16. Test on another computer
Use another computer to test your malfunctioning mouse/camera/printer, or just another USB port, to help you work out where the fault lies. If the problem vanishes, it's not the device itself that's to blame.
Sunday, 3 June 2018
40 ways to fix your PC before you call an expert (16)
16. Test on another computer
Saturday, 2 June 2018
40 ways to fix your PC before you call an expert (15)
15. Re-install Windows
This is the scorched earth policy -- but it's not as drastic as you might think. Many PCs and laptops come with recovery discs or a recovery partition on the hard drive that you can use to return your computer to the state it was in when it arrived from the factory. Of course, it goes without saying that you'll need to install your software again and you'll lose all your personal data, so you'll need copies of your important files (photos, university essays etc).
40 ways to fix your PC before you call an expert (14)
14. Registry cleaning
The labyrinthine settings file that is the Windows registry can cause errors, program crashes and system restarts if something has gone wrong deep within it. There are plenty of third-party tools that will scan it for problems for you, though not all of them are trustworthy -- Glary Registry Repair is one of the ones you can depend on (though as with any advanced tweaking tool, use at your own risk -- you do back up, right?).
Thursday, 31 May 2018
40 ways to fix your PC before you call an expert (13)
13. Ask Microsoft
It turns out MIcrosoft does know a thing or two about their own systems -- it offers an automated Fixit tool, which will try and detect what's going wrong and then do something about it.
The Microsoft Fixit site offers a number of simple troubleshooting wizards.
40 ways to fix your PC before you call an expert (12)
12. Forums
If you do have to turn to the web, locate the developer or manufacturer's official support forums before you turn to Google. You may find there's a particular fix available or advice from other users. For smaller freeware programs, you may even find posts from the developer.
Tuesday, 29 May 2018
Vulnerability Summary for the Week of May 21, 2018
 |
| ||||||||
High Vulnerabilities
Back to top
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Medium Vulnerabilities
Back to top
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info There were no medium vulnerabilities recorded this week. Low Vulnerabilities
Back to top
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info There were no low vulnerabilities recorded this week. Severity Not Yet Assigned
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info abb -- srea-01
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization. 2018-05-24 not yet calculated CVE-2017-9664
BID
MISCaccellion -- kitewords
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. 2018-05-24 not yet calculated CVE-2017-9421
MISCadobe -- acrobat_and_reader
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4918
BID
SECTRACK
MISCadobe -- acrobat_and_reader
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4917
BID
SECTRACK
MISCadobe -- coldfusion
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4941
BID
MISCadobe -- coldfusion
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. 2018-05-19 not yet calculated CVE-2018-4938
BID
MISCadobe -- coldfusion
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4942
BID
MISCadobe -- coldfusion
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4940
BID
MISCadobe -- coldfusion
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-05-19 not yet calculated CVE-2018-4939
BID
MISCadobe -- connect
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion. 2018-05-19 not yet calculated CVE-2018-4923
BID
SECTRACK
MISCadobe -- connect
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-05-19 not yet calculated CVE-2018-4994
BID
SECTRACK
MISCadobe -- connect
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4921
BID
SECTRACK
MISCadobe -- creative_cloud_desktop_application Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. 2018-05-19 not yet calculated CVE-2018-4873
BID
SECTRACK
MISCadobe -- creative_cloud_desktop_application
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass. 2018-05-19 not yet calculated CVE-2018-4991
BID
SECTRACK
MISCadobe -- creative_cloud_desktop_application
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation. 2018-05-19 not yet calculated CVE-2018-4992
BID
SECTRACK
MISCadobe -- digital_editions
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4925
BID
MISCadobe -- digital_editions
Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4926
BID
MISCadobe -- dreamweaver_cc
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4924
BID
SECTRACK
MISCadobe -- experience_manager
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-05-19 not yet calculated CVE-2018-4930
BID
MISCadobe -- experience_manager
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-05-19 not yet calculated CVE-2018-4931
BID
MISCadobe -- experience_manager
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-05-19 not yet calculated CVE-2018-4929
BID
MISCadobe -- flash_player Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4936
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- flash_player
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4920
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4933
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-05-19 not yet calculated CVE-2018-4934
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- flash_player
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4919
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4937
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- flash_player
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4944
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4932
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4935
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DBadobe -- indesign
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. 2018-05-19 not yet calculated CVE-2018-4927
BID
MISCadobe -- indesign
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-05-19 not yet calculated CVE-2018-4928
BID
MISCadobe -- phonegap_push_plugin
Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app. 2018-05-19 not yet calculated CVE-2018-4943
BID
MISCapache -- batik
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. 2018-05-24 not yet calculated CVE-2018-8013
BID
MLIST
MLIST
CONFIRMapache -- nifi
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release. 2018-05-23 not yet calculated CVE-2018-1309
CONFIRMapache -- nifi
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release. 2018-05-23 not yet calculated CVE-2018-1310
CONFIRMapache -- orc
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack. 2018-05-18 not yet calculated CVE-2018-8015
BID
CONFIRMapache -- solr
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs. 2018-05-21 not yet calculated CVE-2018-8010
BID
MISCapache -- zookeeper
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. 2018-05-21 not yet calculated CVE-2018-8012
BID
SECTRACK
MISCappnitro_software -- machform
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection. 2018-05-26 not yet calculated CVE-2018-6411
MISC
MISCappnitro_software -- machform
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. 2018-05-26 not yet calculated CVE-2018-6410
MISC
MISCappnitro_software -- machform
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. 2018-05-26 not yet calculated CVE-2018-6409
MISC
MISCasustor -- as6202t_adm
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed. 2018-05-21 not yet calculated CVE-2018-11340
MISCasustor -- as6202t_adm
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. 2018-05-21 not yet calculated CVE-2018-11346
MISCasustor -- as6202t_adm
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. 2018-05-21 not yet calculated CVE-2018-11343
MISCasustor -- as6202t_adm
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system. 2018-05-21 not yet calculated CVE-2018-11345
MISCasustor -- as6202t_adm
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. 2018-05-21 not yet calculated CVE-2018-11341
MISCasustor -- as6202t_adm
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. 2018-05-21 not yet calculated CVE-2018-11342
MISCasustor -- as6202t_adm
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. 2018-05-21 not yet calculated CVE-2018-11344
MISCati_systems -- emergency_mass_notification_systems
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. 2018-05-25 not yet calculated CVE-2018-8862
BID
MISCati_systems -- emergency_mass_notification_systems
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. 2018-05-25 not yet calculated CVE-2018-8864
BID
MISCbeaconmedaes -- scroll_medical_air_systems
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. 2018-05-24 not yet calculated CVE-2018-7526
MISCbeaconmedaes -- scroll_medical_air_systems
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. 2018-05-24 not yet calculated CVE-2018-7518
MISCbearadmin -- bearadmin
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration. 2018-05-24 not yet calculated CVE-2018-11413
MISCbearadmin -- bearadmin
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly. 2018-05-24 not yet calculated CVE-2018-11414
MISCbecton_dickinson_and_company -- bd_kiestra_inoquia_systems
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. 2018-05-24 not yet calculated CVE-2018-10593
MISC
CONFIRMbecton_dickinson_and_company -- bd_kiestra_systems
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. 2018-05-24 not yet calculated CVE-2018-10595
MISC
CONFIRMbitdroid -- werewolf_online_app_android
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. 2018-05-26 not yet calculated CVE-2018-11505
MISCcitrix -- xenmobile_server
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. 2018-05-23 not yet calculated CVE-2018-10653
CONFIRMcitrix -- xenmobile_server
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. 2018-05-23 not yet calculated CVE-2018-10652
CONFIRMcitrix -- xenmobile_server
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. 2018-05-23 not yet calculated CVE-2018-10654
CONFIRMcitrix -- xenmobile_server
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. 2018-05-23 not yet calculated CVE-2018-10648
CONFIRMcitrix -- xenmobile_server
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. 2018-05-23 not yet calculated CVE-2018-10650
CONFIRMcitrix -- xenmobile_server
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. 2018-05-23 not yet calculated CVE-2018-10649
CONFIRMcitrix -- xenmobile_server
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. 2018-05-23 not yet calculated CVE-2018-10651
CONFIRMckeditor_5 -- ckeditor_5
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. 2018-05-22 not yet calculated CVE-2018-11093
CONFIRM
CONFIRMclippercms -- clippercms
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file. 2018-05-24 not yet calculated CVE-2018-11332
MISCcloudera -- hue
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. 2018-05-22 not yet calculated CVE-2015-8094
CONFIRM
CONFIRM
CONFIRM
MISCcloudfoundry -- cloudfoundry
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections. 2018-05-23 not yet calculated CVE-2018-1193
CONFIRMcockpit_project -- cockpit
Cockpit 0.5.5 has XSS via a collection, form, or region. 2018-05-25 not yet calculated CVE-2018-11471
MISCcodecanyon.net -- easyservice_billing
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. 2018-05-25 not yet calculated CVE-2018-11445
MISCcodecanyon.net -- easyservice_billing
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. 2018-05-25 not yet calculated CVE-2018-11444
MISC
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. 2018-05-25 not yet calculated CVE-2018-11442
MISCcodecanyon.net -- easyservice_billing
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. 2018-05-25 not yet calculated CVE-2018-11443
MISC
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. 2018-05-21 not yet calculated CVE-2018-11096
EXPLOIT-DBcppcms -- cppcms
An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module. 2018-05-22 not yet calculated CVE-2018-11367
MISCcurl -- curl
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. 2018-05-24 not yet calculated CVE-2018-1000301
BID
SECTRACK
CONFIRM
MLIST
UBUNTU
UBUNTU
DEBIANcurl -- curl
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. 2018-05-24 not yet calculated CVE-2018-1000300
BID
SECTRACK
CONFIRM
UBUNTUd-link -- dsl-3782_router
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. 2018-05-23 not yet calculated CVE-2018-8898
MISC
EXPLOIT-DBdahua_technology-- ip_devices
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device. 2018-05-23 not yet calculated CVE-2017-9317
CONFIRMdelta_electronics -- industrial_automation_tpeditor
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. 2018-05-25 not yet calculated CVE-2018-8871
MISCdiscount -- discount
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. 2018-05-25 not yet calculated CVE-2018-11468
MISCdiscount -- discount
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. 2018-05-26 not yet calculated CVE-2018-11503
MISCdiscount -- discount
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. 2018-05-26 not yet calculated CVE-2018-11504
MISCdolibarr -- dolibarr
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. 2018-05-22 not yet calculated CVE-2018-10092
MLIST
CONFIRM
CONFIRM
MISCdolibarr -- dolibarr
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. 2018-05-22 not yet calculated CVE-2018-10094
MLIST
CONFIRM
CONFIRM
MISCdolibarr -- dolibarr
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. 2018-05-22 not yet calculated CVE-2018-9019
CONFIRM
CONFIRMdolibarr -- dolibarr
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. 2018-05-22 not yet calculated CVE-2018-10095
MLIST
CONFIRM
CONFIRM
MISCdomainmod -- domainmod
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. 2018-05-24 not yet calculated CVE-2018-11404
MISCdomainmod -- domainmod
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. 2018-05-24 not yet calculated CVE-2018-11403
MISCethereum -- dimoncoin_token
The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect. 2018-05-24 not yet calculated CVE-2018-11411
MISCethereum -- ether_cartel
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018. 2018-05-22 not yet calculated CVE-2018-11329
MISCfortinet -- fortios
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. 2018-05-24 not yet calculated CVE-2017-14187
SECTRACK
CONFIRMfortinet -- fortios
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. 2018-05-25 not yet calculated CVE-2017-14185
CONFIRMfoxit -- foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5680. 2018-05-24 not yet calculated CVE-2018-5679
MISC
CONFIRMfoxit -- foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678. 2018-05-24 not yet calculated CVE-2018-5676
MISC
CONFIRMfoxit -- foxit_reader
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process. 2018-05-24 not yet calculated CVE-2018-7406
MISC
CONFIRMfoxit -- foxit_reader
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. 2018-05-24 not yet calculated CVE-2018-7407
MISC
CONFIRMfoxit -- foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678. 2018-05-24 not yet calculated CVE-2018-5674
MISC
CONFIRMfoxit -- foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679. 2018-05-24 not yet calculated CVE-2018-5680
MISC
CONFIRMfoxit -- foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5679 and CVE-2018-5680. 2018-05-24 not yet calculated CVE-2018-5677
MISC
CONFIRMfoxit -- foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. 2018-05-24 not yet calculated CVE-2018-5675
MISC
CONFIRMfoxit -- foxit_reader
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676. 2018-05-24 not yet calculated CVE-2018-5678
MISC
CONFIRMfrappe_technologies -- erpnext
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. 2018-05-21 not yet calculated CVE-2018-11339
MISC
MISC
EXPLOIT-DBge_automation -- pacssystems
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. 2018-05-18 not yet calculated CVE-2018-8867
BID
MISCgiflib -- giflib
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. 2018-05-26 not yet calculated CVE-2018-11489
MISCgiflib -- giflib
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. 2018-05-26 not yet calculated CVE-2018-11490
MISCgnome_project -- gnome_web
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. 2018-05-23 not yet calculated CVE-2018-11396
CONFIRMgnu -- gnu_c_library
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. 2018-05-18 not yet calculated CVE-2018-11237
BID
MISC
EXPLOIT-DBgnu -- gnu_c_library
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. 2018-05-18 not yet calculated CVE-2018-11236
BID
MISC
MISChaproxy -- haproxy
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. 2018-05-25 not yet calculated CVE-2018-11469
CONFIRMhawtio -- hawtio
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed. 2018-05-22 not yet calculated CVE-2017-2617
BID
REDHAT
CONFIRMhp -- network_operations_management_ultimate
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. 2018-05-22 not yet calculated CVE-2018-6493
BID
SECTRACK
CONFIRMhp -- network_operations_management_ultimate
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. 2018-05-22 not yet calculated CVE-2018-6492
BID
SECTRACK
CONFIRMhp -- service_manager_software_web_tier
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. 2018-05-22 not yet calculated CVE-2018-6494
BID
SECTRACK
CONFIRMhuawei -- 1288h_and_288H
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. 2018-05-24 not yet calculated CVE-2018-7902
CONFIRMhuawei -- 1288h_and_288H
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. 2018-05-24 not yet calculated CVE-2018-7903
CONFIRMhuawei -- 1288h_and_288H
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. 2018-05-24 not yet calculated CVE-2018-7904
CONFIRMhuawei -- ibmc
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak. 2018-05-24 not yet calculated CVE-2018-7942
CONFIRMhuawei -- smart_phones
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. 2018-05-24 not yet calculated CVE-2017-17158
CONFIRMhuwaei -- multiple_products
Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal. 2018-05-24 not yet calculated CVE-2017-17315
CONFIRMibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047. 2018-05-25 not yet calculated CVE-2018-1452
CONFIRM
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648. 2018-05-25 not yet calculated CVE-2018-1544
CONFIRM
SECTRACK
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973. 2018-05-25 not yet calculated CVE-2018-1488
CONFIRM
SECTRACK
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022. 2018-05-25 not yet calculated CVE-2018-1565
CONFIRM
SECTRACK
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046. 2018-05-25 not yet calculated CVE-2018-1451
CONFIRM
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044. 2018-05-25 not yet calculated CVE-2018-1449
CONFIRM
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210. 2018-05-25 not yet calculated CVE-2018-1459
CONFIRM
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624. 2018-05-25 not yet calculated CVE-2018-1515
CONFIRM
SECTRACK
XFibm -- db2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045. 2018-05-25 not yet calculated CVE-2018-1450
CONFIRM
XFibm -- storediq
IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331. 2018-05-22 not yet calculated CVE-2018-1583
CONFIRM
XFibm -- storwize_v7000
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. 2018-05-25 not yet calculated CVE-2018-1467
CONFIRM
XFibm -- tivoli_application_dependency_discovery_manager
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361. 2018-05-24 not yet calculated CVE-2013-3023
CONFIRM
XFibm -- tivoli_application_dependency_discovery_manager
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354. 2018-05-24 not yet calculated CVE-2013-3018
CONFIRM
XFibm -- urbancode_deploy
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547. 2018-05-25 not yet calculated CVE-2017-1752
CONFIRM
XFibm -- websphere_application_server
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. 2018-05-24 not yet calculated CVE-2013-3024
CONFIRM
XFilias -- ilias
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. 2018-05-23 not yet calculated CVE-2018-10428
MISC
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
MISCimagemagick -- imagemagick
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. 2018-05-18 not yet calculated CVE-2017-18273
CONFIRM
MLISTimagemagick -- imagemagick
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. 2018-05-18 not yet calculated CVE-2018-11251
CONFIRM
MLISTimagemagick -- imagemagick
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. 2018-05-18 not yet calculated CVE-2017-18271
CONFIRM
MLISTiscripts -- eswap
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. 2018-05-22 not yet calculated CVE-2018-11372
MISCiscripts -- eswap
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. 2018-05-22 not yet calculated CVE-2018-11373
MISCiscripts -- eswap
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. 2018-05-25 not yet calculated CVE-2018-11470
MISCjboss -- jboss_jbossas
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. 2018-05-22 not yet calculated CVE-2016-8656
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRMjboss -- undertow_web_server
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. 2018-05-21 not yet calculated CVE-2018-1067
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRMjenkins -- jenkins
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304). 2018-05-23 not yet calculated CVE-2017-2598
BID
CONFIRM
CONFIRM
CONFIRMjenkins -- jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to. 2018-05-22 not yet calculated CVE-2017-2609
BID
CONFIRM
CONFIRMjenkins -- jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs. 2018-05-21 not yet calculated CVE-2017-2607
BID
CONFIRMjerryscript -- jerryscript
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c. 2018-05-24 not yet calculated CVE-2018-11418
MISCjerryscript -- jerryscript
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c. 2018-05-24 not yet calculated CVE-2018-11419
MISCjoomla! -- joomla!
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. 2018-05-22 not yet calculated CVE-2018-6378
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. 2018-05-22 not yet calculated CVE-2018-11321
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. 2018-05-22 not yet calculated CVE-2018-11323
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. 2018-05-22 not yet calculated CVE-2018-11322
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. 2018-05-22 not yet calculated CVE-2018-11327
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. 2018-05-22 not yet calculated CVE-2018-11325
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. 2018-05-22 not yet calculated CVE-2018-11326
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. 2018-05-22 not yet calculated CVE-2018-11328
BID
SECTRACK
MISCjoomla! -- joomla!
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. 2018-05-22 not yet calculated CVE-2018-11324
BID
SECTRACK
MISCjpegoptim -- jpegoptim
jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-05-24 not yet calculated CVE-2018-11416
MISC
MISCk2 -- smartforms
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/ScriptsURL. 2018-05-24 not yet calculated CVE-2018-9920
BUGTRAQkemp_technologies -- loadmaster_operating_system_long_term_support
A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. 2018-05-25 not yet calculated CVE-2018-9091
CONFIRMkliqqi -- kliqqi
Kliqqi 2.0.2 has CSRF in admin/admin_users.php. 2018-05-24 not yet calculated CVE-2018-11405
MISC
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. 2018-05-18 not yet calculated CVE-2018-1000400
BID
MISCliblouis -- liblouis
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-05-24 not yet calculated CVE-2018-11410
MISC
MISCliblouis -- liblouis
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. 2018-05-25 not yet calculated CVE-2018-11440
MISClibsass -- libsass
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. 2018-05-26 not yet calculated CVE-2018-11499
MISClinux -- linux_kernel kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. 2018-05-21 not yet calculated CVE-2018-1108
BID
CONFIRM
DEBIANlinux -- linux_kernel
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. 2018-05-24 not yet calculated CVE-2018-11412
MISC
MISClinux -- linux_kernel
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. 2018-05-24 not yet calculated CVE-2018-1000199
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
MLIST
UBUNTU
DEBIAN
DEBIANlinux -- linux_kernel
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. 2018-05-18 not yet calculated CVE-2017-18270
CONFIRM
BID
CONFIRM
CONFIRMlizard -- lizard
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution. 2018-05-26 not yet calculated CVE-2018-11498
MISClong_range_zip -- long_range_zip
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. 2018-05-26 not yet calculated CVE-2018-11496
MISCmagnicomp -- sysinfo
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability. 2018-05-21 not yet calculated CVE-2018-7268
MISC
BUGTRAQ
MISCmakemytrip.com -- makemytrip_app_android
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files. 2018-05-20 not yet calculated CVE-2018-11242
MISC
EXPLOIT-DBmcafee -- data_loss_prevention_endpoint
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. 2018-05-25 not yet calculated CVE-2018-6664
SECTRACK
CONFIRMmcafee -- network_security_management
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. 2018-05-25 not yet calculated CVE-2017-3961
CONFIRMmcafee -- virusscan_enterprise
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands. 2018-05-25 not yet calculated CVE-2018-6674
BID
SECTRACK
CONFIRMmicro_focus -- client_for_oes
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. 2018-05-21 not yet calculated CVE-2018-7687
MISC
MISCmicro_focus -- multiple_products
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). 2018-05-23 not yet calculated CVE-2018-6495
SECTRACK
CONFIRMmicrosoft -- office
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office. 2018-05-23 not yet calculated CVE-2018-8176
BID
SECTRACK
CONFIRMmicrosoft -- windows
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035. 2018-05-21 not yet calculated CVE-2018-8142
BID
CONFIRMmonstra -- monstra_cms
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). 2018-05-25 not yet calculated CVE-2018-11472
MISC
MISCmonstra -- monstra_cms
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser. 2018-05-25 not yet calculated CVE-2018-11475
MISCmonstra -- monstra_cms
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser. 2018-05-25 not yet calculated CVE-2018-11474
MISCmonstra -- monstra_cms
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). 2018-05-25 not yet calculated CVE-2018-11473
MISC
MISCmoodle -- moodle
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. 2018-05-25 not yet calculated CVE-2018-1133
CONFIRMmoodle -- moodle
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. 2018-05-25 not yet calculated CVE-2018-1134
CONFIRMmoodle -- moodle
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. 2018-05-25 not yet calculated CVE-2018-1136
CONFIRMmoodle -- moodle
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. 2018-05-25 not yet calculated CVE-2018-1137
CONFIRMmoodle -- moodle
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. 2018-05-25 not yet calculated CVE-2018-1135
CONFIRMmultiple_vendors -- multiple_products
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. 2018-05-22 not yet calculated CVE-2018-3639
CONFIRM
BID
SECTRACK
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
EXPLOIT-DB
CONFIRM
CERT-VN
CONFIRM
CERTmultiple_vendors -- multiple_products
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. 2018-05-22 not yet calculated CVE-2018-3640
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CISCO
CONFIRM
CERT-VN
CONFIRM
CERTmupdf -- mupdf In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. 2018-05-24 not yet calculated CVE-2018-1000040
CONFIRM
MISC
MISC
MISC
MISC
MISCmupdf -- mupdf
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. 2018-05-24 not yet calculated CVE-2018-1000039
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISCmupdf -- mupdf
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. 2018-05-24 not yet calculated CVE-2018-1000038
CONFIRM
CONFIRM
MISCmupdf -- mupdf
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. 2018-05-24 not yet calculated CVE-2018-1000036
MISCmupdf -- mupdf
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. 2018-05-24 not yet calculated CVE-2018-1000037
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
MISCmybb -- mybb
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. 2018-05-21 not yet calculated CVE-2018-11092
CONFIRM
CONFIRM
EXPLOIT-DBmyscada -- mypro
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. 2018-05-20 not yet calculated CVE-2018-11311
MISC
MISC
EXPLOIT-DBnetapp -- oncommand_unified_manager
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. 2018-05-24 not yet calculated CVE-2018-5487
CONFIRMnetapp -- oncommand_unified_manager
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. 2018-05-24 not yet calculated CVE-2018-5485
CONFIRMoctopus -- deploy
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. 2018-05-21 not yet calculated CVE-2018-11320
CONFIRMopencart -- opencart
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. 2018-05-23 not yet calculated CVE-2018-11231
MISCopencart -- opencart
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. 2018-05-26 not yet calculated CVE-2018-11495
MISCopencart -- opencart
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. 2018-05-26 not yet calculated CVE-2018-11494
MISCopenflow -- openflow
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake. 2018-05-24 not yet calculated CVE-2018-1000155
MISCosisoft -- pi_coresight
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability. 2018-05-25 not yet calculated CVE-2017-9641
BID
MISC
CONFIRMpbootcms -- pbootcms
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter. 2018-05-22 not yet calculated CVE-2018-11369
MISCpdfgen -- pdfgen
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read. 2018-05-22 not yet calculated CVE-2018-11363
MISC
MISCphpmywind -- phpmywind
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. 2018-05-26 not yet calculated CVE-2018-11487
MISCphpscriptsmall.com -- website_seller_script
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2. 2018-05-26 not yet calculated CVE-2018-11501
MISCpluck -- pluck
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted. 2018-05-21 not yet calculated CVE-2018-11330
MISC
MISCpluck -- pluck
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess. 2018-05-21 not yet calculated CVE-2018-11331
MISC
MISCprocps-ng/procps -- procps-ng/procps
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. 2018-05-23 not yet calculated CVE-2018-1126
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. 2018-05-23 not yet calculated CVE-2018-1125
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). 2018-05-23 not yet calculated CVE-2018-1123
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. 2018-05-23 not yet calculated CVE-2018-1122
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISCprocps-ng/procps -- procps-ng/procps
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. 2018-05-23 not yet calculated CVE-2018-1124
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISCpubliccms -- publiccms
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. 2018-05-26 not yet calculated CVE-2018-11500
MISCradare -- radare2
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. 2018-05-22 not yet calculated CVE-2018-11384
MISC
MISCradare -- radare2
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. 2018-05-22 not yet calculated CVE-2018-11377
MISC
MISC
MISCradare -- radare2
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file. 2018-05-22 not yet calculated CVE-2018-11378
MISC
MISCradare -- radare2
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. 2018-05-22 not yet calculated CVE-2018-11376
MISC
MISCradare -- radare2
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. 2018-05-22 not yet calculated CVE-2018-11375
MISC
MISCradare -- radare2
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. 2018-05-22 not yet calculated CVE-2018-11380
MISC
MISCradare -- radare2
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. 2018-05-22 not yet calculated CVE-2018-11383
MISC
MISCradare -- radare2
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. 2018-05-22 not yet calculated CVE-2018-11381
MISC
MISCradare -- radare2
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. 2018-05-22 not yet calculated CVE-2018-11382
MISC
MISCradare -- radare2
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. 2018-05-22 not yet calculated CVE-2018-11379
MISC
MISCradio_thermostat -- ct50_and_ct80
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. 2018-05-20 not yet calculated CVE-2018-11315
MISCreadstat -- readstat
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop. 2018-05-22 not yet calculated CVE-2018-11365
MISCreadstat -- readstat
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call. 2018-05-22 not yet calculated CVE-2018-11364
MISCsap -- internet_transaction_server
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. 2018-05-24 not yet calculated CVE-2018-11415
MISC
EXPLOIT-DBsimplisafe -- simplisafe_original
In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. 2018-05-24 not yet calculated CVE-2018-11400
MISCsimplisafe -- simplisafe_original
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. 2018-05-24 not yet calculated CVE-2018-11399
MISCsimplisafe -- simplisafe_original
SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. 2018-05-24 not yet calculated CVE-2018-11402
MISCsimplisafe -- simplisafe_original
In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. 2018-05-24 not yet calculated CVE-2018-11401
MISCskycaiji -- skycaiji
SkyCaiji 1.2 allows CSRF to add an Administrator user. 2018-05-22 not yet calculated CVE-2018-11371
MISCsquare_enix -- final_fantasy_xiv
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3. 2018-05-23 not yet calculated CVE-2018-7295
MISCtrend_micro -- email_encryption_gateway
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. 2018-05-23 not yet calculated CVE-2018-10352
CONFIRM
MISCtrend_micro -- email_encryption_gateway
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. 2018-05-23 not yet calculated CVE-2018-10355
CONFIRM
MISCtrend_micro -- email_encryption_gateway
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability. 2018-05-23 not yet calculated CVE-2018-10354
CONFIRM
MISCtrend_micro -- email_encryption_gateway
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. 2018-05-23 not yet calculated CVE-2018-10353
CONFIRM
MISCtrend_micro -- email_encryption_gateway
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. 2018-05-23 not yet calculated CVE-2018-10351
CONFIRM
MISCtrend_micro -- email_encryption_gateway
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability. 2018-05-23 not yet calculated CVE-2018-10356
CONFIRM
MISCtrend_micro -- endpoint_application_control
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability. 2018-05-23 not yet calculated CVE-2018-10357
CONFIRM
MISCtrend_micro -- maximum_security
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-05-25 not yet calculated CVE-2018-6235
CONFIRM
MISCtrend_micro -- maximum_security
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-05-25 not yet calculated CVE-2018-6236
CONFIRM
MISCtrend_micro -- maximum_security
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-05-25 not yet calculated CVE-2018-6233
CONFIRM
MISCtrend_micro -- maximum_security
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-05-25 not yet calculated CVE-2018-6232
CONFIRM
MISCtrend_micro -- maximum_security
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-05-25 not yet calculated CVE-2018-6234
CONFIRM
MISCtrend_micro -- smart_protection_server
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. 2018-05-25 not yet calculated CVE-2018-6237
CONFIRM
MISCtrend_micro -- smart_protection_server
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability. 2018-05-25 not yet calculated CVE-2018-10350
CONFIRM
MISC
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed. 2018-05-20 not yet calculated CVE-2018-11319
MISC
MISC
MISCvmware -- fusion
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. 2018-05-22 not yet calculated CVE-2018-6962
BID
SECTRACK
CONFIRMvmware -- workstation
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine. 2018-05-22 not yet calculated CVE-2018-6963
BID
SECTRACK
CONFIRMwindscribe -- windscribe
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe. 2018-05-25 not yet calculated CVE-2018-11479
MISCwindscribe -- windscribe
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. 2018-05-23 not yet calculated CVE-2018-11334
MISCwireshark -- wireshark
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. 2018-05-22 not yet calculated CVE-2018-11358
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. 2018-05-22 not yet calculated CVE-2018-11356
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. 2018-05-22 not yet calculated CVE-2018-11357
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. 2018-05-22 not yet calculated CVE-2018-11355
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. 2018-05-22 not yet calculated CVE-2018-11362
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. 2018-05-22 not yet calculated CVE-2018-11360
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. 2018-05-22 not yet calculated CVE-2018-11359
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. 2018-05-22 not yet calculated CVE-2018-11361
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. 2018-05-22 not yet calculated CVE-2018-11354
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpress
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0. 2018-05-22 not yet calculated CVE-2018-11366
MISC
MISC
MISC
MISCwuzhi_cms -- wuzhi_cms
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. 2018-05-26 not yet calculated CVE-2018-11493
MISC
Subscribe to:
Posts (Atom)