ntfserver -- ntfserver
 		ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10650
MISC
nuuo -- nvrmini_2_devices
 		upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.2018-05-29not yet calculatedCVE-2018-11523
MISC
EXPLOIT-DB

nwjs -- nw


 		nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10588
MISC
oliversalzburg -- i18n-node-angular
 		i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.2018-05-31not yet calculatedCVE-2016-10524
MISC
MISC

omphalos -- crud-file-server


 		crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.2018-05-29not yet calculatedCVE-2018-3733
MISC
MISC
openframeproject -- openframe-glslviewer
 		openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10607
MISC
openframeproject -- openframe-image
 		openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10616
MISC

openlayers -- closure-util


 		closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10583
MISC
pdf-image -- pdf-image
 		Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.2018-06-01not yet calculatedCVE-2018-3757
CONFIRM
MISC
pdfinfojs -- pdfinfojs
 		The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.2018-06-01not yet calculatedCVE-2018-3746
MISC
phpscriptsmall.com -- naukri_clone_script
 		PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.2018-05-28not yet calculatedCVE-2018-11514
MISC
poco -- poco
 		poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10659
MISC
pouchdb -- pouchdb
 		An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.2018-05-31not yet calculatedCVE-2016-10546
MISC
probablycorey -- atom-node-module-installer
 		atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10620
MISC
pulpiks -- node-mystem
 		mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10698
MISC

putaoshu -- jdf-sass


 		jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10595
MISC
quest -- dr_series_disk_backupQuest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).2018-06-01not yet calculatedCVE-2018-11171
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).2018-06-01not yet calculatedCVE-2018-11163
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).2018-06-01not yet calculatedCVE-2018-11165
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).2018-06-01not yet calculatedCVE-2018-11166
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).2018-06-01not yet calculatedCVE-2018-11167
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).2018-06-01not yet calculatedCVE-2018-11164
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).2018-06-01not yet calculatedCVE-2018-11162
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).2018-06-01not yet calculatedCVE-2018-11160
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).2018-06-01not yet calculatedCVE-2018-11161
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).2018-06-01not yet calculatedCVE-2018-11168
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).2018-06-01not yet calculatedCVE-2018-11169
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).2018-06-01not yet calculatedCVE-2018-11175
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).2018-06-01not yet calculatedCVE-2018-11176
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).2018-06-01not yet calculatedCVE-2018-11174
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).2018-06-01not yet calculatedCVE-2018-11173
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).2018-06-01not yet calculatedCVE-2018-11170
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).2018-06-01not yet calculatedCVE-2018-11172
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).2018-06-01not yet calculatedCVE-2018-11159
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).2018-06-01not yet calculatedCVE-2018-11158
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).2018-06-01not yet calculatedCVE-2018-11148
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).2018-06-01not yet calculatedCVE-2018-11149
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).2018-06-01not yet calculatedCVE-2018-11147
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).2018-06-01not yet calculatedCVE-2018-11146
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).2018-06-01not yet calculatedCVE-2018-11143
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).2018-06-01not yet calculatedCVE-2018-11145
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).2018-06-01not yet calculatedCVE-2018-11150
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).2018-06-01not yet calculatedCVE-2018-11151
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).2018-06-01not yet calculatedCVE-2018-11156
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).2018-06-01not yet calculatedCVE-2018-11157
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).2018-06-01not yet calculatedCVE-2018-11155
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).2018-06-01not yet calculatedCVE-2018-11154
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).2018-06-01not yet calculatedCVE-2018-11152
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).2018-06-01not yet calculatedCVE-2018-11153
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).2018-06-01not yet calculatedCVE-2018-11177
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).2018-06-01not yet calculatedCVE-2018-11144
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).2018-06-01not yet calculatedCVE-2018-11188
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).2018-06-01not yet calculatedCVE-2018-11187
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).2018-06-01not yet calculatedCVE-2018-11185
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).2018-06-01not yet calculatedCVE-2018-11184
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).2018-06-01not yet calculatedCVE-2018-11189
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).2018-06-01not yet calculatedCVE-2018-11190
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).2018-06-01not yet calculatedCVE-2018-11194
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).2018-06-01not yet calculatedCVE-2018-11193
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).2018-06-01not yet calculatedCVE-2018-11192
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).2018-06-01not yet calculatedCVE-2018-11191
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).2018-06-01not yet calculatedCVE-2018-11183
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).2018-06-01not yet calculatedCVE-2018-11186
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).2018-06-01not yet calculatedCVE-2018-11181
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).2018-06-01not yet calculatedCVE-2018-11179
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).2018-06-01not yet calculatedCVE-2018-11178
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).2018-06-01not yet calculatedCVE-2018-11182
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).2018-06-01not yet calculatedCVE-2018-11180
MISC
FULLDISC
MISC
quest -- kace_system_management_appliance
 		The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.2018-05-31not yet calculatedCVE-2018-11135
MISC
quest -- kace_system_management_appliance
 		The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).2018-05-31not yet calculatedCVE-2018-11140
MISC
quest -- kace_system_management_appliance
 		The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.2018-05-31not yet calculatedCVE-2018-11139
MISC
quest -- kace_system_management_appliance
 		The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.2018-05-31not yet calculatedCVE-2018-11138
MISC
quest -- kace_system_management_appliance
 		The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).2018-05-31not yet calculatedCVE-2018-11136
MISC
quest -- kace_system_management_appliance
 		The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.2018-05-31not yet calculatedCVE-2018-11137
MISC
quest -- kace_system_management_appliance
 		In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.2018-05-31not yet calculatedCVE-2018-11134
MISC
quest -- kace_system_management_appliance
 		In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.2018-05-31not yet calculatedCVE-2018-11132
MISC
quest -- kace_system_management_appliance
 		The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.2018-05-31not yet calculatedCVE-2018-11133
MISC
quest -- kace_system_management_appliance
 		The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.2018-05-31not yet calculatedCVE-2018-11142
MISC
quest -- kace_system_management_appliance
 		The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.2018-05-31not yet calculatedCVE-2018-11141
MISC
ralphbean -- ansi2html
 		ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2015-9239
MISC

redien -- limbus-buildgen


 		limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10674
MISC
riot -- compiler
 		The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions.2018-05-31not yet calculatedCVE-2016-10527
MISC
MISC

robot -- robot-js

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10608
MISC
robotwebtools -- groslibjs
 		roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10681
MISC
rondaful -- m1_wristband_smart_band_1_devices
 		Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.2018-05-31not yet calculatedCVE-2018-11631
MISC

rse -- node-prince


 		Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10591
MISC

rubenv -- apk-parser


 		apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10564
MISC
ruckus -- icx7450-48_devices
 		A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.2018-05-29not yet calculatedCVE-2018-11027
BUGTRAQ
ruckus -- smartzone
 		Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.2018-05-31not yet calculatedCVE-2018-11036
MISC
samsung -- s7_edge_device
 		A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.2018-05-29not yet calculatedCVE-2018-10751
MISC
CONFIRM
EXPLOIT-DB
schedmd -- slurm
 		SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).2018-05-30not yet calculatedCVE-2018-10995
MISC
MISC
seacms -- seacms
 		SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.2018-05-30not yet calculatedCVE-2018-11583
MISC
searchblox -- searchblox
 		servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.2018-06-01not yet calculatedCVE-2018-11538
MISC
MISC
EXPLOIT-DB
sela -- sela
 		SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.2018-05-31not yet calculatedCVE-2018-11626
MISC

selenium-standalone-painful -- selenium-standalone-painful

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10679
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.2018-05-31not yet calculatedCVE-2016-10553
MISC
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.2018-05-31not yet calculatedCVE-2016-10554
MISC
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.2018-05-31not yet calculatedCVE-2016-10550
MISC
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.2018-05-29not yet calculatedCVE-2016-10556
MISC
MISC
serve -- serve
 		Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.2018-06-01not yet calculatedCVE-2018-3809
MISC
sexstatic -- sexstatic
 		XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.2018-06-01not yet calculatedCVE-2018-3755
MISC

shama -- nodewebkit


 		nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10580
MISC
silverwind -- droppy
 		Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.2018-05-31not yet calculatedCVE-2016-10529
MISC
sinatra -- sinatra
 		Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.2018-05-31not yet calculatedCVE-2018-11627
MISC
MISC
sitemakin -- site_login_and_access_control
 		An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.2018-05-29not yet calculatedCVE-2018-11535
MISC
EXPLOIT-DB
socketio -- engine.io-client
 		engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off.2018-05-31not yet calculatedCVE-2016-10536
MISC
MISC
MISC

spunjs -- selenium-binaries


 		selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10589
MISC
stattic -- stattic
 		stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.2018-05-29not yet calculatedCVE-2018-3734
MISC
strider-cd -- strider-sauce
 		strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10611
MISC
strongswan -- strongswan
 		In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.2018-05-31not yet calculatedCVE-2018-5388
CERT-VN
BID
CONFIRM
substack -- shell-quote
 		The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.2018-05-31not yet calculatedCVE-2016-10541
MISC
sudo -- sudo
 		sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.2018-05-29not yet calculatedCVE-2016-7076
REDHAT
BID
CONFIRM
CONFIRM

swangful -- chromedriver126


 		chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10609
MISC
symantec -- advanced_secure_gateway_and_proxysg
 		Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.2018-05-29not yet calculatedCVE-2018-5241
BID
SECTRACK
CONFIRM
synology -- drive
 		Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.2018-06-01not yet calculatedCVE-2018-8922
CONFIRM
synology -- drive
 		Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.2018-06-01not yet calculatedCVE-2018-8921
CONFIRM
taglib -- taglib
 		The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.2018-05-30not yet calculatedCVE-2018-11439
FULLDISC

the_sails_company -- sails


 		Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.2018-05-31not yet calculatedCVE-2016-10549
MISC
MISC
MISC
the_sails_company -- waterline-sequel
 		waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.2018-05-29not yet calculatedCVE-2016-10551
MISC
MISC
tkinter -- tkinter
 		tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16061
MISC

tobli -- baryton-saxophone


 		baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10573
MISC

toni89 -- nw-with-arm


 		nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10629
MISC
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices
 		TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.2018-05-30not yet calculatedCVE-2018-11481
MISC
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices
 		/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.2018-05-30not yet calculatedCVE-2018-11482
MISC
tschaub -- grunt-gh-pages
 		A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.2018-05-31not yet calculatedCVE-2016-10526
MISC
MISC
ubuntu -- ubuntu
 		Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, and 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17.2018-05-31not yet calculatedCVE-2018-6552
UBUNTU

unetworking -- uwebsockets

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.2018-05-31not yet calculatedCVE-2016-10544
MISC
MISC
unisys -- stealth_solution
 		In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory.2018-05-30not yet calculatedCVE-2018-7534
CONFIRM

uxebu -- webdrvr


 		webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10601
MISC
vadimdemedes -- secure-compare
 		secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.2018-05-31not yet calculatedCVE-2015-9238
MISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 		An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication.2018-05-30not yet calculatedCVE-2018-11476
FULLDISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 		An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network.2018-05-30not yet calculatedCVE-2018-11478
FULLDISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 		An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public.2018-05-30not yet calculatedCVE-2018-11477
FULLDISC
MISC
videolan -- vlc_media_player
 		The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.2018-05-28not yet calculatedCVE-2018-11516
MISC
BID

vmolsa -- webrtc-native


 		webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10600
MISC
vmware -- horizon_client_for_linux
 		VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.2018-05-29not yet calculatedCVE-2018-6964
BID
SECTRACK
CONFIRM

vseryakov --- backendjs


 		bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10571
MISC

wasdk -- wasdk


 		wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10587
MISC
websockets -- ws
 		A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.2018-05-31not yet calculatedCVE-2016-10518
MISC
MISC
MISC
websockets -- ws
 		ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.2018-05-31not yet calculatedCVE-2016-10542
MISC
MISC
webtorrent -- bittorrent-dht
 		A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.2018-05-31not yet calculatedCVE-2016-10519
MISC
MISC
wordpress -- wordpress
 		The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.2018-05-28not yet calculatedCVE-2018-11515
MISC
MISC
wordpress -- wordpress
 		class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.2018-05-30not yet calculatedCVE-2018-11579
MISC
MISC
wordpress -- wordpress
 		The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.2018-06-01not yet calculatedCVE-2018-11485
MISC
wordpress -- wordpress
 		An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.2018-05-31not yet calculatedCVE-2018-11633
MISC
MISC
wordpress -- wordpress
 		Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have &lt; and &gt; representations.2018-05-30not yet calculatedCVE-2018-11568
MISC
wordpress -- wordpress
 		An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.2018-06-01not yet calculatedCVE-2018-11486
MISC
wordpress -- wordpress
 		An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content.2018-05-30not yet calculatedCVE-2018-11580
MISC
MISC
wordpress -- wordpress
 		Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.2018-05-28not yet calculatedCVE-2018-11309
MISC
wordpress -- wordpress
 		An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.2018-05-31not yet calculatedCVE-2018-11632
MISC
MISC
wuzhi_cms -- wuzhi_cms
 		WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.2018-05-29not yet calculatedCVE-2018-11528
MISC
wuzhi_cms -- wuzhi_cms
 		An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.2018-05-29not yet calculatedCVE-2018-11549
MISC

yannicked -- node-cue-sdk


 		cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10590
MISC
yiban – easy_class_education_platform
 		YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter.2018-05-30not yet calculatedCVE-2018-11557
MISC
yootheme -- pagekit_cms
 		Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.2018-06-01not yet calculatedCVE-2018-11564
MISC
MISC
yosoro -- yosoro
 		Yosoro 1.0.4 has stored XSS.2018-06-01not yet calculatedCVE-2018-11522
MISC
CONFIRM
EXPLOIT-DB

zazukoians -- fuseki


 		Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10576
MISC

zertz -- unicode-json


 		unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10610
MISC

zhao0 -- node-apk-parser3


 		apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10574
MISC
zimbra -- zimbra_collaboration_suite
 		Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.2018-05-30not yet calculatedCVE-2015-7610
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zimbra -- zimbra_collaboration_suite
 		Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.2018-05-30not yet calculatedCVE-2018-10939
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zoho -- manageengine_adaudit_plusZoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.2018-05-29not yet calculatedCVE-2018-10466
CONFIRM

zuker -- box2d-native


 		box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10617
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates for Multiple Products

June 6, 2018, 12:33 pm
$
0
0
Original release date: June 06, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates for Flash Player

June 7, 2018, 6:09 am
$
0
0
Original release date: June 07, 2018

Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-19 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update

June 7, 2018, 9:09 am
$
0
0
Original release date: June 07, 2018

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Firefox 60.0.2 and Firefox ESR 52.8.1/60.0.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Viewing all 3440 articles
Browse latest View live
Search