Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16478 1 Simplehttpserver Project 1 Simplehttpserver 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.
CVE-2018-16480 1 Public Project 1 Public 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
CVE-2018-16481 1 Html-pages Project 1 Html-pages 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
CVE-2018-16851 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.
CVE-2018-17499 1 Envoy 1 Passport 2019-10-09 2.1 LOW 5.5 MEDIUM
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.
CVE-2018-17542 1 Hgiga 1 Oaklouds Mailsherlock 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
CVE-2018-17489 1 Hidglobal 1 Easylobby Solo 2019-10-09 2.1 LOW 5.5 MEDIUM
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.
CVE-2018-16883 1 Fedoraproject 1 Sssd 2019-10-09 2.1 LOW 5.5 MEDIUM
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2018-16870 1 Wolfssl 1 Wolfssl 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
CVE-2018-17482 1 Jollytech 1 Lobby Track 2019-10-09 2.1 LOW 5.5 MEDIUM
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.
CVE-2018-16477 1 Rubyonrails 1 Rails 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.
CVE-2018-17483 1 Jollytech 1 Lobby Track 2019-10-09 2.1 LOW 5.5 MEDIUM
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.
CVE-2018-17889 1 We-con 2 Pi Studio, Pi Studio Hmi 2019-10-09 4.3 MEDIUM 5.3 MEDIUM
In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.
CVE-2018-16485 1 M-server Project 1 M-server 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
CVE-2018-17244 1 Elastic 1 Elasticsearch 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.
CVE-2018-16555 1 Siemens 8 Scalance S602, Scalance S602 Firmware, Scalance S612 and 5 more 2019-10-09 3.5 LOW 5.4 MEDIUM
A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.
CVE-2018-17247 1 Elastic 1 Elasticsearch 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to.
CVE-2018-16857 1 Samba 1 Samba 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.
CVE-2018-16484 1 M-server Project 1 M-server 2019-10-09 3.5 LOW 5.4 MEDIUM
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
CVE-2018-16841 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
CVE-2018-15371 1 Cisco 1 Ios Xe 2019-10-09 7.2 HIGH 6.7 MEDIUM
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.
CVE-2018-14597 1 Broadcom 2 Ca Identity Governance, Ca Identity Suite Virtual Appliance 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
CVE-2018-14781 1 Medtronicdiabetes 18 508 Minimed Insulin Pump, 508 Minimed Insulin Pump Firmware, 522 Paradigm Real-time and 15 more 2019-10-09 2.9 LOW 5.3 MEDIUM
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
CVE-2018-14788 1 Fujielectric 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types.
CVE-2018-14792 1 We-con 1 Plc Editor 2019-10-09 6.8 MEDIUM 6.3 MEDIUM
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
CVE-2018-15369 1 Cisco 2 Ios, Ios Xe 2019-10-09 7.8 HIGH 6.8 MEDIUM
A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
CVE-2018-15370 1 Cisco 1 Ios Rom Monitor 2019-10-09 4.6 MEDIUM 6.8 MEDIUM
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.
CVE-2018-15374 1 Cisco 1 Ios Xe 2019-10-09 7.2 HIGH 6.7 MEDIUM
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.
CVE-2018-15375 1 Cisco 1 Ios 2019-10-09 7.2 HIGH 6.7 MEDIUM
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.
CVE-2018-15376 1 Cisco 1 Ios 2019-10-09 7.2 HIGH 6.7 MEDIUM
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.
CVE-2018-15378 3 Canonical, Clamav, Debian 3 Ubuntu Linux, Clamav, Debian Linux 2019-10-09 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
CVE-2018-15392 1 Cisco 1 Industrial Network Director 2019-10-09 3.3 LOW 4.3 MEDIUM
A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition.
CVE-2018-15393 1 Cisco 1 Content Security Management Appliance 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2018-15395 1 Cisco 1 Wireless Lan Controller Software 2019-10-09 2.7 LOW 5.4 MEDIUM
A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances.
CVE-2018-15396 1 Cisco 1 Unity Connection 2019-10-09 4.0 MEDIUM 6.8 MEDIUM
A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.
CVE-2018-15400 1 Cisco 2 Cloud Services Platform 2100, Cloud Services Platform 2100 Firmware 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.
CVE-2018-15401 1 Cisco 1 Hosted Collaboration Mediation Fulfillment 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user.
CVE-2018-15403 1 Cisco 4 Emergency Responder, Unified Communications Manager, Unified Communications Manager Im And Presence Service and 1 more 2019-10-09 4.9 MEDIUM 5.4 MEDIUM
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
CVE-2018-15404 1 Cisco 2 Integrated Management Controller Supervisor, Unified Computing System Director 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.
CVE-2018-15406 1 Cisco 1 Ucs Director 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.
CVE-2018-15613 1 Avaya 1 Aura Orchestration Designer 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
CVE-2018-15614 1 Avaya 1 Ip Office 2019-10-09 3.5 LOW 5.4 MEDIUM
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.
CVE-2018-15615 1 Avaya 1 Call Management System Supervisor 2019-10-09 2.1 LOW 4.4 MEDIUM
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.
CVE-2018-15798 1 Pivotal Software 1 Concourse 2019-10-09 5.8 MEDIUM 5.4 MEDIUM
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.
CVE-2018-15800 1 Cloud Foundry 1 Bits Service 2019-10-09 3.5 LOW 6.8 MEDIUM
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
CVE-2018-14798 1 Fujielectric 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure.
CVE-2018-14814 1 We-con 2 Pi Studio, Pi Studio Hmi 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object.
CVE-2018-15765 1 Dell 1 Emc Secure Remote Services 2019-10-09 2.1 LOW 5.5 MEDIUM
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.
CVE-2018-14784 1 Netcommwireless 2 Nwl-25, Nwl-25 Firmware 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device.
CVE-2018-14644 1 Powerdns 1 Recursor 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.