SB18-225: Vulnerability Summary for the Week of August 6, 2018

Original release date: August 13, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no high vulnerabilities recorded this week.

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no medium vulnerabilities recorded this week.

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no low vulnerabilities recorded this week.

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
aedes — aedes	Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.	2018-08-08	not yet calculated	CVE-2018-3778 MISC MISC MISC
apache — airflow	It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don’t, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.	2018-08-06	not yet calculated	CVE-2017-12614 MLIST
arubanetworks — airwave	Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker’s choosing. This could include files that contain passwords, which could then lead to privilege escalation.	2018-08-06	not yet calculated	CVE-2016-8526 CONFIRM BID EXPLOIT-DB
arubanetworks — airwave	Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.	2018-08-06	not yet calculated	CVE-2016-8527 CONFIRM BID EXPLOIT-DB
arubanetworks — arubaos	Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code – remote code execution has not yet been confirmed.	2018-08-06	not yet calculated	CVE-2017-9003 CONFIRM SECTRACK
arubanetworks — arubaos	ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.	2018-08-06	not yet calculated	CVE-2017-9000 CONFIRM SECTRACK
arubanetworks — clearpass	Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the “mon” permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with “mon” permission.	2018-08-06	not yet calculated	CVE-2018-7059 CONFIRM
arubanetworks — clearpass	Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.	2018-08-06	not yet calculated	CVE-2018-7060 CONFIRM
arubanetworks — clearpass	Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.	2018-08-06	not yet calculated	CVE-2018-7058 CONFIRM
arubanetworks — clearpass	Aruba ClearPass 6.6.3 and later includes a feature called “SSH Lockout”, which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with “root” privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.	2018-08-06	not yet calculated	CVE-2017-9001 CONFIRM
arubanetworks — clearpass	All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.	2018-08-06	not yet calculated	CVE-2017-9002 CONFIRM
asus — hg100_devices	ASUS HG100 devices allow denial of service via an IPv4 packet flood.	2018-08-10	not yet calculated	CVE-2018-11492 MISC
atlassian — cloudtoken	Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users’ roles.	2018-08-10	not yet calculated	CVE-2018-13390 MISC
auracms — auracms	AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.	2018-08-07	not yet calculated	CVE-2018-15199 MISC
celalink — clr-m20_devices	CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.	2018-08-07	not yet calculated	CVE-2018-15137 MISC
cgit — cgit	cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.	2018-08-03	not yet calculated	CVE-2018-14912 MISC MLIST MISC DEBIAN
cisco — thor	Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream.	2018-08-09	not yet calculated	CVE-2018-0429 CONFIRM
cobbler — cobbler	It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.	2018-08-09	not yet calculated	CVE-2018-10931 REDHAT CONFIRM
coremail — coremail	Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.	2018-08-10	not yet calculated	CVE-2018-14503 MISC
couchdb — couchdb	CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system’s user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.	2018-08-08	not yet calculated	CVE-2018-11769 BID MISC
craft — cms	A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don’t match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.	2018-08-06	not yet calculated	CVE-2018-14716 MISC CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB
crestron — tsw-x60_and_mc3	For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.	2018-08-10	not yet calculated	CVE-2018-10630 MISC
crestron — tsw-x60_and_mc3	Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.	2018-08-10	not yet calculated	CVE-2018-13341 MISC
csrf-magic — csrf-magic	In csrf-magic before 1.0.4, if $GLOBALS[‘csrf’][‘secret’] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.	2018-08-07	not yet calculated	CVE-2013-7464 MISC MISC MISC
dell — wyse_management_suite	Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.	2018-08-10	not yet calculated	CVE-2018-11063 MISC
dell_emc — data_protection_advisor_and_data_protection_appliance	Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.	2018-08-10	not yet calculated	CVE-2018-11048 FULLDISC SECTRACK
dilawar — sound	An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).	2018-08-05	not yet calculated	CVE-2018-14948 MISC MISC
django — django	django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.	2018-08-03	not yet calculated	CVE-2018-14574 BID SECTRACK UBUNTU DEBIAN CONFIRM
drupal — drupal	Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.	2018-08-06	not yet calculated	CVE-2017-6920 BID SECTRACK CONFIRM
emlsoft — emlsoft	An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.	2018-08-06	not yet calculated	CVE-2018-14966 MISC
emlsoft — emlsoft	An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF.	2018-08-06	not yet calculated	CVE-2018-14965 MISC
emlsoft — emlsoft	An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter.	2018-08-06	not yet calculated	CVE-2018-14968 MISC
emlsoft — emlsoft	An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter.	2018-08-06	not yet calculated	CVE-2018-14967 MISC
emlsoft — emlsoft	An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.	2018-08-06	not yet calculated	CVE-2018-14964 MISC
ethereum — eether_token	An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker’s digital assets.	2018-08-08	not yet calculated	CVE-2018-11561 MISC
ethereum — megacryptopolis	The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract’s land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.	2018-08-06	not yet calculated	CVE-2018-13877 MISC
ethereum — mycryptochamp	The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.	2018-08-07	not yet calculated	CVE-2018-12885 MISC MISC MISC
ethereum — smartmesh_token	The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).	2018-08-10	not yet calculated	CVE-2018-10769 MISC
freebsd — freebsd	One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system’s network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.	2018-08-09	not yet calculated	CVE-2018-6922 SECTRACK FREEBSD
gitea_and_gogs — gitea_and_gogs	An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.	2018-08-07	not yet calculated	CVE-2018-15192 MISC MISC
gogs — gogs	A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.	2018-08-07	not yet calculated	CVE-2018-15193 MISC
gogs — gogs	Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.	2018-08-07	not yet calculated	CVE-2018-15178 MISC MISC
gxlcms — gxlcms	In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.	2018-08-07	not yet calculated	CVE-2018-15177 MISC
harmonic — nsg_9000_devices	Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.	2018-08-05	not yet calculated	CVE-2018-14943 MISC
harmonic — nsg_9000_devices	Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.	2018-08-05	not yet calculated	CVE-2018-14941 MISC
harmonic — nsg_9000_devices	Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by “POST /PY/EMULATION_GET_FILE” or “POST /PY/EMULATION_EXPORT” with FileName=../../../passwd in the POST data.	2018-08-05	not yet calculated	CVE-2018-14942 MISC
hewlett_packard_enterprise — arcsight_winc_connector	A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.	2018-08-06	not yet calculated	CVE-2016-4391 BID SECTRACK CONFIRM
hewlett_packard_enterprise — business_service_management	A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26	2018-08-06	not yet calculated	CVE-2016-4405 BID CONFIRM
hewlett_packard_enterprise — business_service_management	A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 – v9.25IP1.	2018-08-06	not yet calculated	CVE-2016-4392 BID SECTRACK CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management	HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.	2018-08-06	not yet calculated	CVE-2017-8992 CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management	HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.	2018-08-06	not yet calculated	CVE-2018-7070 CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management	HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.	2018-08-06	not yet calculated	CVE-2018-7068 CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management	HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.	2018-08-06	not yet calculated	CVE-2018-7069 CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management	HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.	2018-08-06	not yet calculated	CVE-2017-8991 CONFIRM
hewlett_packard_enterprise — icewall_sso_dfw	A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.	2018-08-06	not yet calculated	CVE-2017-8989 CONFIRM
hewlett_packard_enterprise — integrated_lights_out	A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions.	2018-08-06	not yet calculated	CVE-2017-8987 SECTRACK CONFIRM
hewlett_packard_enterprise — integrated_lights_out	A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.	2018-08-06	not yet calculated	CVE-2018-7078 SECTRACK CONFIRM
hewlett_packard_enterprise — integrated_lights_out	A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.	2018-08-06	not yet calculated	CVE-2016-4406 BID SECTRACK CONFIRM
hewlett_packard_enterprise — intelligent_management_center	A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.	2018-08-06	not yet calculated	CVE-2018-7092 SECTRACK CONFIRM
hewlett_packard_enterprise — intelligent_management_center_wireless_service_manager	A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.	2018-08-06	not yet calculated	CVE-2017-8990 SECTRACK CONFIRM
hewlett_packard_enterprise — intelligent_management_center	A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.	2018-08-06	not yet calculated	CVE-2018-7074 SECTRACK CONFIRM
hewlett_packard_enterprise — intelligent_management_center	A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version.	2018-08-06	not yet calculated	CVE-2018-7075 CONFIRM
hewlett_packard_enterprise — keyview	A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.	2018-08-06	not yet calculated	CVE-2016-4404 BID SECTRACK CONFIRM
hewlett_packard_enterprise — keyview	A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.	2018-08-06	not yet calculated	CVE-2016-4402 BID SECTRACK CONFIRM
hewlett_packard_enterprise — keyview	A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.	2018-08-06	not yet calculated	CVE-2016-4403 BID SECTRACK CONFIRM
hewlett_packard_enterprise — moonshot_provisioning_manager	A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.	2018-08-06	not yet calculated	CVE-2018-7072 CONFIRM MISC
hewlett_packard_enterprise — moonshot_provisioning_manager	A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.	2018-08-06	not yet calculated	CVE-2018-7073 CONFIRM UBUNTU MISC
hewlett_packard_enterprise — network_function_virtualization_director	HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.	2018-08-06	not yet calculated	CVE-2018-7071 CONFIRM
hewlett_packard_enterprise — network_node_manager_i	A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).	2018-08-06	not yet calculated	CVE-2016-4400 BID SECTRACK CONFIRM
hewlett_packard_enterprise — network_node_manager_i	A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.	2018-08-06	not yet calculated	CVE-2016-4397 BID BID SECTRACK CONFIRM
hewlett_packard_enterprise — network_node_manager_i	A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).	2018-08-06	not yet calculated	CVE-2016-4399 BID SECTRACK CONFIRM
hewlett_packard_enterprise — network_node_manager_i	A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.	2018-08-06	not yet calculated	CVE-2016-4398 BID CONFIRM
hewlett_packard_enterprise — restful_interface_tool	A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.	2018-08-06	not yet calculated	CVE-2017-8968 CONFIRM
hewlett_packard_enterprise — xp_command_view_advanced_edition	A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).	2018-08-06	not yet calculated	CVE-2017-8988 CONFIRM
hewlett_packard_enterprise — xp_p9000_command_view_advanced_edition	HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.	2018-08-06	not yet calculated	CVE-2018-7091 CONFIRM
hewlett_packard_enterprise — xp_p9000_command_view_advanced_edition	HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.	2018-08-06	not yet calculated	CVE-2018-7090 CONFIRM
hitachi — command_suite	An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.	2018-08-09	not yet calculated	CVE-2018-14735 CONFIRM
ibm — jazz_foundation_products	IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139025.	2018-08-06	not yet calculated	CVE-2018-1422 CONFIRM BID XF
ibm — maximo_asset_management	IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.	2018-08-03	not yet calculated	CVE-2018-1524 XF CONFIRM
ibm — maximo_asset_management	IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.	2018-08-06	not yet calculated	CVE-2018-1528 BID XF CONFIRM
ibm — rhapsody_model_manager	IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510.	2018-08-07	not yet calculated	CVE-2018-1690 CONFIRM XF
ibm — security_identity_governance_virtual_appliance	IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.	2018-08-06	not yet calculated	CVE-2017-1366 CONFIRM XF
ibm — security_identity_governance_virtual_appliance	IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400.	2018-08-06	not yet calculated	CVE-2017-1412 CONFIRM XF
ibm — security_identity_governance_virtual_appliance	IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855.	2018-08-06	not yet calculated	CVE-2017-1755 CONFIRM XF
ibm — security_identity_governance_virtual_appliance	IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 126861.	2018-08-06	not yet calculated	CVE-2017-1368 CONFIRM XF
ibm — security_identity_governance_virtual_appliance	IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.	2018-08-06	not yet calculated	CVE-2017-1411 CONFIRM XF
ibm — security_identity_governance_virtual_appliance	IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342.	2018-08-06	not yet calculated	CVE-2017-1396 CONFIRM XF
ibm — security_identity_governance_virtual_appliance	IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 127396.	2018-08-06	not yet calculated	CVE-2017-1409 CONFIRM XF
ibm — websphere_mq	IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.	2018-08-06	not yet calculated	CVE-2018-1551 BID XF CONFIRM
ignited — cms	An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages.	2018-08-08	not yet calculated	CVE-2018-15203 MISC
insteon — hub	Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow.	2018-08-06	not yet calculated	CVE-2017-16252 MISC
insteon — hub	An exploitable buffer overflow vulnerability exists in the PubNub message handler for the ‘ad’ channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.	2018-08-06	not yet calculated	CVE-2017-14447 MISC
jenkins — jenkins	jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.	2018-08-06	not yet calculated	CVE-2017-2654 CONFIRM CONFIRM
jiofi — 4g_hotspot_m2s_devices	JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields.	2018-08-09	not yet calculated	CVE-2018-15181 MISC
jpeg_encoder — jpeg_encoder	An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.	2018-08-05	not yet calculated	CVE-2018-14945 MISC MISC
jpeg_encoder — jpeg_encoder	An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.	2018-08-05	not yet calculated	CVE-2018-14944 MISC MISC
juunan06 — ecommerce	An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.	2018-08-08	not yet calculated	CVE-2018-15202 MISC
laravel — framework	In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.	2018-08-09	not yet calculated	CVE-2018-15133 CONFIRM
libpq — libpq	A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with “host” or “hostaddr” connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.	2018-08-09	not yet calculated	CVE-2018-10915 CONFIRM DEBIAN CONFIRM
libreoffice — libreoffice	The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.	2018-08-05	not yet calculated	CVE-2018-14939 BID MISC
libtiff — libtiff	ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.	2018-08-08	not yet calculated	CVE-2018-15209 MISC
linux — kernel	The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a “software IO TLB” printk call.	2018-08-07	not yet calculated	CVE-2018-5953 BID MISC
linux — kernel	The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a “pages/cpu” printk call.	2018-08-07	not yet calculated	CVE-2018-5995 BID MISC
linux — kernel	The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading “ffree: ” lines in a debugfs file.	2018-08-10	not yet calculated	CVE-2018-7754 CONFIRM MISC
linux — kernel	Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.	2018-08-06	not yet calculated	CVE-2018-5390 BID SECTRACK SECTRACK CONFIRM UBUNTU UBUNTU DEBIAN CERT-VN CONFIRM
lxc-user-nic — lxc-user-nic	lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn’t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.	2018-08-10	not yet calculated	CVE-2018-6556 CONFIRM CONFIRM UBUNTU
medtronic — mycarelink_and_patient_monitor	A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.	2018-08-10	not yet calculated	CVE-2018-10626 BID MISC
medtronic — mycarelink_and_patient_monitor	A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.	2018-08-10	not yet calculated	CVE-2018-10622 BID MISC
multiple_vendors — bluetooth_firmware_and_operating_system_software_drivers	Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.	2018-08-07	not yet calculated	CVE-2018-5383 MISC BID SECTRACK CONFIRM CERT-VN
netcomm_wireless — 4g_lte_light_industrial_m2m_router	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.	2018-08-10	not yet calculated	CVE-2018-14785 MISC
netcomm_wireless — 4g_lte_light_industrial_m2m_router	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.	2018-08-10	not yet calculated	CVE-2018-14783 MISC
netcomm_wireless — 4g_lte_light_industrial_m2m_router	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device.	2018-08-10	not yet calculated	CVE-2018-14784 MISC
netcomm_wireless — 4g_lte_light_industrial_m2m_router	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.	2018-08-10	not yet calculated	CVE-2018-14782 MISC
netiq — edirectory	Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.	2018-08-09	not yet calculated	CVE-2018-7692 MISC
netiq — edirectory	Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.	2018-08-09	not yet calculated	CVE-2018-7686 MISC
nmap — nmap	Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.	2018-08-07	not yet calculated	CVE-2018-15173 MISC MISC
ocs_inventory_ng — ocs_inventory_server	Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.	2018-08-06	not yet calculated	CVE-2018-14857 FULLDISC SECTRACK CONFIRM
onethink — onethink	An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.	2018-08-07	not yet calculated	CVE-2018-15198 MISC
onethink — onethink	An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.	2018-08-07	not yet calculated	CVE-2018-15197 MISC
oracle — database_server	A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).	2018-08-10	not yet calculated	CVE-2018-3110 CONFIRM
pdf2json — pdf2json	An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).	2018-08-05	not yet calculated	CVE-2018-14946 MISC MISC
pdf2json — pdf2json	An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).	2018-08-05	not yet calculated	CVE-2018-14947 MISC MISC
php — php	An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn’t implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.	2018-08-07	not yet calculated	CVE-2018-15132 MISC MISC MISC MISC
phpcms — phpcms	PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.	2018-08-05	not yet calculated	CVE-2018-14940 MISC
phpscriptsmall.com — advanced_real_estate_script	PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.	2018-08-10	not yet calculated	CVE-2018-15187 MISC
phpscriptsmall.com — advanced_real_estate_script	PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.	2018-08-10	not yet calculated	CVE-2018-15189 MISC
phpscriptsmall.com — advanced_real_estate_script	PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.	2018-08-10	not yet calculated	CVE-2018-15188 MISC
phpscriptsmall.com — basic_b2b_script	PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.	2018-08-03	not yet calculated	CVE-2018-14541 MISC EXPLOIT-DB
phpscriptsmall.com — car_rental_script	PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.	2018-08-09	not yet calculated	CVE-2018-15182 MISC
phpscriptsmall.com — cms_auditor_website	PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.	2018-08-10	not yet calculated	CVE-2018-15186 MISC
phpscriptsmall.com — hotel_booking_script	PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field.	2018-08-10	not yet calculated	CVE-2018-15190 MISC
phpscriptsmall.com — hotel_booking_script	PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field.	2018-08-10	not yet calculated	CVE-2018-15191 MISC
phpscriptsmall.com — naukri_clone_script	PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795.	2018-08-09	not yet calculated	CVE-2018-15184 MISC
phpscriptsmall.com — naukri_clone_script	PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the “Current Position” field.	2018-08-10	not yet calculated	CVE-2018-15185 MISC
phpscriptsmall.com — php_template_store_script	PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.	2018-08-06	not yet calculated	CVE-2018-14869 MISC EXPLOIT-DB
phpscriptsmall.com — resume_builder_script	PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields.	2018-08-09	not yet calculated	CVE-2018-15183 MISC
postgresql — postgresql	It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with “INSERT … ON CONFLICT DO UPDATE”. An attacker with “CREATE TABLE” privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain “INSERT” and limited “UPDATE” privileges to a particular table, they could exploit this to update other columns in the same table.	2018-08-09	not yet calculated	CVE-2018-10925 CONFIRM DEBIAN CONFIRM
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14973 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14971 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14976 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14972 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14970 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14975 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.	2018-08-06	not yet calculated	CVE-2018-14977 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.	2018-08-06	not yet calculated	CVE-2018-14978 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14974 MISC
qcms — qcms	An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.	2018-08-06	not yet calculated	CVE-2018-14969 MISC
responsive_filemanager — responsive_filemanager	upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.	2018-08-03	not yet calculated	CVE-2018-14728 MISC EXPLOIT-DB
rubygems — active-support_gem	active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.	2018-08-10	not yet calculated	CVE-2018-3779 MISC
siemens — automation_license_manager	A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.	2018-08-07	not yet calculated	CVE-2018-11456 CONFIRM
siemens — automation_license_manager	A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.	2018-08-07	not yet calculated	CVE-2018-11455 CONFIRM
siemens — simatic_step_7_and_simatic_wincc	A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.	2018-08-07	not yet calculated	CVE-2018-11453 CONFIRM
siemens — simatic_step_7_and_simatic_wincc	A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.	2018-08-07	not yet calculated	CVE-2018-11454 CONFIRM
squirrelmail — squirrelmail	The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<svg><a xlink:href=”https://www.us-cert.gov attack.	2018-08-05	not yet calculated	CVE-2018-14950 MISC MISC MISC
squirrelmail — squirrelmail	The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<form action=’data:text” attack.	2018-08-05	not yet calculated	CVE-2018-14951 MISC MISC MISC
squirrelmail — squirrelmail	The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.	2018-08-05	not yet calculated	CVE-2018-14954 MISC MISC MISC
squirrelmail — squirrelmail	The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<math xlink:href=”https://www.us-cert.gov attack.	2018-08-05	not yet calculated	CVE-2018-14953 MISC MISC MISC
squirrelmail — squirrelmail	The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<math><maction xlink:href=”https://www.us-cert.gov attack.	2018-08-05	not yet calculated	CVE-2018-14952 MISC MISC MISC
squirrelmail — squirrelmail	The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).	2018-08-05	not yet calculated	CVE-2018-14955 MISC MISC MISC
symfony — symfony	An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.	2018-08-06	not yet calculated	CVE-2017-16654 CONFIRM CONFIRM DEBIAN
symfony — symfony	An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a “FileType” is sent as normal POST data that could be interpreted as a local file path on the server-side (for example, “file:///etc/passwd”). If the application did not perform any additional checks about the value submitted to the “FileType”, the contents of the given file on the server could have been exposed to the attacker.	2018-08-06	not yet calculated	CVE-2017-16790 CONFIRM DEBIAN
symfony — symfony	An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks.	2018-08-06	not yet calculated	CVE-2017-16653 CONFIRM CONFIRM DEBIAN
thinksaas — thinksaas	ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.	2018-08-07	not yet calculated	CVE-2018-15130 MISC
thinksaas — thinksaas	ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.	2018-08-07	not yet calculated	CVE-2018-15129 MISC
tibco — activematrix_businessworks	The BusinessWorks engine component of TIBCO Software Inc.’s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.	2018-08-08	not yet calculated	CVE-2018-12408 BID MISC CONFIRM
ubuntu — ubuntu	The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.	2018-08-10	not yet calculated	CVE-2018-6553 MLIST UBUNTU DEBIAN
vdsm — vdsm	It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.	2018-08-09	not yet calculated	CVE-2018-10908 MISC CONFIRM MISC
weaselcms — weaselcms	An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.	2018-08-05	not yet calculated	CVE-2018-14958 MISC
weaselcms — weaselcms	An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.	2018-08-05	not yet calculated	CVE-2018-14959 MISC
wolf — cms	Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.	2018-08-10	not yet calculated	CVE-2018-14837 MISC
wordpress — wordpress	In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine’s wp-content/plugins directory permissions were set up to block all new plugins.	2018-08-10	not yet calculated	CVE-2018-14028 MISC MISC MISC
wpa_supplicant — wpa_supplicant	An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.	2018-08-08	not yet calculated	CVE-2018-14526 SECTRACK MLIST MISC MISC
xiao5ucompany — xiao5ucompany	Xiao5uCompany 1.7 has CSRF via admin/Admin.asp.	2018-08-06	not yet calculated	CVE-2018-14960 MISC MISC
xnview — xnview	XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.	2018-08-07	not yet calculated	CVE-2018-15176 MISC
xnview — xnview	XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.	2018-08-07	not yet calculated	CVE-2018-15175 MISC
xnview — xnview	XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.	2018-08-07	not yet calculated	CVE-2018-15174 MISC
zoho_manageengine — applications_manager	A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.	2018-08-07	not yet calculated	CVE-2018-15168 MISC MISC
zoho_manageengine — applications_manager	A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.	2018-08-07	not yet calculated	CVE-2018-15169 MISC MISC
zzcms — zzcms	zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.	2018-08-06	not yet calculated	CVE-2018-14963 MISC
zzcms — zzcms	zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.	2018-08-06	not yet calculated	CVE-2018-14962 MISC
zzcms — zzcms	dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.	2018-08-06	not yet calculated	CVE-2018-14961 MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

57 Replies to “SB18-225: Vulnerability Summary for the Week of August 6, 2018”

Leah says:

August 13, 2020 at 7:49 pm

Outstanding post, I think blog owners should larn a lot from this weblog its very user pleasant.
So much good information on here :D.

Reply
Doithuong247 says:

August 13, 2020 at 8:46 pm

I could not resist commenting. Very well written!

Reply
houston junk car buyer says:

August 18, 2020 at 8:43 am

Excellent article. I’m experiencing some of these issues
as well..

Reply
Martha says:

August 18, 2020 at 3:50 pm

I?m not that much of a internet reader to be honest
but your blogs really nice, keep it up! I’ll go ahead and
bookmark your website to come back in the future.
Many thanks

Reply
YesBet88 says:

August 30, 2020 at 6:27 am

Love watching sunset !

Reply
룰렛 says:

August 30, 2020 at 6:27 am

Best view i have ever seen !

Reply
what is kangen water says:

September 6, 2020 at 4:06 am

The capability of the grain is only forty eight, 000 which
isn’t perfect.

Reply
kangen water machine k8 says:

September 6, 2020 at 4:46 pm

Water with these minerals is taken into account “onerous.” Specifically, it keeps soap from dissolving
correctly.

Reply
vbucks free codes says:

September 7, 2020 at 5:14 pm

Thanks , I have just been looking for info about this topic for ages and yours is the greatest I’ve came upon till now.
But, what about the conclusion? Are you certain concerning the
source?

Here is my blog post: vbucks free codes

Reply
bitcoin wallet says:

September 10, 2020 at 7:05 pm

bitcoin core

Reply
Pilot says:

September 14, 2020 at 2:17 pm

Thanks so much for the post.Really thank you! Great.

Reply
Oitleu says:

September 16, 2020 at 6:26 am

But flair to standard up so varied laboratories. sildenafil samples Xdwgxj mllalx

Reply
เว็บพนันออนไลน์pantip says:

September 17, 2020 at 12:52 am

ค้นหาเว็บพนันออนไลน์ที่ยอดเยี่ยม เริ่มอย่างไรดี ?

My page … เว็บพนันออนไลน์pantip

Reply
Yeezy says:

September 17, 2020 at 2:51 pm

[url=http://www.nfl-jerseys.us.org/][b]NFL Jerseys[/b][/url]

Reply
krypto märkte says:

September 17, 2020 at 6:18 pm

Hello there! This post could not be written any better!
Going through this post reminds me of my previous roommate!
He continually kept preaching about this. I most certainly will forward
this information to him. Fairly certain he’s going to have a very good read.
Thank you for sharing!

Reply
Jordan 1 says:

September 18, 2020 at 2:12 am

[url=http://www.yeezy.uk.com/][b]Yeezy[/b][/url]

Reply
Nike Outlet says:

September 18, 2020 at 2:17 am

[url=http://www.airjordan1.us.com/][b]Air Jordan 1[/b][/url]

Reply
NBA Jerseys says:

September 18, 2020 at 2:58 am

[url=http://www.yeezymafia.us.com/][b]Yeezy[/b][/url]

Reply
Jordan 1s says:

September 18, 2020 at 3:02 am

[url=http://www.airmaxclearancesale.us/][b]Air Max Clearance Sale[/b][/url]

Reply
Nike Air Max 270 says:

September 18, 2020 at 3:44 am

[url=http://www.jerseysnba.us.com/][b]NBA Jerseys[/b][/url]

Reply
Yeezys Official Site says:

September 18, 2020 at 3:49 am

[url=http://www.jerseys-nba.us/][b]Cheap NBA Jerseys[/b][/url]

Reply
Yeezy Mafia says:

September 18, 2020 at 4:37 am

[url=https://www.discountuggsoutlet.us/][b]Discount UGG Outlet[/b][/url]

Reply
Yeezy Shoes says:

September 18, 2020 at 5:22 am

[url=http://www.yeezy-shoe.us.com/][b]Yeezy[/b][/url]

Reply
NBA Store says:

September 18, 2020 at 5:27 am

[url=https://www.uggsoutlet.us/][b]UGGS Outlet[/b][/url]

Reply
Air Max 97 says:

September 18, 2020 at 8:05 am

[url=http://www.yeezyssneakers.us.com/][b]Yeezy Sneaker[/b][/url]

Reply
Kobe Bryant Jerseys For Sale says:

September 18, 2020 at 8:10 am

[url=http://www.yeezy.uk.com/][b]Yeezy[/b][/url]

Reply
Jordan 1s says:

September 18, 2020 at 8:56 am

[url=http://www.jordan11concord.us/][b]Jordan 11 Concord[/b][/url]

Reply
Air Jordan 1 says:

September 18, 2020 at 9:01 am

[url=https://www.uggsoutlet.us/][b]UGGS Outlet[/b][/url]

Reply
Dior Jordan 1 says:

September 18, 2020 at 9:48 am

[url=http://www.yeezy380.us.com/][b]Yeezy 380[/b][/url]

Reply
Nike UK says:

September 18, 2020 at 9:53 am

[url=https://www.adidasyeezy.co/][b]Adidas yeezy[/b][/url]

Reply
Yeezy 380 says:

September 18, 2020 at 10:40 am

[url=http://www.jordanaj1.us/][b]Jordan AJ 1[/b][/url]

Reply
Yeezy Sneaker says:

September 18, 2020 at 11:32 am

[url=http://www.nikeshoes.us.org/][b]Nike Shoes[/b][/url]

Reply
Nike Shoes says:

September 18, 2020 at 11:37 am

[url=http://www.jordansshoess.us.com/][b]Jordans Shoes[/b][/url]

Reply
Yeezy 350 V2 says:

September 18, 2020 at 12:22 pm

[url=http://www.adidasyeezy.uk.com/][b]Adidas Yeezy[/b][/url]

Reply
Jordan 1 Low says:

September 18, 2020 at 2:23 pm

[url=https://www.uggsoutlet.us/][b]UGGS Outlet[/b][/url]

Reply
Cheap NBA Jerseys says:

September 18, 2020 at 2:27 pm

[url=http://www.kobebryantjerseysforsale.us/][b]Kobe Bryant Jerseys For Sale[/b][/url]

Reply
Jordan 11s says:

September 18, 2020 at 4:08 pm

[url=http://www.nikeshoes.us.org/][b]Nike Shoes[/b][/url]

Reply
Jordan 4s says:

September 18, 2020 at 4:12 pm

[url=http://www.yeezy.com.co/][b]Yeezy Shoes[/b][/url]

Reply
Air Max Clearance Sale says:

September 18, 2020 at 4:58 pm

[url=http://www.yeezymafia.us.com/][b]Yeezy[/b][/url]

Reply
Jordan Retro says:

September 18, 2020 at 5:52 pm

[url=https://www.timberlands.me.uk/][b]Timberland[/b][/url]

Reply
Nike Shoes says:

September 18, 2020 at 6:37 pm

[url=http://www.airjordan1mid.us/][b]Air Jordan 1 Mid[/b][/url]

Reply
Basketball Jerseys says:

September 18, 2020 at 6:42 pm

[url=http://www.jordan4s.us/][b]Jordan 4s[/b][/url]

Reply
Yeezy Supply says:

September 18, 2020 at 7:31 pm

[url=https://www.yeezyadidas.de/][b]Adidas yeezy[/b][/url]

Reply
Nike Outlet says:

September 18, 2020 at 8:15 pm

[url=http://www.jordan11s.us/][b]Jordan 11s[/b][/url]

Reply
Yeezy sliders says:

September 18, 2020 at 8:20 pm

[url=http://www.yeezy.com.co/][b]Yeezy Shoes[/b][/url]

Reply
Basketball Jerseys says:

September 18, 2020 at 9:04 pm

[url=http://www.nfl-jerseys.us.org/][b]NFL Jerseys[/b][/url]

Reply
Jordan 11 Concord says:

September 18, 2020 at 9:57 pm

[url=http://www.basketball-jerseys.us.com/][b]Basketball Jerseys[/b][/url]

Reply
Air Jordan 1 says:

September 18, 2020 at 11:31 pm

[url=http://www.yeezy-shoe.us.com/][b]Yeezy[/b][/url]

Reply
Yeezy Boost 350 says:

September 18, 2020 at 11:36 pm

[url=https://www.uggoutlet.store/][b]UGG Outlet[/b][/url]

Reply
Adidas Yeezy says:

September 19, 2020 at 1:14 am

[url=https://www.yeezyshoess.com/][b]Yeezy Shoes[/b][/url]

Reply
Kobe Bryant Jersey 24 says:

September 19, 2020 at 2:46 am

[url=http://www.kobebryantwebsiteofficial.us/][b]Kobe Bryant Website Official[/b][/url]

Reply
Jordan Retro 4 says:

September 19, 2020 at 3:42 am

[url=http://www.nikes.us.com/][b]Nike Shoes[/b][/url]

Reply
Human Race Shoes says:

September 19, 2020 at 7:00 am

[url=http://www.nikes.us.com/][b]Nike Shoes[/b][/url]

Reply
Jordan 11 Retro says:

September 19, 2020 at 7:05 am

[url=http://www.diorjordan1.us/][b]Dior Jordan 1[/b][/url]

Reply
Jordans Shoes says:

September 19, 2020 at 8:41 am

[url=http://www.yeezysofficialsite.us/][b]Yeezys Official Site[/b][/url]

Reply
Air Jordan 1 Mid says:

September 19, 2020 at 11:27 am

[url=http://www.yeezy350v2.us/][b]Yeezy 350 V2[/b][/url]

Reply
Football Betting says:

September 19, 2020 at 5:37 pm

พนันบอล เว็บพนันบอลยอดเยี่ยม เว็บไซต์แทงบอล
UFABET

My site – Football Betting

Reply

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

57 Replies to “SB18-225: Vulnerability Summary for the Week of August 6, 2018”

Leave a Reply Cancel reply