Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18385 | 1 Asciidoctor | 1 Asciidoctor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop. | |||||
| CVE-2018-18377 | 1 Orange | 2 Airbox, Airbox Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | |||||
| CVE-2018-18094 | 1 Intel | 1 Media Sdk | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-18093 | 1 Intel | 1 Vtune Amplifier | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. | |||||
| CVE-2018-18014 | 1 Citrix | 1 Xenmobile Server | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost." | |||||
| CVE-2018-17961 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2019-10-03 | 6.8 MEDIUM | 8.6 HIGH |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | |||||
| CVE-2018-17867 | 1 Dasannetworks | 2 H660gw, H660gw Firmware | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field). | |||||
| CVE-2018-17775 | 1 Seqrite | 1 End Point Security | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | |||||
| CVE-2018-1377 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | |||||
| CVE-2018-13863 | 1 Mongodb | 1 Js-bson | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string. | |||||
| CVE-2018-1409 | 1 Ibm | 2 Client Application Access, Notes | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708. | |||||
| CVE-2018-1410 | 1 Ibm | 2 Client Application Access, Notes | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709. | |||||
| CVE-2018-14072 | 1 Libsixel Project | 1 Libsixel | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. | |||||
| CVE-2018-14073 | 1 Libsixel Project | 1 Libsixel | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. | |||||
| CVE-2018-14523 | 3 Aubio, Opensuse, Suse | 3 Aubio, Leap, Linux Enterprise | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. | |||||
| CVE-2018-14588 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2018-14589 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read. | |||||
| CVE-2018-14748 | 1 Qnap | 1 Qts | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. | |||||
| CVE-2018-2438 | 1 Sap | 1 Internet Graphics Server | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-14993 | 1 Asus | 4 Zenfone 3 Max, Zenfone 3 Max Firmware, Zenfone V Live and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys both contain a pre-installed platform app with a package name of com.asus.splendidcommandagent (versionCode=1510200090, versionName=1.2.0.18_160928) that contains an exported service named com.asus.splendidcommandagent.SplendidCommandAgentService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more. | |||||
| CVE-2018-17400 | 1 Phonepe | 1 Phonepe | 2019-10-03 | 1.2 LOW | 7.0 HIGH |
| ** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots. | |||||
| CVE-2018-17305 | 1 Uipath | 1 Orchestrator | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. | |||||
| CVE-2018-15317 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted. | |||||
| CVE-2018-17281 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. | |||||
| CVE-2018-15327 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | |||||
| CVE-2018-15329 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | |||||
| CVE-2018-15373 | 1 Cisco | 2 Ios, Ios Xe | 2019-10-03 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. | |||||
| CVE-2018-15478 | 1 Mystrom | 12 Wifi Bulb, Wifi Bulb Firmware, Wifi Button and 9 more | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker. | |||||
| CVE-2018-15480 | 1 Mystrom | 12 Wifi Bulb, Wifi Bulb Firmware, Wifi Button and 9 more | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands. | |||||
| CVE-2018-15481 | 1 Ucopia | 2 Wireless Appliance, Wireless Appliance Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. | |||||
| CVE-2018-17188 | 1 Apache | 1 Couchdb | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities. | |||||
| CVE-2018-15508 | 1 Five9 | 1 Agent Desktop Plus | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2). | |||||
| CVE-2018-17037 | 1 Ucms Project | 1 Ucms | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. | |||||
| CVE-2018-15588 | 1 Freron | 1 Mailmate | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. | |||||
| CVE-2018-16987 | 1 Squashtest | 1 Squash Tm | 2019-10-03 | 4.0 MEDIUM | 7.2 HIGH |
| Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | |||||
| CVE-2018-15685 | 1 Electronjs | 1 Electron | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | |||||
| CVE-2018-16889 | 1 Redhat | 1 Ceph | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | |||||
| CVE-2018-15758 | 1 Pivotal Software | 1 Spring Security Oauth | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient). | |||||
| CVE-2018-15906 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. | |||||
| CVE-2018-15908 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | |||||
| CVE-2018-15912 | 1 Manjaro | 1 Manjaro Linux | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system. | |||||
| CVE-2018-16018 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-6067 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-16161 | 1 Opendolphin | 1 Opendolphin | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations. | |||||
| CVE-2018-16162 | 1 Opendolphin | 1 Opendolphin | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors. | |||||
| CVE-2018-16198 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-10-03 | 5.8 MEDIUM | 8.8 HIGH |
| Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. | |||||
| CVE-2018-16232 | 1 Ipfire | 1 Ipfire | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands. | |||||
| CVE-2018-16715 | 1 Absolute | 1 Ctes Windows Agent | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. | |||||
| CVE-2018-16412 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. | |||||
| CVE-2018-16413 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. | |||||