index_ label1 index_ label1
Providing services for federal, state and local government ...
index_ label2 index_ label2
Our commercial entity operations, providing enterprise services ...
index_ label3 index_ label3
How do we prepare for what's to come next? See inside ...
I.T. News
We are constantly interested in the latest and up-to-date technology.
As we move forward with the software development we will continue to use new technologies to improve our products and the customer experience. And we will continue to develop our solutions with both new functionality and increasing integration with the latest major platforms.

As the growing market shares and interests in the I.T. virtualization, we tailored the unique virtualization solution vFleXtor using proven, modern up-to-date technology.

Timely information about security topics and threats:

US-CERT: The United States Computer Emergency Readiness Team
  • Original release date: December 13, 2018

    The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a worldwide email campaign targeting businesses and organizations with bomb threats. The emails claim that a device will detonate unless a ransom in Bitcoin is paid.

    If you receive a bomb threat email, NCCIC recommends the following actions:


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 13, 2018 | Last revised: December 14, 2018

    WordPress 5.0 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

    The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.0.1.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 12, 2018

    Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

    The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Chrome Releases page and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 11, 2018

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

    The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Microsoft?s December 2018 Security Update Summary and Deployment Information and apply the necessary updates.

     


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 11, 2018

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 64 and Firefox ESR 60.4 and apply the necessary updates.

     


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 11, 2018

    Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system.

    The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Adobe Security Bulletin APSB18-41 and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 10, 2018

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

     

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    There were no high vulnerabilities recorded this week.
    Back to top

     

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    metinfo -- metinfoMetinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.2018-12-034.3CVE-2018-19835
    MISC
    Back to top

     

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    There were no low vulnerabilities recorded this week.
    Back to top

     

    Severity Not Yet Assigned

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    actiontec -- c1000a_routerPersistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.2018-12-06not yet calculatedCVE-2018-19922
    MISC
    amazon_web_services -- freertosAmazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.2018-12-06not yet calculatedCVE-2018-16527
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAmazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.2018-12-06not yet calculatedCVE-2018-16528
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAn issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.2018-12-06not yet calculatedCVE-2018-16602
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAn issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.2018-12-06not yet calculatedCVE-2018-16601
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAn issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.2018-12-06not yet calculatedCVE-2018-16600
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAn issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.2018-12-06not yet calculatedCVE-2018-16598
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAn issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.2018-12-06not yet calculatedCVE-2018-16599
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAmazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.2018-12-06not yet calculatedCVE-2018-16526
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAmazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.2018-12-06not yet calculatedCVE-2018-16522
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAn issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.2018-12-06not yet calculatedCVE-2018-16603
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAmazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.2018-12-06not yet calculatedCVE-2018-16525
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAmazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.2018-12-06not yet calculatedCVE-2018-16524
    MISC
    MISC
    CONFIRM
    amazon_web_services -- freertosAmazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.2018-12-06not yet calculatedCVE-2018-16523
    MISC
    MISC
    CONFIRM
    anker -- nebula_capsule_pro_nbui_m1_devicesAnker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.2018-12-08not yet calculatedCVE-2018-19980
    MISC
    antiy_labs -- avl_atoolLocal attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002000 by the IRPFile.sys Antiy-AVL ATool kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data, which results in a kernel stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation and a failed exploit could lead to denial of service.2018-12-05not yet calculatedCVE-2018-19650
    MISC
    arm -- mbed_tlsArm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.2018-12-05not yet calculatedCVE-2018-19608
    MISC
    CONFIRM
    CONFIRM
    artifex -- mupdfIn Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.2018-12-05not yet calculatedCVE-2018-19881
    MISC
    MISC
    artifex -- mupdfIn Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.2018-12-05not yet calculatedCVE-2018-19882
    MISC
    MISC
    aruba -- access_pointsA vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.2018-12-07not yet calculatedCVE-2018-7080
    BID
    CONFIRM
    aruba -- clearpassA Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.2018-12-07not yet calculatedCVE-2018-7067
    CONFIRM
    aruba -- clearpassAruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.2018-12-07not yet calculatedCVE-2018-7079
    CONFIRM
    aruba -- clearpassAn unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.2018-12-07not yet calculatedCVE-2018-7066
    CONFIRM
    aruba -- clearpassAn authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.2018-12-07not yet calculatedCVE-2018-7065
    CONFIRM
    aruba -- clearpassIn Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts.2018-12-07not yet calculatedCVE-2018-7063
    CONFIRM
    asustor -- admDirectory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.2018-12-04not yet calculatedCVE-2018-12314
    MISC
    asustor -- admMissing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.2018-12-04not yet calculatedCVE-2018-12315
    MISC
    asustor -- admDenial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.2018-12-04not yet calculatedCVE-2018-12319
    MISC
    asustor -- admOS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.2018-12-04not yet calculatedCVE-2018-12312
    MISC
    asustor -- admInformation disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.2018-12-04not yet calculatedCVE-2018-12318
    MISC
    asustor -- admOS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.2018-12-04not yet calculatedCVE-2018-12317
    MISC
    asustor -- admOS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.2018-12-04not yet calculatedCVE-2018-12316
    MISC
    asustor -- admCross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.2018-12-04not yet calculatedCVE-2018-12305
    MISC
    asustor -- admOS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.2018-12-04not yet calculatedCVE-2018-12307
    MISC
    asustor -- admCross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.2018-12-04not yet calculatedCVE-2018-12311
    MISC
    asustor -- admCross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.2018-12-04not yet calculatedCVE-2018-12310
    MISC
    asustor -- admDirectory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.2018-12-04not yet calculatedCVE-2018-12309
    MISC
    asustor -- admEncryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.2018-12-04not yet calculatedCVE-2018-12308
    MISC
    asustor -- admDirectory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.2018-12-04not yet calculatedCVE-2018-12306
    MISC
    asustor -- admOS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.2018-12-04not yet calculatedCVE-2018-12313
    MISC
    bastian_allgeier -- kirbypanel/login in Kirby v2.5.12 allows XSS via a blog name.2018-12-04not yet calculatedCVE-2018-16628
    MISC
    brocade_communications -- fabric_osA vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.2018-12-03not yet calculatedCVE-2018-6440
    CONFIRM
    brocade_communications -- fabric_osA vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.2018-12-03not yet calculatedCVE-2018-6439
    CONFIRM
    cairo -- cairocairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.2018-12-05not yet calculatedCVE-2018-19876
    MISC
    MISC
    chipsbank_technologies -- ump_toolChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.2018-12-03not yet calculatedCVE-2018-19795
    MISC
    cisco -- energy_management_suiteA vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database. The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory. There are workarounds that address this vulnerability.2018-12-04not yet calculatedCVE-2018-0468
    BID
    CISCO
    MISC
    cloud_foundry -- cloud_foundry_nfsCloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.2018-12-05not yet calculatedCVE-2018-15797
    CONFIRM
    crafter_software -- crafter_cmsA Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.2018-12-06not yet calculatedCVE-2018-19907
    MISC
    MISC
    dell -- encryptionDell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.2018-12-05not yet calculatedCVE-2018-15773
    MISC
    domainmod -- domainmodDomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.2018-12-06not yet calculatedCVE-2018-19913
    MISC
    domainmod -- domainmodDomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.2018-12-06not yet calculatedCVE-2018-19914
    MISC
    domainmod -- domainmodDomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.2018-12-06not yet calculatedCVE-2018-19915
    MISC
    domainmod -- domainmodDomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.2018-12-05not yet calculatedCVE-2018-19892
    MISC
    drobo -- 5n2_nasIncorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter.2018-12-03not yet calculatedCVE-2018-14695
    MISC
    drobo -- 5n2_nasIncorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.2018-12-03not yet calculatedCVE-2018-14696
    MISC
    drobo -- 5n2_nasCross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.2018-12-03not yet calculatedCVE-2018-14697
    MISC
    drobo -- 5n2_nasCross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.2018-12-03not yet calculatedCVE-2018-14698
    MISC
    drobo -- 5n2_nasSystem command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.2018-12-03not yet calculatedCVE-2018-14699
    MISC
    drobo -- 5n2_nasIncorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.2018-12-03not yet calculatedCVE-2018-14703
    MISC
    drobo -- 5n2_nasSystem command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.2018-12-03not yet calculatedCVE-2018-14701
    MISC
    drobo -- 5n2_nasIncorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.2018-12-03not yet calculatedCVE-2018-14702
    MISC
    drobo -- 5n2_nasIncorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.2018-12-03not yet calculatedCVE-2018-14709
    MISC
    drobo -- 5n2_nasAn insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.2018-12-03not yet calculatedCVE-2018-14708
    MISC
    drobo -- 5n2_nasDirectory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.2018-12-03not yet calculatedCVE-2018-14707
    MISC
    drobo -- 5n2_nasSystem command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.2018-12-03not yet calculatedCVE-2018-14706
    MISC
    drobo -- 5n2_nasIncorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter.2018-12-03not yet calculatedCVE-2018-14700
    MISC
    drobo -- 5n2_nasCross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.2018-12-03not yet calculatedCVE-2018-14704
    MISC
    f5 -- big-ipThe svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.2018-12-06not yet calculatedCVE-2018-15332
    BID
    CONFIRM
    foreman -- foremanA cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.2018-12-07not yet calculatedCVE-2018-16861
    CONFIRM
    freebsd -- freebsdIn FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.2018-12-04not yet calculatedCVE-2018-17157
    SECTRACK
    MISC
    FREEBSD
    freebsd -- freebsdIn FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.2018-12-04not yet calculatedCVE-2018-17158
    SECTRACK
    MISC
    FREEBSD
    freebsd -- freebsdIn FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.2018-12-04not yet calculatedCVE-2018-17159
    SECTRACK
    MISC
    FREEBSD
    freebsd -- freebsdIn FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.2018-12-04not yet calculatedCVE-2018-17160
    FREEBSD
    freeswitch -- freeswitchFreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.2018-12-06not yet calculatedCVE-2018-19911
    MISC
    MISC
    freeware_advanced_audio_coder -- freeware_advanced_audio_coderAn invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case.2018-12-05not yet calculatedCVE-2018-19887
    MISC
    freeware_advanced_audio_coder -- freeware_advanced_audio_coderAn invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case.2018-12-05not yet calculatedCVE-2018-19891
    MISC
    freeware_advanced_audio_coder -- freeware_advanced_audio_coderAn invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case.2018-12-05not yet calculatedCVE-2018-19890
    MISC
    freeware_advanced_audio_coder -- freeware_advanced_audio_coderAn invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case.2018-12-05not yet calculatedCVE-2018-19888
    MISC
    freeware_advanced_audio_coder -- freeware_advanced_audio_coderAn invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case.2018-12-05not yet calculatedCVE-2018-19889
    MISC
    freeware_advanced_audio_coder -- freeware_advanced_audio_coderAn invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.2018-12-05not yet calculatedCVE-2018-19886
    MISC
    general_electric -- proficy_cimplicity_gdsXXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.02018-12-07not yet calculatedCVE-2018-15362
    BID
    MISC
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.2018-12-04not yet calculatedCVE-2018-17976
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.2018-12-04not yet calculatedCVE-2018-18641
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.2018-12-04not yet calculatedCVE-2018-18642
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.2018-12-04not yet calculatedCVE-2018-18648
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.2018-12-04not yet calculatedCVE-2018-18644
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.2018-12-04not yet calculatedCVE-2018-18646
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.2018-12-04not yet calculatedCVE-2018-17975
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.2018-12-04not yet calculatedCVE-2018-18647
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.2018-12-04not yet calculatedCVE-2018-17939
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.2018-12-04not yet calculatedCVE-2018-18640
    CONFIRM
    CONFIRM
    gitlab -- community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.2018-12-04not yet calculatedCVE-2018-18645
    CONFIRM
    CONFIRM
    gitlab -- enterprise_editionThe Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.2018-12-04not yet calculatedCVE-2018-18843
    CONFIRM
    CONFIRM
    gnu -- binutilsAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.2018-12-07not yet calculatedCVE-2018-19932
    MISC
    MISC
    gnu -- binutilsAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.2018-12-07not yet calculatedCVE-2018-19931
    MISC
    MISC
    gnu -- c_libraryIn the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.2018-12-04not yet calculatedCVE-2018-19591
    BID
    SECTRACK
    FEDORA
    FEDORA
    CONFIRM
    CONFIRM
    CONFIRM
    google -- androidIn lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868.2018-12-06not yet calculatedCVE-2018-9549
    BID
    CONFIRM
    google -- androidIn V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526.2018-12-06not yet calculatedCVE-2018-9538
    BID
    CONFIRM
    google -- androidIn CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548.2018-12-06not yet calculatedCVE-2018-9551
    BID
    CONFIRM
    google -- androidIn ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892.2018-12-06not yet calculatedCVE-2018-9552
    BID
    CONFIRM
    google -- androidIn ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184.2018-12-06not yet calculatedCVE-2018-9556
    CONFIRM
    google -- androidIn impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594.2018-12-07not yet calculatedCVE-2018-9571
    CONFIRM
    google -- androidIn nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.2018-12-07not yet calculatedCVE-2018-9518
    CONFIRM
    UBUNTU
    UBUNTU
    google -- androidIn dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654.2018-12-06not yet calculatedCVE-2018-9554
    BID
    CONFIRM
    google -- androidIn l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180.2018-12-06not yet calculatedCVE-2018-9555
    CONFIRM
    google -- androidIn impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245.2018-12-07not yet calculatedCVE-2018-9576
    CONFIRM
    google -- androidIn easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833.2018-12-07not yet calculatedCVE-2018-9519
    CONFIRM
    google -- androidIn pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.2018-12-07not yet calculatedCVE-2018-9517
    CONFIRM
    google -- androidIn impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.2018-12-07not yet calculatedCVE-2018-9577
    CONFIRM
    google -- androidIn multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574.2018-12-06not yet calculatedCVE-2018-9548
    BID
    CONFIRM
    google -- androidIn impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387.2018-12-07not yet calculatedCVE-2018-9575
    CONFIRM
    google -- androidIn unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584.2018-12-06not yet calculatedCVE-2018-9547
    BID
    CONFIRM
    google -- androidIn MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297.2018-12-06not yet calculatedCVE-2018-9553
    BID
    CONFIRM
    google -- androidIn ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928.2018-12-07not yet calculatedCVE-2018-9578
    CONFIRM
    google -- androidIn rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557.2018-12-06not yet calculatedCVE-2018-9558
    CONFIRM
    google -- androidIn readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558.2018-12-06not yet calculatedCVE-2018-9565
    BID
    CONFIRM
    google -- androidIn process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-74249842.2018-12-06not yet calculatedCVE-2018-9566
    CONFIRM
    google -- androidOn Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936.2018-12-06not yet calculatedCVE-2018-9567
    BID
    CONFIRM
    google -- androidIn impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337.2018-12-07not yet calculatedCVE-2018-9574
    CONFIRM
    google -- androidIn sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.2018-12-06not yet calculatedCVE-2018-9568
    CONFIRM
    google -- androidIn impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537.2018-12-07not yet calculatedCVE-2018-9569
    CONFIRM
    google -- androidIn CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981.2018-12-06not yet calculatedCVE-2018-9550
    BID
    CONFIRM
    google -- androidIn impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616.2018-12-07not yet calculatedCVE-2018-9570
    CONFIRM
    google -- androidIn bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621.2018-12-06not yet calculatedCVE-2018-9562
    CONFIRM
    google -- androidIn really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357.2018-12-06not yet calculatedCVE-2018-9557
    CONFIRM
    google -- androidIn impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350.2018-12-07not yet calculatedCVE-2018-9573
    CONFIRM
    google -- androidIn HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737.2018-12-06not yet calculatedCVE-2018-9560
    CONFIRM
    google -- androidIn impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116224432.2018-12-07not yet calculatedCVE-2018-9572
    CONFIRM
    google -- androidIn persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440.2018-12-06not yet calculatedCVE-2018-9559
    CONFIRM
    google -- chromeA lack of host validation in DevTools in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.2018-12-04not yet calculatedCVE-2018-6101
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeAn integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6092
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    EXPLOIT-DB
    google -- chromeAn integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6090
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeAn iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.2018-12-04not yet calculatedCVE-2018-6088
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeA use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6087
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeRe-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6085
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeIncorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6108
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeInappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6115
    BID
    CONFIRM
    MISC
    GENTOO
    google -- chromeInappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to read local files via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6095
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeA double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6086
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeInline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6094
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeThe implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.106 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.2018-12-04not yet calculatedCVE-2018-6152
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeIncorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2018-12-04not yet calculatedCVE-2018-6104
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeA stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to bypass permission policy via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6103
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeIncorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2018-12-04not yet calculatedCVE-2018-6098
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeMissing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.2018-12-04not yet calculatedCVE-2018-6102
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeIncorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2018-12-04not yet calculatedCVE-2018-6105
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeIncorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2018-12-04not yet calculatedCVE-2018-6107
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeA lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6099
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chromeA nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6116
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    google -- chrome
     
    A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.2018-12-04not yet calculatedCVE-2018-6089
    BID
    REDHAT
    CONFIRM
    MISC
    GENTOO
    DEBIAN
    hashicorp -- vaultHashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.2018-12-05not yet calculatedCVE-2018-19786
    CONFIRM
    hitshop -- hitshopAn issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.2018-12-04not yet calculatedCVE-2018-19853
    MISC
    hpe -- integrated_lights-out_5A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.2018-12-03not yet calculatedCVE-2018-7113
    SECTRACK
    CONFIRM
    hpe -- intelligent_management_centerHPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.2018-12-03not yet calculatedCVE-2018-7114
    SECTRACK
    MISC
    CONFIRM
    hpe -- intelligent_management_centerHPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.2018-12-03not yet calculatedCVE-2018-7116
    SECTRACK
    MISC
    CONFIRM
    hpe -- intelligent_management_centerHPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.2018-12-03not yet calculatedCVE-2018-7115
    SECTRACK
    MISC
    CONFIRM
    hpe -- multiple_serversThe HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.2018-12-03not yet calculatedCVE-2018-7112
    SECTRACK
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    huawei -- p20_smartphonesThere is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition.2018-12-04not yet calculatedCVE-2018-7987
    CONFIRM
    huawei -- vip_appHuawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.2018-12-04not yet calculatedCVE-2018-7956
    CONFIRM
    hunan_jinyun_network_technology -- pbootcmsSearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.2018-12-05not yet calculatedCVE-2018-19893
    MISC
    ibm -- campaignIBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.2018-12-05not yet calculatedCVE-2018-1941
    XF
    CONFIRM
    ibm -- connectionsIBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.2018-12-06not yet calculatedCVE-2018-1935
    BID
    XF
    CONFIRM
    ibm -- connectionsIBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.2018-12-07not yet calculatedCVE-2018-1896
    XF
    CONFIRM
    ibm -- datapower_gatewaysIBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.2018-12-07not yet calculatedCVE-2018-1663
    XF
    CONFIRM
    ibm -- db2_for_linux_unix_and_windowsIBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.2018-11-30not yet calculatedCVE-2018-1897
    CONFIRM
    BID
    SECTRACK
    XF
    ibm -- financial_transaction_manager_for_digital_payments_for_multi-platformIBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329.2018-12-06not yet calculatedCVE-2018-1871
    CONFIRM
    XF
    ibm -- i2_enterprise_insight_analysisIBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 141340.2018-12-06not yet calculatedCVE-2018-1504
    XF
    CONFIRM
    ibm -- i2_enterprise_insight_analysisIBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117.2018-12-06not yet calculatedCVE-2018-1525
    XF
    CONFIRM
    ibm -- i2_enterprise_insight_analysisIBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.2018-12-06not yet calculatedCVE-2018-1505
    XF
    CONFIRM
    ibm -- marketing_platformIBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.2018-12-07not yet calculatedCVE-2018-1920
    CONFIRM
    XF
    ibm -- marketing_platformIBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.2018-12-07not yet calculatedCVE-2018-1424
    CONFIRM
    XF
    ibm -- maximo_asset_mangementIBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.2018-12-05not yet calculatedCVE-2018-1697
    XF
    CONFIRM
    ibm -- mq_and_console_rest_apiA problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.2018-12-07not yet calculatedCVE-2018-1883
    XF
    CONFIRM
    ibm -- qradar_siemIBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.2018-12-05not yet calculatedCVE-2018-1650
    CONFIRM
    XF
    ibm -- qradar_siemIBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.2018-12-05not yet calculatedCVE-2018-1568
    CONFIRM
    XF
    ibm -- qradar_siemIBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707.2018-12-05not yet calculatedCVE-2018-1728
    XF
    CONFIRM
    ibm -- qradar_siemIBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.2018-12-05not yet calculatedCVE-2018-1730
    XF
    CONFIRM
    ibm -- qradar_siemIBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810.2018-12-05not yet calculatedCVE-2018-1732
    CONFIRM
    XF
    ibm -- qradar_siemIBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653.2018-12-05not yet calculatedCVE-2018-1648
    CONFIRM
    XF
    ibm -- qradar_siemIBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.2018-12-05not yet calculatedCVE-2017-1622
    XF
    CONFIRM
    ibm -- websphere_application_serverIBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.2018-12-03not yet calculatedCVE-2018-1840
    XF
    CONFIRM
    intelliants -- subrion_cmsSubrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.2018-12-04not yet calculatedCVE-2018-16631
    MISC
    intelliants -- subrion_cmspanel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.2018-12-04not yet calculatedCVE-2018-16629
    MISC
    intel -- integrated performance primitivesData leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.2018-12-05not yet calculatedCVE-2018-12155
    CONFIRM
    internet2 -- grouperCross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter.2018-12-03not yet calculatedCVE-2018-19794
    MISC
    MISC
    MISC

    jiacrontab -- jiacrontab

    jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.2018-12-03not yet calculatedCVE-2018-19793
    MISC
    kubernetes -- kubernetesIn Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.2018-12-05not yet calculatedCVE-2018-1002101
    CONFIRM
    kubernetes -- kubernetesIn all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.2018-12-05not yet calculatedCVE-2018-1002105
    BID
    REDHAT
    REDHAT
    REDHAT
    REDHAT
    REDHAT
    REDHAT
    REDHAT
    REDHAT
    MISC
    CONFIRM
    CONFIRM
    kubernetes -- kubernetesIn Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.2018-12-05not yet calculatedCVE-2018-1002103
    CONFIRM
    libraw -- librawAn error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.2018-12-07not yet calculatedCVE-2017-16910
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawA boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.2018-12-07not yet calculatedCVE-2018-5805
    REDHAT
    MISC
    MISC
    SECUNIA
    MISC
    libraw -- librawAn error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.2018-12-07not yet calculatedCVE-2018-5806
    REDHAT
    MISC
    MISC
    SECUNIA
    MISC
    libraw -- librawAn error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.2018-12-07not yet calculatedCVE-2018-5801
    REDHAT
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.2018-12-07not yet calculatedCVE-2018-5802
    REDHAT
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.2018-12-07not yet calculatedCVE-2018-5815
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).2018-12-07not yet calculatedCVE-2018-5816
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.2018-12-07not yet calculatedCVE-2018-5807
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.2018-12-07not yet calculatedCVE-2018-5809
    MISC
    MISC
    SECUNIA
    MISC
    libraw -- librawAn error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.2018-12-07not yet calculatedCVE-2018-5808
    MISC
    MISC
    SECUNIA
    MISC
    libraw -- librawAn error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.2018-12-07not yet calculatedCVE-2018-5812
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawA type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.2018-12-07not yet calculatedCVE-2018-5804
    MISC
    MISC
    SECUNIA
    MISC
    libraw -- librawAn error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.2018-12-07not yet calculatedCVE-2018-5813
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.2018-12-07not yet calculatedCVE-2018-5810
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.2018-12-07not yet calculatedCVE-2018-5811
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.2018-12-07not yet calculatedCVE-2018-5800
    BID
    REDHAT
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    libraw -- librawAn error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.2018-12-07not yet calculatedCVE-2017-16909
    MISC
    MISC
    SECUNIA
    MISC
    UBUNTU
    linux -- linux_kernelIn the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.2018-12-03not yet calculatedCVE-2018-19824
    BID
    MISC
    MISC
    MISC
    linux -- linux_kernelAn issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).2018-12-04not yet calculatedCVE-2018-19854
    MISC
    MISC
    MISC
    litespeed_technologies -- openlitespeedThe server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.2018-12-03not yet calculatedCVE-2018-19792
    MISC
    litespeed_technologies -- openlitespeedThe server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.2018-12-03not yet calculatedCVE-2018-19791
    MISC
    lxml -- lxmlAn issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.2018-12-02not yet calculatedCVE-2018-19787
    MISC
    mcafee -- true_keyPrivilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.2018-12-06not yet calculatedCVE-2018-6757
    CONFIRM
    mcafee -- true_keyAuthentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.2018-12-06not yet calculatedCVE-2018-6756
    CONFIRM
    mcafee -- true_keyWeak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.2018-12-06not yet calculatedCVE-2018-6755
    CONFIRM
    metinfo -- metinfoIn Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.2018-12-03not yet calculatedCVE-2018-19836
    MISC
    misp -- mispAn issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.2018-12-06not yet calculatedCVE-2018-19908
    MISC
    MISC
    moxa -- nport_w2x50aAn exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.2018-12-06not yet calculatedCVE-2018-19660
    MISC
    FULLDISC
    moxa -- nport_w2x50aAn exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.2018-12-06not yet calculatedCVE-2018-19659
    MISC
    FULLDISC
    netapp -- data_ontapData ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.2018-12-04not yet calculatedCVE-2018-5496
    CONFIRM
    netgate -- pfsense_ceAn exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.2018-12-03not yet calculatedCVE-2018-4019
    MISC
    netgate -- pfsense_ceAn exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter.2018-12-03not yet calculatedCVE-2018-4021
    MISC
    netgate -- pfsense_ceAn exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter.2018-12-03not yet calculatedCVE-2018-4020
    MISC
    nice_incontact -- multiple_productsTwo stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application.2018-12-04not yet calculatedCVE-2018-18993
    BID
    MISC
    nice_incontact -- multiple_productsIn CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.2018-12-04not yet calculatedCVE-2018-18989
    BID
    MISC
    norton -- password_manger_for_androidNorton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.2018-12-06not yet calculatedCVE-2018-18362
    BID
    CONFIRM
    nuuo -- nvrmini2NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.2018-12-05not yet calculatedCVE-2018-19864
    MISC
    MISC
    nuuo -- nvrmini2NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.2018-11-30not yet calculatedCVE-2018-15716
    BID
    MISC
    EXPLOIT-DB
    MISC
    onionshare -- onionshareThe debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.2018-12-07not yet calculatedCVE-2018-19960
    MISC
    openrefine -- openrefineOpenRefine before 3.5 allows directory traversal via a relative pathname in a ZIP archive.2018-12-05not yet calculatedCVE-2018-19859
    MISC
    osb -- vt-designerVT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.2018-11-30not yet calculatedCVE-2018-18983
    BID
    MISC
    osb -- vt-designerVT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.2018-11-30not yet calculatedCVE-2018-18987
    BID
    MISC
    perl -- perlPerl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.2018-12-05not yet calculatedCVE-2018-18312
    SECTRACK
    CONFIRM
    FEDORA
    CONFIRM
    CONFIRM
    CONFIRM
    UBUNTU
    DEBIAN
    perl -- perlPerl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.2018-12-07not yet calculatedCVE-2018-18314
    SECTRACK
    CONFIRM
    CONFIRM
    FEDORA
    CONFIRM
    CONFIRM
    UBUNTU
    DEBIAN
    perl -- perlPerl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.2018-12-07not yet calculatedCVE-2018-18311
    SECTRACK
    CONFIRM
    CONFIRM
    MLIST
    FEDORA
    CONFIRM
    CONFIRM
    CONFIRM
    UBUNTU
    UBUNTU
    DEBIAN
    perl -- perlPerl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.2018-12-07not yet calculatedCVE-2018-18313
    SECTRACK
    CONFIRM
    CONFIRM
    FEDORA
    CONFIRM
    CONFIRM
    UBUNTU
    UBUNTU
    DEBIAN
    philips -- healthsuite_health_android_appPhilips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.2018-12-07not yet calculatedCVE-2018-19001
    BID
    MISC
    php -- phpext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.2018-12-07not yet calculatedCVE-2018-19935
    MISC
    pixelimity_cms -- pixelimity_cmsPixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.2018-12-06not yet calculatedCVE-2018-19919
    MISC
    pluck -- pluckPluck v4.7.7 allows CSRF via admin.php?action=settings.2018-12-04not yet calculatedCVE-2018-16634
    MISC
    pluck -- pluckPluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.2018-12-04not yet calculatedCVE-2018-16633
    MISC
    policykit/polkit -- policykit/polkitA flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.2018-12-03not yet calculatedCVE-2018-19788
    MISC
    MISC
    DEBIAN
    powerdns -- recursorAn issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.2018-12-03not yet calculatedCVE-2018-16855
    CONFIRM
    MISC
    proxygen -- proxygenA potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.2018-12-03not yet calculatedCVE-2018-6332
    MISC
    python -- simplehttpserverA Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.2018-12-04not yet calculatedCVE-2018-16478
    MISC
    qemu -- qemuThe Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.2018-12-06not yet calculatedCVE-2018-19665
    MLIST
    BID
    MLIST
    qt -- qt
     
    A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.2018-12-05not yet calculatedCVE-2018-19865
    MISC
    MISC
    MISC
    MISC
    MISC
    MISC
    MISC
    MISC
    MISC
    MISC
    MISC
    qualcomm -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.2018-12-07not yet calculatedCVE-2018-11905
    BID
    CONFIRM
    qualcomm -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.2018-12-07not yet calculatedCVE-2017-14888
    CONFIRM
    CONFIRM
    qualcomm -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.2018-12-07not yet calculatedCVE-2017-15835
    CONFIRM
    CONFIRM
    quicken -- quicken_deluxe_2018_for_macAn exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.2018-12-03not yet calculatedCVE-2018-3854
    MISC
    radare -- radare2opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.2018-12-04not yet calculatedCVE-2018-19843
    MISC
    MISC
    radare -- radare2getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.2018-12-04not yet calculatedCVE-2018-19842
    MISC
    MISC
    red_hat -- enterprise_linuxA Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.2018-12-03not yet calculatedCVE-2018-16869
    MISC
    BID
    CONFIRM
    red_hat -- enterprise_linuxA Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.2018-12-03not yet calculatedCVE-2018-16868
    MISC
    BID
    CONFIRM
    red_hat -- enterprise_linux_7It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.2018-12-03not yet calculatedCVE-2018-16863
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    REDHAT
    CONFIRM
    rockwell_automation -- micrologix_1400_controllers_and_1756_controllogix_communications_modulesRockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.2018-12-07not yet calculatedCVE-2018-17924
    BID
    MISC
    sales_and_company_management_system -- sales_and_company_management_systemAn issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.2018-12-06not yet calculatedCVE-2018-19925
    MISC
    sales_and_company_management_system -- sales_and_company_management_systemAn issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.2018-12-06not yet calculatedCVE-2018-19924
    MISC
    sales_and_company_management_system -- sales_and_company_management_systemAn issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.2018-12-06not yet calculatedCVE-2018-19923
    MISC
    santa_cruz_operation -- tarantella_enterpriseTarantella Enterprise before 3.11 allows Directory Traversal.2018-12-05not yet calculatedCVE-2018-19753
    MISC
    FULLDISC
    santa_cruz_operation -- tarantella_enterpriseTarantella Enterprise before 3.11 allows bypassing Access Control.2018-12-05not yet calculatedCVE-2018-19754
    MISC
    FULLDISC
    sass -- libsassIn LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().2018-12-04not yet calculatedCVE-2018-19838
    MISC
    sass -- libsassIn LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.2018-12-03not yet calculatedCVE-2018-19797
    MISC
    sass -- libsassIn LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.2018-12-04not yet calculatedCVE-2018-19837
    MISC
    MISC
    sass -- libsassIn LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.2018-12-04not yet calculatedCVE-2018-19839
    MISC
    MISC
    sass -- libsassIn LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.2018-12-03not yet calculatedCVE-2018-19827
    MISC
    sass -- libsassIn inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters.2018-12-03not yet calculatedCVE-2018-19826
    MISC
    solarwinds -- sftp/scp_serverIn SolarWinds SFTP/SCP server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.2018-12-05not yet calculatedCVE-2018-16791
    FULLDISC
    solarwinds -- sftp/scp_serverSolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.2018-12-05not yet calculatedCVE-2018-16792
    FULLDISC
    spidercontrol -- scada_webserverReflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser.2018-12-04not yet calculatedCVE-2018-18991
    BID
    MISC
    thinkcmf -- thinkcmfThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.2018-12-05not yet calculatedCVE-2018-19898
    MISC
    thinkcmf -- thinkcmfThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.2018-12-05not yet calculatedCVE-2018-19895
    MISC
    thinkcmf -- thinkcmfThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.2018-12-05not yet calculatedCVE-2018-19896
    MISC
    thinkcmf -- thinkcmfThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.2018-12-05not yet calculatedCVE-2018-19897
    MISC
    thinkcmf -- thinkcmfThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.2018-12-05not yet calculatedCVE-2018-19894
    MISC
    videolan -- vlc_media_playerThe CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.2018-12-05not yet calculatedCVE-2018-19857
    BID
    MISC
    MISC
    vmware -- esxiVMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.2018-12-04not yet calculatedCVE-2018-6982
    BID
    SECTRACK
    CONFIRM
    vmware -- multiple_productsVMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.2018-12-04not yet calculatedCVE-2018-6981
    BID
    SECTRACK
    SECTRACK
    CONFIRM
    wavpack -- wavpackThe function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.2018-12-04not yet calculatedCVE-2018-19840
    MISC
    MISC
    UBUNTU
    wavpack -- wavpackThe function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.2018-12-04not yet calculatedCVE-2018-19841
    MISC
    MISC
    UBUNTU
    wordpress -- wordpressAn open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.2018-12-03not yet calculatedCVE-2018-19796
    MISC
    MISC
    wordpress -- wordpressThere is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.2018-12-03not yet calculatedCVE-2018-1002001
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThere is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.2018-12-03not yet calculatedCVE-2018-1002000
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThere is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.2018-12-03not yet calculatedCVE-2018-1002003
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThere is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.2018-12-03not yet calculatedCVE-2018-1002002
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThese vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.2018-12-03not yet calculatedCVE-2018-1002005
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThere is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.2018-12-03not yet calculatedCVE-2018-1002004
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThere is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.2018-12-03not yet calculatedCVE-2018-1002007
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThere is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.2018-12-03not yet calculatedCVE-2018-1002008
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThere is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.2018-12-03not yet calculatedCVE-2018-1002009
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpressThese vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes2018-12-03not yet calculatedCVE-2018-1002006
    MISC
    MISC
    EXPLOIT-DB
    wordpress -- wordpresslogin.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.2018-12-05not yet calculatedCVE-2018-19877
    MISC
    EXPLOIT-DB
    xen -- xenAn issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.2018-12-07not yet calculatedCVE-2018-19965
    MISC
    xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.2018-12-07not yet calculatedCVE-2018-19966
    MISC
    xen -- xenAn issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.2018-12-07not yet calculatedCVE-2018-19964
    MISC
    xen -- xenAn issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.2018-12-07not yet calculatedCVE-2018-19963
    MISC
    xen -- xenAn issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.2018-12-07not yet calculatedCVE-2018-19962
    MISC
    xen -- xenAn issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.2018-12-07not yet calculatedCVE-2018-19961
    MISC
    xen -- xenAn issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.2018-12-07not yet calculatedCVE-2018-19967
    MISC
    xiaomi -- daisy-o-miss_mi_a2_lite_and_redmi6_devicesThe Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.2018-12-07not yet calculatedCVE-2018-19939
    MISC
    yunohost -- yunohostTwo XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.2018-12-04not yet calculatedCVE-2018-11348
    MISC
    yunohost -- yunohostThe YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning.2018-12-04not yet calculatedCVE-2018-11347
    MISC
    yzmcms -- yzmcmsAn issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.2018-12-04not yet calculatedCVE-2018-19849
    MISC
    zenitel -- ip-stationwebZenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.2018-12-06not yet calculatedCVE-2018-19927
    MISC
    zenitel -- ip-stationwebZenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.2018-12-06not yet calculatedCVE-2018-19926
    MISC
    zoho_manageengine -- opmanagerZoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.2018-12-06not yet calculatedCVE-2018-19921
    MISC
    zte -- zxin10_routersAll versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Orange branch are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.2018-12-07not yet calculatedCVE-2018-7364
    CONFIRM
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 06, 2018

    Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-42 and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 05, 2018

    Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Original release date: December 04, 2018

    Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

    NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.