Tag Archives: Security

FTC Issues Alert on Recent Marriott Breach

This post was originally published on this site

Original release date: December 04, 2018

The Federal Trade Commission (FTC) has released an alert to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood guest reservation database.

NCCIC encourages users and administrators to review the FTC Alert and the NCCIC Tip on Preventing and Responding to Identity Theft. If you believe you are a victim of identity theft, visit the FTC’s identity theft website to make a report.


This product is provided subject to this Notification and this Privacy & Use policy.

ST18-007: Questions Every CEO Should Ask About Cyber Risks

This post was originally published on this site

Original release date: December 04, 2018

As technology continues to evolve, cyber threats continue to grow in sophistication and complexity. Cyber threats affect businesses of all sizes and require the attention and involvement of chief executive officers (CEOs) and other senior leaders. To help companies understand their risks and prepare for cyber threats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. The best practices listed in this document have been compiled from lessons learned from incident response activities and managing cyber risk.

What should CEOs know about the cybersecurity threats their companies face?

CEOs should ask the following questions about potential cybersecurity threats:

  • How could cybersecurity threats affect the different functions of my business, including areas such as supply chain, public relations, finance, and human resources?
  • What type of critical information could be lost (e.g., trade secrets, customer data, research, personally identifiable information)?
  • How can my business create long-term resiliency to minimize our cybersecurity risks?
  • What kind of cyber threat information sharing does my business participate in? With whom does my business exchange this information?
  • What type of information sharing practices could my business adopt that would help foster community among the different cybersecurity groups where my business is a member?

What can CEOs do to mitigate cybersecurity threats?

The following questions will help CEOs guide discussions about their cybersecurity risk with management:

  • What is the threshold for notifying executive leadership about cybersecurity threats?
  • What is the current level of cybersecurity risk for our company?
  • What is the possible business impact to our company from our current level of cybersecurity risk?
  • What is our plan to address identified risks?
  • What cybersecurity training is available for our workforce?
  • What measures do we employ to mitigate insider threats?
  • How does our cybersecurity program apply industry standards and best practices?
  • Are our cybersecurity program metrics measureable and meaningful? 
  • How comprehensive are our cybersecurity incident response plan and our business continuity and disaster recovery plan?
  • How often do we exercise our plans?
  • Do our plans incorporate the whole company or are they limited to information technology (IT)?
  • How prepared is my business to work with federal, state, and local government cyber incident responders and investigators, as well as contract responders and the vendor community?

Recommended Organizatinal Cybersecurity Best Practices

The cybersecurity best practices listed below can help organizations manage cybersecurity risks.

  • Elevate cybersecurity risk management discussions to the company CEO and the leadership team.
    • CEO and senior company leadership engagement in defining an organization’s risk strategy and levels of acceptable risk is critical to a comprehensive cybersecurity risk plan. The company CEO—with assistance from the chief information security officer, chief information officer, and the entire leadership team—should ensure that they know how their divisions affect the company’s overall cyber risk. In addition, regular discussion with the company board of directors regarding these risk decisions ensures visibility to all company decision makers.
      • Executives should construct policy from the top down to ensure everyone is empowered to perform the tasks related to their role in reducing cybersecurity risk. A top-down policy defines roles and limits the power struggles that can hurt IT security.
  • Implement industry standards and best practices rather than relying solely on compliance standards or certifications.
    • Lower cybersecurity risks by implementing industry benchmarks and best practices (e.g., follow best practices from organizations like the Center for Internet Security). Organizations should tailor best practices to ensure they are relevant for their specific use cases.
    • Follow consistent best practices to establish an organizational baseline of expected enterprise network behavior. This allows organizations to be proactive in combatting cybersecurity threats, rather than expending resources to “put out fires.”
    • Compliance standards and regulations (e.g., the Federal Information Security Modernization Act) provide guidance on minimal requirements; however, there is more businesses can do to go beyond the requirements.
  • Evaluate and manage organization-specific cybersecurity risks.
    • Identify your organization’s critical assets and the associated impacts from cybersecurity threats to those assets to understand your organization’s specific risk exposure—whether financial, competitive, reputational, or regulatory. Risk assessment results are a key input to identify and prioritize specific protective measures, allocate resources, inform long-term investments, and develop policies and strategies to manage cybersecurity risks.
    • Ask the questions that are necessary to understanding your security planning, operations, and security-related goals. For example, it is better to focus on the goals your organization will achieve by implementing overall security controls instead of inquiring about specific security controls, safeguards, and countermeasures.
    • Focus cyber enterprise risk discussions on “what-if” situations and resist the “it can’t happen here” patterns of thinking.
    • Create a repeatable process to cross-train employees to conduct risk and incident management as an institutional practice. Often, there are only a few employees with subject matter expertise in key areas.
  • Ensure cybersecurity risk metrics are meaningful and measurable.
    • An example of a useful metric is the time it takes an organization to patch a critical vulnerability across the enterprise. In this example, reducing the days it takes to patch a vulnerability directly reduces the risk to the organization.
    • An example of a less useful metric is the number of alerts a Security Operations Center (SOC) receives in a week. There are too many variables in the number of alerts a SOC receives for this number to be consistently relevant.
  • Develop and exercise cybersecurity plans and procedures for incident response, business continuity, and disaster recovery.
    • It is critical that organizations test their incident response plans across the whole organization, not just in the IT environment. Each part of the organization should know how to respond to both basic and large-scale cybersecurity incidents. Testing incident response plans and procedures can help prevent an incident from escalating.
    • Incident response plans should provide instructions on when to elevate an incident to the next level of leadership. Regularly exercising incident response plans enables an organization to respond to incidents quickly and minimize impacts.
  • Retain a quality workforce.
    • Cybersecurity tools are only as good as the people reviewing the tools’ results. It is also important to have people who can identify the proper tools for your organization. It can take a significant amount of time to learn a complex organization’s enterprise network, making retaining skilled personnel just as important as acquiring them. There is no perfect answer to stopping all cybersecurity threats, but knowledgeable IT personnel are critical to reducing cybersecurity risks.
    • New cybersecurity threats are constantly appearing. The personnel entrusted with detecting cybersecurity threats need continual training. Training increases the likelihood of personnel detecting cybersecurity threats and responding to threats in a manner consistent with industry best practices.
    • Ensure there is appropriate planning to account for the additional workload related to mitigating cybersecurity risks. 
    • Cybersecurity is emerging as a formal discipline with task orientation that requires specific alignments to key knowledge, skills, and abilities. The National Initiative for Cybersecurity Careers and Studies (NICCS) is a useful resource for workforce planning
  • Maintain situational awareness of cybersecurity threats.

 


Authors:


This product is provided subject to this Notification and this Privacy & Use policy.

Malspam pushing Lokibot malware, (Tue, Dec 4th)

This post was originally published on this site

Introduction

I’ve frequently seen malicious spam pushing Lokibot (also spelled “Loki-Bot”) since 2017.  This year, I’ve written diaries about it in February 2018 and June 2018.  I most recently posted an example to my blog on 2018-11-26.  This type of malicious spam shows no signs of stopping, so here’s a quick diary covering an example from Monday 2018-12-03.

The email

Templates for malicious spam pushing Lokibot vary, and the example from Monday 2018-12-03 was disguised as a purchase quotation.  The email contained an Excel spreadsheet with a macro designed to infect vulnerable Windows hosts with Lokibot malware.  Potential victims need to click through warnings, so this is not an especially stealthy method of infection.


Shown above:  Screenshot of the email with an attached Excel spreadsheet.

Infection traffic

A macro from the Excel spreadsheet retrieved Lokibot malware using HTTPS from a URL at a.doko[.]moe.  I used Fiddler to monitor the HTTPS traffic and determine the URL.  The HTTPS request to a.doko[.]moe had no User-Agent string.  If you use curl to retrieve the binary, you must use the -H option to exclude the User-Agent line from your HTTPS request.


Shown above:  Traffic from the infection filtered in Wireshark.


Shown above:  Using curl to retrieve the Lokibot malware binary from a.doko[.]moe.


Shown above:  Post-infection traffic from the Lokibot-infected Windows host.

Forensics on the infected host

The infected Windows host made Lokibot persistent through a Windows registry update.  This registry update was quite similar to previous Lokibot infections I’ve generated in my lab environment.  In this example, the infected host also had a VBS file in the Windows menu Startup folder.  This pointed to another copy of the Lokibot malware executable; however, that executable had deleted itself during the infection.  The only existing Lokibot executable was in the directory path listed in the associated Windows registry entry.


Shown above:  Windows registry update to keep Lokibot persistent.


Shown above:  VBS file in the Startup menu folder specifying a location where the malware had deleted itself.

Indicators

The following are indicators from an infected Windows host.  Any URLs, IP addresses, and domain names have been “de-fanged” to avoid any issues when viewing today’s diary.

Traffic from an infected windows host:

  • 185.83.215[.]3 port 443 – a.doko[.]moe – GET /tkencn.jpg   (encrypted HTTPS traffic)
  • 199.192.27[.]109 port 80 – decvit[.]ga – POST /and/cat.php

Malware from an infected windows host:

SHA256 hash:  58cea3c44da13386b5acfe0e11cf8362a366e7b91bf9fc1aad7061f68223c5a8

  • File size:  853,504 bytes
  • File name:  62509871.xls
  • File description:  Attached Excel spreadsheet with macro to retrieve Lokibot

SHA256 hash:  b8b6ee5387befd762ecce0e146bd0a6465239fa0785869f05fa58bdd25335d3e

  • File size:  853,504 bytes
  • File location:  hxxps://a.doko[.]moe/tkencn.jpg
  • File location:  C:Users[username]AppDataRoaming44631DD1B132.exe
  • File location:  C:Users[username]AppDataRoamingsticikstickiy.exe   (deleted itself during the infection)
  • File description:  Lokibot malware binary

Final words

Email, pcap, and malware for the infection can be found here.


Brad Duncan
brad [at] malware-traffic-analysis.net

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Word maldoc: yet another place to hide a command, (Mon, Dec 3rd)

This post was originally published on this site

Reader Mike submitted a malicious Word document. The document (MD5 6c975352821d2532d8387f19457b584e) contains obfuscated VBA code that launches a shell command. That shell command is hidden somewhere in the document (not in the VBA code).

In this diary entry, I want to illustrate a method to do the analysis of maldocs of this type.

First of all, with oledump.py, detecting the presence of VBA macros (stream 8, indicator M) inside a Word document that was delivered via email, is a very strong indicator that the document is malicious:

The presence of an AutoOpen subroutine is more evidence that this is malicious:

One method to quickly focus on relevant code in obfuscated VBA code, is “grepping for dots”. I documented this method in diary entry “Malware analysis: searching for dots“.

This reveals a shell statement that takes its command from a property of an object inside the Word document (ActiveDocument is a VBA object that represents the open Word document).

What we need to find, is the AlternativeText of a shape with name j9tmrnmi.

We can do this by using an ad-hoc YARA rule with oledump that searches for string j9tmrnmi (ASCII and UNICODE, not case sensitive) in the streams of the document:

Stream 4 contains this string, hence it’s very probable that the AlternativeText (e.g. the malicious command) is also inside this stream. With oledump’s option -S, we can extract all strings inside stream 4:

Directly after string j9tmrnmi, we find a PowerShell command with a BASE64 encoded command. My tool base64dump can help with decoding the command:

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SamSam Ransomware

This post was originally published on this site

Original release date: December 03, 2018

The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide.

NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information.


This product is provided subject to this Notification and this Privacy & Use policy.

AA18-337A: SamSam Ransomware

This post was originally published on this site

Original release date: December 03, 2018

Summary

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.

The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.

The actors exploit Windows servers to gain persistent access to a victim’s network and infect all reachable hosts. According to reporting from victims in early 2016, cyber actors used the JexBoss Exploit Kit to access vulnerable JBoss applications. Since mid-2016, FBI analysis of victims’ machines indicates that cyber actors use Remote Desktop Protocol (RDP) to gain persistent access to victims’ networks. Typically, actors either use brute force attacks or stolen login credentials. Detecting RDP intrusions can be challenging because the malware enters through an approved access point.

After gaining access to a particular network, the SamSam actors escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization. While many ransomware campaigns rely on a victim completing an action, such as opening an email or visiting a compromised website, RDP allows cyber actors to infect victims with minimal detection.

Analysis of tools found on victims’ networks indicated that successful cyber actors purchased several of the stolen RDP credentials from known darknet marketplaces. FBI analysis of victims’ access logs revealed that the SamSam actors can infect a network within hours of purchasing the credentials. While remediating infected systems, several victims found suspicious activity on their networks unrelated to SamSam. This activity is a possible indicator that the victims’ credentials were stolen, sold on the darknet, and used for other illegal activity.

SamSam actors leave ransom notes on encrypted computers. These instructions direct victims to establish contact through a Tor hidden service site. After paying the ransom in Bitcoin and establishing contact, victims usually receive links to download cryptographic keys and tools to decrypt their network.

Technical Details

NCCIC recommends organizations review the following SamSam Malware Analysis Reports. The reports represent four SamSam malware variants. This is not an exhaustive list.

For general information on ransomware, see the NCCIC Security Publication at https://www.us-cert.gov/security-publications/Ransomware.

Mitigations

DHS and FBI recommend that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. System owners and administrators should review any configuration changes before implementation to avoid unwanted impacts.

  • Audit your network for systems that use RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology venders to confirm that patches will not affect system processes.
  • Verify that all cloud-based virtual machine instances with public IPs have no open RDP ports, especially port 3389, unless there is a valid business reason to keep open RDP ports. Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access that system.
  • Enable strong passwords and account lockout policies to defend against brute force attacks.
  • Where possible, apply two-factor authentication.
  • Regularly apply system and software updates.
  • Maintain a good back-up strategy.
  • Enable logging and ensure that logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
  • When creating cloud-based virtual machines, adhere to the cloud provider’s best practices for remote access.
  • Ensure that third parties that require RDP access follow internal policies on remote access.
  • Minimize network exposure for all control system devices. Where possible, disable RDP on critical devices.
  • Regulate and limit external-to-internal RDP connections. When external access to internal resources is required, use secure methods such as VPNs. Of course, VPNs are only as secure as the connected devices.
  • Restrict users’ ability (permissions) to install and run unwanted software applications.
  • Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.

Additional information on malware incident prevention and handling can be found in Special Publication 800-83, Guide to Malware Incident Prevention and Handling for Desktops and Laptops, from the National Institute of Standards and Technology.[1]

Contact Information

To report an intrusion and request resources for incident response or technical assistance, contact NCCIC, FBI, or the FBI’s Cyber Division via the following information:

Feedback

DHS strives to make this report a valuable tool for our partners and welcomes feedback on how this publication could be improved. You can help by answering a few short questions about this report at the following URL: https://www.us-cert.gov/forms/feedback.

References

Revisions

  • December 3, 2018: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.

SB18-337: Vulnerability Summary for the Week of November 26, 2018

This post was originally published on this site

Original release date: December 03, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. 2018-11-29 not yet calculated CVE-2018-15979
BID
SECTRACK
CONFIRM
adobe — flash_player Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-11-29 not yet calculated CVE-2018-15978
BID
SECTRACK
REDHAT
CONFIRM
adobe — flash_player Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-11-29 not yet calculated CVE-2018-15981
BID
SECTRACK
REDHAT
CONFIRM
adobe — photoshop_cc Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-11-29 not yet calculated CVE-2018-15980
BID
SECTRACK
CONFIRM
apache — hadoop In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user. 2018-11-27 not yet calculated CVE-2018-11766
BID
MISC
arcms — arcms An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. 2018-11-26 not yet calculated CVE-2018-19557
MISC
arcms — arcms An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. 2018-11-26 not yet calculated CVE-2018-19558
MISC
artifex — ghostscript psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. 2018-11-23 not yet calculated CVE-2018-19475
MISC
MISC
MISC
MLIST
UBUNTU
DEBIAN
MISC
artifex — ghostscript psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. 2018-11-23 not yet calculated CVE-2018-19476
MISC
MISC
MISC
MLIST
UBUNTU
DEBIAN
MISC
artifex — ghostscript psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. 2018-11-23 not yet calculated CVE-2018-19477
MISC
MISC
MISC
MLIST
UBUNTU
DEBIAN
MISC
artifex — mupdf In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. 2018-11-30 not yet calculated CVE-2018-19777
MISC
atlantis — word_processor An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. 2018-12-01 not yet calculated CVE-2018-4038
MISC
atlantis — word_processor An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. 2018-12-01 not yet calculated CVE-2018-4039
MISC
atlantis — word_processor An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. 2018-12-01 not yet calculated CVE-2018-4040
MISC
bagesoft — bagecms BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. 2018-11-26 not yet calculated CVE-2018-19560
MISC
budabot — budabot In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the “!calc 5 x 5” command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code. 2018-11-30 not yet calculated CVE-2018-19290
MISC
FULLDISC
buffalo — ts5600d1206_network_devices Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. 2018-11-26 not yet calculated CVE-2018-13324
MISC
buffalo — ts5600d1206_network_devices System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. 2018-11-26 not yet calculated CVE-2018-13320
MISC
buffalo — ts5600d1206_network_devices Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the “username” cookie. 2018-11-26 not yet calculated CVE-2018-13323
MISC
buffalo — ts5600d1206_network_devices Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the “method” parameter. 2018-11-26 not yet calculated CVE-2018-13321
MISC
buffalo — ts5600d1206_network_devices Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the “path” parameter. 2018-11-26 not yet calculated CVE-2018-13322
MISC
buffalo — ts5600d1206_network_devices Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. 2018-11-26 not yet calculated CVE-2018-13319
MISC
buffalo — ts5600d1206_network_devices System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the “name” parameter. 2018-11-26 not yet calculated CVE-2018-13318
MISC
cesanta — mongoose In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. 2018-11-27 not yet calculated CVE-2018-19587
MISC
cisco — prime_license_manager A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user. 2018-11-28 not yet calculated CVE-2018-15441
BID
CISCO
cs_systems — switchvpn A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root. 2018-11-30 not yet calculated CVE-2018-18860
MISC
FULLDISC
EXPLOIT-DB
cuppa_cms — cuppa_cms Cuppa CMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. 2018-11-26 not yet calculated CVE-2018-19559
MISC
dcraw — dcraw A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. 2018-11-26 not yet calculated CVE-2018-19566
MISC
MISC
dcraw — dcraw A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. 2018-11-29 not yet calculated CVE-2018-19655
MISC
MISC
dcraw — dcraw A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. 2018-11-26 not yet calculated CVE-2018-19565
MISC
MISC
dcraw — dcraw A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. 2018-11-26 not yet calculated CVE-2018-19568
MISC
MISC
dcraw — dcraw A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. 2018-11-26 not yet calculated CVE-2018-19567
MISC
MISC
dell_emc — avamar_server_and_integrated_data_protection_appliance ‘getlogs’ utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. 2018-11-26 not yet calculated CVE-2018-11077
BID
SECTRACK
FULLDISC
CONFIRM
dell_emc — avamar_server_and_integrated_data_protection_appliance Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console’s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. 2018-11-26 not yet calculated CVE-2018-11076
BID
SECTRACK
FULLDISC
CONFIRM
dell_emc — avamar_server_and_integrated_data_protection_appliance Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. 2018-11-26 not yet calculated CVE-2018-11067
BID
SECTRACK
FULLDISC
CONFIRM
dell_emc — avamar_server_and_integrated_data_protection_appliance Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. 2018-11-26 not yet calculated CVE-2018-11066
BID
SECTRACK
FULLDISC
CONFIRM
dell — openmanage_network_manager Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. 2018-11-30 not yet calculated CVE-2018-15768
BID
MISC
EXPLOIT-DB
dell — openmanage_network_manager The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. 2018-11-30 not yet calculated CVE-2018-15767
BID
MISC
EXPLOIT-DB
domainmod — domainmod DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. 2018-11-29 not yet calculated CVE-2018-19749
MISC
domainmod — domainmod DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. 2018-11-29 not yet calculated CVE-2018-19752
MISC
domainmod — domainmod DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. 2018-11-29 not yet calculated CVE-2018-19751
MISC
domainmod — domainmod DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. 2018-11-29 not yet calculated CVE-2018-19750
MISC
dotcms — dotcms An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. 2018-11-26 not yet calculated CVE-2018-19554
MISC
exiv2 — exiv2 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. 2018-11-25 not yet calculated CVE-2018-19535
MISC
MISC
exiv2 — exiv2 Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. 2018-11-27 not yet calculated CVE-2018-19607
MISC
fortinet — fortios An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy’s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. 2018-11-27 not yet calculated CVE-2018-13376
BID
CONFIRM
freebsd — freebsd In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. 2018-11-28 not yet calculated CVE-2018-17156
BID
CONFIRM
freerdp — freerdp FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. 2018-11-29 not yet calculated CVE-2018-8785
CONFIRM
freerdp — freerdp FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. 2018-11-29 not yet calculated CVE-2018-8784
CONFIRM
freerdp — freerdp FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. 2018-11-29 not yet calculated CVE-2018-8786
CONFIRM
freerdp — freerdp FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. 2018-11-29 not yet calculated CVE-2018-8787
CONFIRM
freerdp — freerdp FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. 2018-11-29 not yet calculated CVE-2018-8788
CONFIRM
freerdp — freerdp FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). 2018-11-29 not yet calculated CVE-2018-8789
CONFIRM
git — git Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if ‘.’ were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. 2018-11-23 not yet calculated CVE-2018-19486
BID
SECTRACK
MISC
MISC
UBUNTU
gitlab — gitlab_community_and_enterprise_edition An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. 2018-11-29 not yet calculated CVE-2018-18649
CONFIRM
CONFIRM
gnuplot — gnuplot An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the “set font” function. This issue occurs when the Gnuplot postscript terminal is used as a backend. 2018-11-23 not yet calculated CVE-2018-19491
MLIST
MLIST
MISC
MISC
gnuplot — gnuplot An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the “set font” function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. 2018-11-23 not yet calculated CVE-2018-19492
MLIST
MLIST
MISC
MISC
gnuplot — gnuplot An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. 2018-11-23 not yet calculated CVE-2018-19490
MLIST
MLIST
MISC
MISC
google — android Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. 2018-11-30 not yet calculated CVE-2018-15835
MISC
FULLDISC
MISC
harman/kardon — subaru_starlink_harman_head_units A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle’s USB ports) the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images (as long as the attacker obtains access to certain Harman decryption/encryption code) as a consequence of a bug where unsigned images pass a validity check. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user. 2018-11-28 not yet calculated CVE-2018-18203
MISC
httl — httl HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. 2018-11-25 not yet calculated CVE-2018-19530
MISC
httl — httl
 
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. 2018-11-25 not yet calculated CVE-2018-19531
MISC
huawei — espace There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information. 2018-11-27 not yet calculated CVE-2018-7958
CONFIRM
huawei — espace There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. 2018-11-27 not yet calculated CVE-2018-7959
CONFIRM
huawei — espace There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak. 2018-11-27 not yet calculated CVE-2018-7960
CONFIRM
huawei — multiple_products There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage. 2018-11-27 not yet calculated CVE-2018-7977
CONFIRM
huawei — smartphones There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. 2018-11-27 not yet calculated CVE-2018-7946
CONFIRM
huawei — smartphones There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. 2018-11-27 not yet calculated CVE-2018-7988
CONFIRM
huawei — smartphones There is a smart SMS verification code vulnerability in some Huawei smartphones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak. 2018-11-27 not yet calculated CVE-2018-7961
CONFIRM
hunan_jinyun_network_technology_co — pbootcms PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of “eval” with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect appshomecontrollerParserController.php parserIfLabel protection mechanism. 2018-11-27 not yet calculated CVE-2018-19595
MISC
i4_assistant — i4_assistant i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. 2018-11-29 not yet calculated CVE-2018-19527
MISC
ibm — db2_for_linux_unix_and_windows IBM DB2 for Linux, UNIX, and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462. 2018-11-30 not yet calculated CVE-2018-1897
CONFIRM
SECTRACK
XF
ibm — integration_bus IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. 2018-11-26 not yet calculated CVE-2017-1418
CONFIRM
XF
ibm — maximo_asset_management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497. 2018-11-28 not yet calculated CVE-2018-1584
XF
CONFIRM
ibm — rational_collaborative_lifecycle_management IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616. 2018-11-29 not yet calculated CVE-2018-1762
XF
CONFIRM
ibm — stored_iq IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119. 2018-11-30 not yet calculated CVE-2018-1928
CONFIRM
XF
ibm — stored_iq IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. 2018-11-30 not yet calculated CVE-2018-1927
CONFIRM
XF
ibm — websphere_application_server IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. 2018-11-26 not yet calculated CVE-2018-1905
BID
XF
CONFIRM
imperva — securesphere The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. 2018-11-28 not yet calculated CVE-2018-19646
EXPLOIT-DB
interspire — email_marketer admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. 2018-11-28 not yet calculated CVE-2018-19651
MISC
interspire — email_marketer Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php 2018-11-26 not yet calculated CVE-2018-19553
MISC
interspire — email_marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. 2018-11-26 not yet calculated CVE-2018-19552
MISC
interspire — email_marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. 2018-11-26 not yet calculated CVE-2018-19551
MISC
interspire — email_marketer Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php “create survey and submit survey” operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. 2018-11-26 not yet calculated CVE-2018-19550
MISC
interspire — email_marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. 2018-11-26 not yet calculated CVE-2018-19549
MISC
jasper — jasper An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. 2018-11-25 not yet calculated CVE-2018-19539
MISC
jasper — jasper An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. 2018-11-25 not yet calculated CVE-2018-19543
MISC
jasper — jasper An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. 2018-11-25 not yet calculated CVE-2018-19542
MISC
jasper — jasper An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. 2018-11-25 not yet calculated CVE-2018-19541
MISC
jasper — jasper An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. 2018-11-25 not yet calculated CVE-2018-19540
MISC
jiangxi_jinlei_technology_development — jeecms JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. 2018-11-26 not yet calculated CVE-2018-19544
MISC
jiangxi_jinlei_technology_development — jeecms JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. 2018-11-26 not yet calculated CVE-2018-19545
MISC
jtbc — jtbc JTBC (PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. 2018-11-26 not yet calculated CVE-2018-19546
MISC
MISC
jtbc — jtbc
 
JTBC (PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. 2018-11-26 not yet calculated CVE-2018-19547
MISC
MISC
kde — kde_applications The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. 2018-11-29 not yet calculated CVE-2018-19120
MISC
FEDORA
lenovo — lxci LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. 2018-11-30 not yet calculated CVE-2018-16097
CONFIRM
lenovo — lxci In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. 2018-11-30 not yet calculated CVE-2018-9072
CONFIRM
lenovo — lxci In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. 2018-11-30 not yet calculated CVE-2018-16093
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows. 2018-11-27 not yet calculated CVE-2018-16091
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow. 2018-11-27 not yet calculated CVE-2018-16094
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting. 2018-11-27 not yet calculated CVE-2018-16096
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection. 2018-11-27 not yet calculated CVE-2018-16090
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user. 2018-11-27 not yet calculated CVE-2018-16089
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented. 2018-11-27 not yet calculated CVE-2018-9084
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. 2018-11-27 not yet calculated CVE-2018-16095
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file. 2018-11-27 not yet calculated CVE-2018-16092
CONFIRM
lenovo — system_management_module In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS — if the attacker manages to enable SSH or Telnet connections via some other vulnerability. 2018-11-27 not yet calculated CVE-2018-9083
CONFIRM
libconfuse — libconfuse cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. 2018-11-29 not yet calculated CVE-2018-19760
MISC
libjpeg-turbo — libjpeg-turbo libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. 2018-11-29 not yet calculated CVE-2018-19664
MISC
libsixel — libsixel There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. 2018-11-29 not yet calculated CVE-2018-19756
MISC
libsixel — libsixel There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. 2018-11-29 not yet calculated CVE-2018-19759
MISC
libsixel — libsixel There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. 2018-11-29 not yet calculated CVE-2018-19761
MISC
libsixel — libsixel There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. 2018-11-29 not yet calculated CVE-2018-19762
MISC
libsixel — libsixel There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. 2018-11-29 not yet calculated CVE-2018-19763
MISC
libsixel — libsixel There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. 2018-11-29 not yet calculated CVE-2018-19757
MISC
libsndfile — libsndfile There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. 2018-11-29 not yet calculated CVE-2018-19758
MISC
libsndfile — libsndfile An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. 2018-11-29 not yet calculated CVE-2018-19661
MISC
libsndfile — libsndfile An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. 2018-11-29 not yet calculated CVE-2018-19662
MISC
linux — linux_kernel The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. 2018-11-26 not yet calculated CVE-2018-14646
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. 2018-11-26 not yet calculated CVE-2018-16862
BID
CONFIRM
CONFIRM
MLIST
moodle — moodle A flaw was found in moodle before versions 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. The login form is not protected by a token to prevent login cross-site request forgery. 2018-11-26 not yet calculated CVE-2018-16854
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
netwide_assembler — netwide_assembler There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. 2018-11-29 not yet calculated CVE-2018-19755
MISC
MISC
node.js — node.js Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case “javascript:” (e.g. “javAscript:”) protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. 2018-11-28 not yet calculated CVE-2018-12123
CONFIRM
node.js — node.js Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. 2018-11-28 not yet calculated CVE-2018-12122
BID
CONFIRM
node.js — node.js Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. 2018-11-28 not yet calculated CVE-2018-12121
BID
CONFIRM
node.js — node.js Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server. 2018-11-28 not yet calculated CVE-2018-12116
CONFIRM
node.js — node.js Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node –debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node –debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. 2018-11-28 not yet calculated CVE-2018-12120
BID
CONFIRM
nuuo — nuuo_cms NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. 2018-11-27 not yet calculated CVE-2018-17936
MISC
nuuo — nuuo_cms NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. 2018-11-27 not yet calculated CVE-2018-17934
MISC
nuuo — nuuo_cms NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution. 2018-11-27 not yet calculated CVE-2018-18982
MISC
nuuo — nvrmini2_devices NUUO NVRMini2 version 3.10.0 and earlier is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. 2018-11-30 not yet calculated CVE-2018-15716
MISC
MISC
nvidia — geforce_experience NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser. 2018-11-27 not yet calculated CVE-2018-6265
CONFIRM
nvidia — geforce_experience NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. 2018-11-27 not yet calculated CVE-2018-6266
CONFIRM
nvidia — geforce_experience NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges. 2018-11-27 not yet calculated CVE-2018-6263
CONFIRM
ocs_inventory_ng — ocs_inventory_ng Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. 2018-11-29 not yet calculated CVE-2018-15537
MISC
FULLDISC
openwrt_project — openwrt/lede cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. 2018-11-28 not yet calculated CVE-2018-19630
MISC
osb — vt-designer VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. 2018-11-30 not yet calculated CVE-2018-18983
MISC
osb — vt-designer VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution. 2018-11-30 not yet calculated CVE-2018-18987
MISC
ossec — ossec The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITYSYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. 2018-11-29 not yet calculated CVE-2018-19666
MISC
palo_alto_networks — expedition_migration_tool The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. 2018-11-27 not yet calculated CVE-2018-10142
CONFIRM
php_proxy — php_proxy The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. 2018-11-30 not yet calculated CVE-2018-19784
MISC
MISC
php_proxy — php_proxy PHP Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. 2018-11-30 not yet calculated CVE-2018-19785
MISC
MISC
phpok — phpok An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a “Login Background > Program Upgrade > Compressed Packet Upgrade” action in which a .php file is inside a ZIP archive. 2018-11-26 not yet calculated CVE-2018-19562
MISC
plohni — advanced_comment_system internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the “page” parameter. NOTE: The product is discontinued. 2018-11-29 not yet calculated CVE-2018-18619
MISC
FULLDISC
EXPLOIT-DB
podofo — podofo A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. 2018-11-25 not yet calculated CVE-2018-19532
MISC
MISC
powerdns — dnsdist An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the ‘useClientSubnet’ or the experimental ‘addXPF’ parameters are used when declaring a new backend. 2018-11-26 not yet calculated CVE-2018-14663
CONFIRM
CONFIRM
powerdns — powerdns_authoritative_server_and_powerdns_recursor PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. 2018-11-29 not yet calculated CVE-2018-10851
CONFIRM
CONFIRM
CONFIRM
powerdns — powerdns_authoritative_server_and_powerdns_recursor PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. 2018-11-29 not yet calculated CVE-2018-14626
CONFIRM
CONFIRM
CONFIRM
pulse_secure — desktop_client Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. 2018-11-29 not yet calculated CVE-2018-11002
MISC
qnap_systems — multiple_products Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. 2018-11-30 not yet calculated CVE-2018-0716
CONFIRM
qnap_systems — qts Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to inject javascript code. 2018-11-27 not yet calculated CVE-2018-0719
CONFIRM
qnap_systems — qts Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. 2018-11-28 not yet calculated CVE-2018-14746
CONFIRM
qnap_systems — qts Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. 2018-11-28 not yet calculated CVE-2018-14748
CONFIRM
qnap_systems — qts NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. 2018-11-28 not yet calculated CVE-2018-14747
CONFIRM
qnap_systems — qts Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. 2018-11-28 not yet calculated CVE-2018-14749
CONFIRM
qnap_systems — qts Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to run arbitrary code on NAS devices. 2018-11-27 not yet calculated CVE-2018-0721
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. 2018-11-27 not yet calculated CVE-2018-11911
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. 2018-11-27 not yet calculated CVE-2018-11906
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which presents a potential issue. 2018-11-27 not yet calculated CVE-2018-11908
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue. 2018-11-27 not yet calculated CVE-2018-11910
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero. 2018-11-27 not yet calculated CVE-2018-11260
SECTRACK
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication. 2018-11-27 not yet calculated CVE-2018-11946
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. 2018-11-27 not yet calculated CVE-2018-11912
CONFIRM
CONFIRM
qualcomm — android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue. 2018-11-27 not yet calculated CVE-2018-11909
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security. 2018-11-27 not yet calculated CVE-2018-11914
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers. 2018-11-27 not yet calculated CVE-2018-11943
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue. 2018-11-27 not yet calculated CVE-2018-11913
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected. 2018-11-27 not yet calculated CVE-2018-11261
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure. 2018-11-27 not yet calculated CVE-2018-11919
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot. 2018-11-27 not yet calculated CVE-2017-11078
CONFIRM
CONFIRM
qualcomm — android In all android release s(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a potential security issue. 2018-11-27 not yet calculated CVE-2018-11956
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur. 2018-11-27 not yet calculated CVE-2018-5904
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client. 2018-11-27 not yet calculated CVE-2018-11266
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying. 2018-11-27 not yet calculated CVE-2018-5908
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot. 2018-11-27 not yet calculated CVE-2018-5919
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input before copying into buffer. 2018-11-27 not yet calculated CVE-2018-5906
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers. 2018-11-27 not yet calculated CVE-2018-5910
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption. 2018-11-27 not yet calculated CVE-2018-5909
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/ which presents a potential issue. 2018-11-27 not yet calculated CVE-2018-11907
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio. 2018-11-27 not yet calculated CVE-2018-5856
CONFIRM
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module. 2018-11-27 not yet calculated CVE-2018-11823
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the ‘probe’ function fails with an error code. 2018-11-27 not yet calculated CVE-2018-11918
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image. 2018-11-27 not yet calculated CVE-2018-11995
BID
CONFIRM
CONFIRM
qualcomm — android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader. 2018-11-27 not yet calculated CVE-2018-5861
CONFIRM
CONFIRM
qualcomm — multiple_products Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. 2018-11-28 not yet calculated CVE-2018-5918
CONFIRM
qualcomm — multiple_products When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24. 2018-11-28 not yet calculated CVE-2018-11996
BID
CONFIRM
qualcomm — multiple_products Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130. 2018-11-28 not yet calculated CVE-2018-5916
BID
CONFIRM
qualcomm — multiple_products Failure condition is not handled properly and the correct error code is not returned. It could cause unintended SUI behavior and create unintended SUI display in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. 2018-11-28 not yet calculated CVE-2018-11921
CONFIRM
qualcomm — multiple_products In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20. 2018-11-28 not yet calculated CVE-2018-5877
BID
CONFIRM
qualcomm — multiple_products Secure application can access QSEE kernel memory through Ontario kernel driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. 2018-11-28 not yet calculated CVE-2017-18316
BID
CONFIRM
qualcomm — multiple_products Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660. 2018-11-28 not yet calculated CVE-2018-11264
BID
CONFIRM
qualcomm — multiple_products SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. 2018-11-28 not yet calculated CVE-2018-11994
BID
CONFIRM
qualcomm — snapdragon_automobile_and_snapdragon_mobile Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A. 2018-11-28 not yet calculated CVE-2017-18318
BID
CONFIRM
qualcomm — snapdragon_automobile_and_snapdragon_mobile Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A. 2018-11-28 not yet calculated CVE-2017-18317
BID
CONFIRM
qualcomm — snapdragon_automobile_and_snapdragon_mobile Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. 2018-11-28 not yet calculated CVE-2018-5917
BID
CONFIRM
qualcomm — snapdragon_automobile_and_snapdragon_mobile Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660. 2018-11-28 not yet calculated CVE-2018-5912
BID
CONFIRM
qualcomm — snapdragon_mobile Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600. 2018-11-28 not yet calculated CVE-2017-18315
BID
CONFIRM
qualcomm — snapdragon_mobile While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. 2018-11-28 not yet calculated CVE-2018-5870
BID
CONFIRM
rapid7 — komand In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. 2018-11-28 not yet calculated CVE-2018-5559
CONFIRM
MISC
red_hat — ansible_engine Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for ‘become’ passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable. 2018-11-29 not yet calculated CVE-2018-16859
BID
CONFIRM
CONFIRM
red_hat — keycloak The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack. 2018-11-30 not yet calculated CVE-2018-14637
CONFIRM
ruby_on_rails — ruby_on_rails A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. 2018-11-30 not yet calculated CVE-2018-16477
MISC
MISC
ruby_on_rails — ruby_on_rails A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. 2018-11-30 not yet calculated CVE-2018-16476
MISC
MISC
rudra_softech — edusoft index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. 2018-11-26 not yet calculated CVE-2018-19548
MISC
sales_and_company_management_system — sales_and_company_management_system An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists. 2018-11-29 not yet calculated CVE-2018-19654
MISC
samba — ldap_server A denial of service vulnerability was discovered in Samba’s LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. 2018-11-28 not yet calculated CVE-2018-14629
BID
CONFIRM
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CONFIRM
samba — samba Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba’s AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. 2018-11-28 not yet calculated CVE-2018-16851
BID
CONFIRM
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CONFIRM
samba — samba Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service. 2018-11-28 not yet calculated CVE-2018-16852
BID
CONFIRM
CONFIRM
CONFIRM
samba — samba Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba’s KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. 2018-11-28 not yet calculated CVE-2018-16841
BID
CONFIRM
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CONFIRM
samba — samba Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless –with-experimental-mit-ad-dc is specified to the configure command. 2018-11-28 not yet calculated CVE-2018-16853
BID
CONFIRM
CONFIRM
CONFIRM
samba — samba Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation’s password policies apply as expected may not have been re-done after the upgrade. 2018-11-28 not yet calculated CVE-2018-16857
BID
CONFIRM
CONFIRM
CONFIRM
schneider_electric — quantum_modicon An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. 2018-11-30 not yet calculated CVE-2018-7809
CONFIRM
MISC
schneider_electric — quantum_modicon An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server 2018-11-30 not yet calculated CVE-2018-7811
CONFIRM
MISC
schneider_electric — quantum_modicon Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. 2018-11-30 not yet calculated CVE-2018-7830
CONFIRM
MISC
schneider_electric — quantum_modicon An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. 2018-11-30 not yet calculated CVE-2018-7831
CONFIRM
MISC
schneider_electric — quantum_modicon An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user’s browser, potentially impacting the machine the browser is running on. 2018-11-30 not yet calculated CVE-2018-7810
CONFIRM
MISC
schneider_electric — struxureware_data_center _operation Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. 2018-11-30 not yet calculated CVE-2018-7806
MISC
schneider_electric — struxureware_data_center_expert Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. 2018-11-30 not yet calculated CVE-2018-7807
MISC
sdcms — sdcms app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector). 2018-11-29 not yet calculated CVE-2018-19748
MISC
MISC
sdcms — sdcms An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace ‘e’ calls, allowing users to execute arbitrary code by leveraging access to admin template management. 2018-11-25 not yet calculated CVE-2018-19520
MISC
MISC
showdoc — showdoc server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. 2018-11-28 not yet calculated CVE-2018-19621
MISC
showdoc — showdoc ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. 2018-11-27 not yet calculated CVE-2018-19609
MISC
showdoc — showdoc ShowDoc 2.4.1 allows remote attackers to edit other users’ notes by navigating with a modified page_id. 2018-11-28 not yet calculated CVE-2018-19620
MISC
MISC
MISC
sikcms — sikcms sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. 2018-11-26 not yet calculated CVE-2018-19561
MISC
suse — opensuse_leap_and_suse_linux_enterprise A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). 2018-11-27 not yet calculated CVE-2018-17953
CONFIRM
symantec — endpoint_protection Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated. 2018-11-29 not yet calculated CVE-2018-12245
BID
CONFIRM
symantec — multiple_products Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. 2018-11-29 not yet calculated CVE-2018-12238
BID
CONFIRM
symantec — multiple_products Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. 2018-11-29 not yet calculated CVE-2018-12239
BID
CONFIRM
symantec — security_analytics_web_ui The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. 2018-11-27 not yet calculated CVE-2018-12241
BID
CONFIRM
tcpdump — tcpdump In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. 2018-11-25 not yet calculated CVE-2018-19519
MISC
teledyne_dalsa — sherlock A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution. 2018-11-28 not yet calculated CVE-2018-17930
BID
MISC
MISC
terramaster — tos Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders’ names. 2018-11-27 not yet calculated CVE-2018-13357
MISC
terramaster — tos System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the “checkport” parameter. 2018-11-27 not yet calculated CVE-2018-13353
MISC
terramaster — tos System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the “Event” parameter. 2018-11-27 not yet calculated CVE-2018-13354
MISC
terramaster — tos User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the “modgroup” parameter. 2018-11-27 not yet calculated CVE-2018-13361
MISC
terramaster — tos Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. 2018-11-27 not yet calculated CVE-2018-13355
MISC
terramaster — tos Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the “filename” URL parameter. 2018-11-27 not yet calculated CVE-2018-13360
MISC
terramaster — tos System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the “checkName” parameter. 2018-11-27 not yet calculated CVE-2018-13358
MISC
terramaster — tos System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the “newname” parameter. 2018-11-27 not yet calculated CVE-2018-13418
MISC
terramaster — tos Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the “modgroup” parameter. 2018-11-27 not yet calculated CVE-2018-13359
MISC
terramaster — tos Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. 2018-11-27 not yet calculated CVE-2018-13356
MISC
terramaster — tos Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. 2018-11-27 not yet calculated CVE-2018-13331
MISC
terramaster — tos Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users’ session cookies via JavaScript. 2018-11-27 not yet calculated CVE-2018-13337
MISC
terramaster — tos Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. 2018-11-27 not yet calculated CVE-2018-13335
MISC
terramaster — tos Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the “options[sysname]” parameter. 2018-11-27 not yet calculated CVE-2018-13334
MISC
terramaster — tos Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users’ usernames. 2018-11-27 not yet calculated CVE-2018-13333
MISC
terramaster — tos Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the “path” URL parameter. 2018-11-27 not yet calculated CVE-2018-13332
MISC
terramaster — tos System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the “groupname” parameter. 2018-11-27 not yet calculated CVE-2018-13330
MISC
terramaster — tos System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the “pwd” parameter during user creation. 2018-11-27 not yet calculated CVE-2018-13336
MISC
terramaster — tos Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the “lines” URL parameter. 2018-11-27 not yet calculated CVE-2018-13329
MISC
terramaster — tos System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the “username” parameter during user creation. 2018-11-27 not yet calculated CVE-2018-13338
MISC
terramaster — tos Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user’s username. 2018-11-27 not yet calculated CVE-2018-13349
MISC
terramaster — tos SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the “Event” parameter. 2018-11-27 not yet calculated CVE-2018-13350
MISC
terramaster — tos Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. 2018-11-27 not yet calculated CVE-2018-13352
MISC
terramaster — tos Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. 2018-11-27 not yet calculated CVE-2018-13351
MISC
the-sleuth_kit — the_sleuth_kit
 
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). 2018-11-29 not yet calculated CVE-2018-19497
MISC
MISC
tibco_software — tibco_statistica_server The web application of the TIBCO Statistica component of TIBCO Software Inc.’s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Statistica Server versions up to and including 13.4.0. 2018-11-26 not yet calculated CVE-2018-18807
BID
MISC
CONFIRM
totolink — a3002ru_routers Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user’s password. 2018-11-26 not yet calculated CVE-2018-13309
MISC
totolink — a3002ru_routers Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user’s username. 2018-11-26 not yet calculated CVE-2018-13310
MISC
totolink — a3002ru_routers System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the “ftpUser” POST parameter. 2018-11-27 not yet calculated CVE-2018-13306
MISC
totolink — a3002ru_routers System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the “ntpServerIp2” POST parameter. Certain payloads cause the device to become permanently inoperable. 2018-11-27 not yet calculated CVE-2018-13307
MISC
totolink — a3002ru_routers Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the “User phrases button” field. 2018-11-26 not yet calculated CVE-2018-13308
MISC
totolink — a3002ru_routers Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the “Input your notice URL” field. 2018-11-26 not yet calculated CVE-2018-13312
MISC
totolink — a3002ru_routers Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. 2018-11-26 not yet calculated CVE-2018-13317
MISC
totolink — a3002ru_routers System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the “ipAddr” POST parameter. 2018-11-27 not yet calculated CVE-2018-13314
MISC
totolink — a3002ru_routers Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user’s password via an unauthenticated POST request. 2018-11-26 not yet calculated CVE-2018-13315
MISC
totolink — a3002ru_routers System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the “subnet” POST parameter. 2018-11-27 not yet calculated CVE-2018-13316
MISC
totolink — a3002ru_routers System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the “sambaUser” POST parameter. 2018-11-26 not yet calculated CVE-2018-13311
MISC
tp-link — archer_c5_devices TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases. 2018-11-25 not yet calculated CVE-2018-19537
MISC
tp-link — tl-r600vpn_http_server An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. 2018-12-01 not yet calculated CVE-2018-3951
MISC
tp-link — tl-r600vpn_http_server An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability. 2018-11-30 not yet calculated CVE-2018-3948
MISC
tp-link — tl-r600vpn_http_server An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. 2018-11-30 not yet calculated CVE-2018-3949
MISC
tp-link — tl-r600vpn_hwv3_frnv1.3.o_and_hwv2_frnv1.2.3 An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability. 2018-11-30 not yet calculated CVE-2018-3950
MISC
tp-link — tl-wr886n_devices TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. 2018-11-25 not yet calculated CVE-2018-19528
MISC
tp4a — teleport tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. 2018-11-26 not yet calculated CVE-2018-19555
MISC
tp5cms — tp5cms An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter. 2018-11-29 not yet calculated CVE-2018-19693
MISC
tp5cms — tp5cms An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type. 2018-11-29 not yet calculated CVE-2018-19692
MISC
umbraco — umbraco_cms Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content. 2018-11-27 not yet calculated CVE-2018-17256
MISC
university_of_washington — imap_toolkit_2007f
 
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a “-oProxyCommand” argument. 2018-11-25 not yet calculated CVE-2018-19518
BID
SECTRACK
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
EXPLOIT-DB
MISC
vmware — workstation VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. 2018-11-27 not yet calculated CVE-2018-6983
BID
CONFIRM
wireshark — wireshark In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. 2018-11-28 not yet calculated CVE-2018-19622
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. 2018-11-28 not yet calculated CVE-2018-19623
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. 2018-11-28 not yet calculated CVE-2018-19624
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. 2018-11-28 not yet calculated CVE-2018-19625
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding ” termination. 2018-11-28 not yet calculated CVE-2018-19626
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. 2018-11-28 not yet calculated CVE-2018-19628
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. 2018-11-28 not yet calculated CVE-2018-19627
BID
MISC
MISC
MISC
wordpress — wordpress A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. 2018-11-28 not yet calculated CVE-2018-19370
MISC
MISC
MISC
wordpress — wordpress Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. 2018-11-26 not yet calculated CVE-2018-19564
EXPLOIT-DB
xiaomi — mi_router Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. 2018-11-27 not yet calculated CVE-2018-13022
MISC
xiaomi — mi_router System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the “timeout” URL parameter. 2018-11-27 not yet calculated CVE-2018-13023
MISC
xiaomi — mi_router System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the “payload” URL parameter. 2018-11-27 not yet calculated CVE-2018-16130
MISC
z-blogphp — z-blogphp zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. 2018-11-26 not yet calculated CVE-2018-19556
MISC
zoom_video_communications — zoom Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. 2018-11-30 not yet calculated CVE-2018-15715
MISC
zyxel_communications — nsa325_devices A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. 2018-11-27 not yet calculated CVE-2018-14893
MISC
zyxel_communications — nsa325_devices Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. 2018-11-27 not yet calculated CVE-2018-14892
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Wireshark update 2.6.5 available, (Sat, Dec 1st)

This post was originally published on this site

Wireshark version 2.6.5 is available: release notes.

And I’m taking this opportunity to feature one of the tools that come with the installation of Wireshark: capinfos.

capinfos is a simple but useful tool, it takes capture files as input and displays information about the input files:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Protecting Against Identity Theft

This post was originally published on this site

Original release date: November 29, 2018

As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and protect personal information against identity theft. Identity thieves steal personal information, such as a credit card, and run up bills in the victim’s name.

CISA encourages consumers to review the following tips to help reduce the risk of falling prey to identity theft:

If you believe you are a victim of identity theft, visit the FTC’s identity theft website to file a report and create a personal recovery plan.


This product is provided subject to this Notification and this Privacy & Use policy.