SB18-330: Vulnerability Summary for the Week of November 19, 2018

This post was originally published on this site

Original release date: November 26, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — spark In all versions of Apache Spark, its standalone resource manager accepts code to execute on a ‘master’ host, that then runs that code on ‘worker’ hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected. 2018-11-19 not yet calculated CVE-2018-17190
BID
MISC
arm — adult_filter Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. 2018-11-22 not yet calculated CVE-2018-19459
MISC
EXPLOIT-DB
articlecms — articlecms ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. 2018-11-23 not yet calculated CVE-2018-19469
MISC
artifex — ghostscript psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. 2018-11-23 not yet calculated CVE-2018-19475
MISC
MISC
MISC
MISC
artifex — ghostscript An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. 2018-11-21 not yet calculated CVE-2018-19409
BID
MISC
MISC
GENTOO
MISC
artifex — ghostscript psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. 2018-11-23 not yet calculated CVE-2018-19477
MISC
MISC
MISC
MISC
artifex — ghostscript psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. 2018-11-23 not yet calculated CVE-2018-19476
MISC
MISC
MISC
MISC
askey– qbee_camera_app_for_android Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. 2018-11-20 not yet calculated CVE-2018-16223
MISC
FULLDISC
bestxsoftware — best_free_keylogger BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse “%PROGRAMFILES%BFK 5.2.9syscrb.exe” file because of insecure permissions for the BUILTINUsers group. 2018-11-19 not yet calculated CVE-2018-18519
MISC
clippercms — clippercms ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. 2018-11-21 not yet calculated CVE-2018-19424
MISC
cloud_foundry — user_account_and_authentication_server Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. 2018-11-19 not yet calculated CVE-2018-15761
CONFIRM
comsenz– discuz! Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and templatedefaultcommonfooter.htm mishandle s statcode field from third-party stats code. 2018-11-22 not yet calculated CVE-2018-19464
MISC
contiki-ng — contiki-ng An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. 2018-11-21 not yet calculated CVE-2018-19417
MISC
control_web_panel — centos-webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. 2018-11-20 not yet calculated CVE-2018-18774
MISC
MISC
EXPLOIT-DB
control_web_panel — centos-webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. 2018-11-20 not yet calculated CVE-2018-18772
MISC
MISC
EXPLOIT-DB
control_web_panel — centos-webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. 2018-11-20 not yet calculated CVE-2018-18773
MISC
MISC
EXPLOIT-DB
denx — u-boot DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. 2018-11-20 not yet calculated CVE-2018-18439
MLIST
denx — u-boot DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. 2018-11-20 not yet calculated CVE-2018-18440
MLIST
fineuploader — fineuploader Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 2018-11-19 not yet calculated CVE-2018-9209
MISC
fluidbyte — codiad Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. 2018-11-21 not yet calculated CVE-2018-19423
MISC
foxit_software — foxit_reader FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. 2018-11-20 not yet calculated CVE-2018-19389
MISC
MISC
foxit_software — foxit_reader FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. 2018-11-20 not yet calculated CVE-2018-19390
MISC
MISC
foxit_software — foxit_reader FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue. 2018-11-20 not yet calculated CVE-2018-19388
MISC
MISC
freeware_advanced_audio_decoder_2 — freeware_advanced_audio_decoder_2 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. 2018-11-23 not yet calculated CVE-2018-19502
MISC
MISC
freeware_advanced_audio_decoder_2 — freeware_advanced_audio_decoder_2 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. 2018-11-23 not yet calculated CVE-2018-19503
MISC
MISC
freeware_advanced_audio_decoder_2 — freeware_advanced_audio_decoder_2 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. 2018-11-23 not yet calculated CVE-2018-19504
MISC
MISC
getsimple_cms — getsimple_cms In GetSimple CMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. 2018-11-21 not yet calculated CVE-2018-19420
MISC
getsimple_cms — getsimple_cms In GetSimple CMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. 2018-11-21 not yet calculated CVE-2018-19421
MISC
git — git Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if ‘.’ were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. 2018-11-23 not yet calculated CVE-2018-19486
MISC
MISC
gnome — keyring GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. 2018-11-18 not yet calculated CVE-2018-19358
MISC
MISC
MISC
gnuplot — gnuplot An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. 2018-11-23 not yet calculated CVE-2018-19490
MISC
MISC
gnuplot — gnuplot An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the “set font” function. This issue occurs when the Gnuplot postscript terminal is used as a backend. 2018-11-23 not yet calculated CVE-2018-19491
MISC
MISC
gnuplot — gnuplot
 
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the “set font” function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. 2018-11-23 not yet calculated CVE-2018-19492
MISC
MISC
google — chromium Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. 2018-11-20 not yet calculated CVE-2018-10099
MISC
MISC
MISC
google — chromium Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. 2018-11-20 not yet calculated CVE-2018-19335
MISC
MISC
MISC
google — chromium
 
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. 2018-11-20 not yet calculated CVE-2018-19334
MISC
MISC
MISC
greencms — greencms An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. 2018-11-20 not yet calculated CVE-2018-19376
MISC
hayageek — hayageek Arbitrary file upload in jQuery Upload File <= 4.0.2 2018-11-19 not yet calculated CVE-2018-9207
MISC
hucart_cms — hucart_cms HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. 2018-11-23 not yet calculated CVE-2018-19468
MISC
ibm — api_connect IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802. 2018-11-20 not yet calculated CVE-2018-1779
BID
XF
CONFIRM
ibm — cloud_private The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903 2018-11-21 not yet calculated CVE-2018-1843
CONFIRM
XF
ibm — cloud_private IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901. 2018-11-19 not yet calculated CVE-2018-1841
BID
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing “dot dot slash” sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as “Zip-Slip”. IBM X-Force ID: 149427. 2018-11-16 not yet calculated CVE-2018-1797
BID
SECTRACK
XF
CONFIRM
ismart_alarm– ismartalarm_cube_one_devices Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. 2018-11-20 not yet calculated CVE-2018-16224
MISC
FULLDISC
ismart_alarm — ismartalarm_app_for_android Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. 2018-11-20 not yet calculated CVE-2018-16222
MISC
FULLDISC
libansilove — libansilove The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2018-11-18 not yet calculated CVE-2018-19353
MISC
MISC
libsndfile — libsndfile An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. 2018-11-22 not yet calculated CVE-2018-19432
BID
MISC
linux — linux_kernel In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction. 2018-11-16 not yet calculated CVE-2018-18955
MISC
BID
MISC
MISC
MISC
MISC
EXPLOIT-DB
linux — linux_kernel kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. 2018-11-20 not yet calculated CVE-2018-19406
BID
MISC
linux — linux_kernel The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. 2018-11-20 not yet calculated CVE-2018-19407
BID
MISC
liquidvpn — liquidvpn Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the “command_line” parameter as a shell command. 2018-11-20 not yet calculated CVE-2018-18857
MISC
FULLDISC
EXPLOIT-DB
liquidvpn — liquidvpn Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the “tun_path” or “tap_path” pathname in a kextload() call. 2018-11-20 not yet calculated CVE-2018-18859
MISC
FULLDISC
EXPLOIT-DB
liquidvpn — liquidvpn_ Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the “tun_path” or “tap_path” pathname within a shell command. 2018-11-20 not yet calculated CVE-2018-18858
MISC
FULLDISC
EXPLOIT-DB
liquidvpn — liquidvpn
 
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the “openvpncmd” parameter as a shell command. 2018-11-20 not yet calculated CVE-2018-18856
MISC
FULLDISC
EXPLOIT-DB
loadbalancer.org — enterprise_va_max Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. 2018-11-20 not yet calculated CVE-2018-18864
MISC
FULLDISC
logicspice — logicspice Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. 2018-11-22 not yet calculated CVE-2018-19457
MISC
EXPLOIT-DB
micro_focus/netiq — access_manager_identity_provider An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. 2018-11-20 not yet calculated CVE-2018-17948
MISC
novell — netware In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. 2018-11-21 not yet calculated CVE-2009-5153
MISC
MISC
MISC
paessler– prtg_network_monitor PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn’t check, or doesn’t properly check, user rights. 2018-11-21 not yet calculated CVE-2018-19411
MISC
paessler– prtg_network_monitor PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the ‘include’ directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the ‘id’ and ‘users’ parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator). 2018-11-21 not yet calculated CVE-2018-19410
MISC
pcman_ftp_server — pcman_ftp_server Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. 2018-11-20 not yet calculated CVE-2018-18861
MISC
philips — multiple_products Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. 2018-11-19 not yet calculated CVE-2018-17906
BID
MISC
php — php ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM(“WScript.Shell”). 2018-11-20 not yet calculated CVE-2018-19395
BID
MISC
php — php ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. 2018-11-20 not yet calculated CVE-2018-19396
BID
MISC
php_proxy — php_proxy In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. 2018-11-22 not yet calculated CVE-2018-19458
MISC
EXPLOIT-DB
phpbb — phpbb Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. 2018-11-17 not yet calculated CVE-2018-19274
MISC
MLIST
CONFIRM
pivotal — cloud_foundry_on_demand_services_sdk Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations. 2018-11-19 not yet calculated CVE-2018-15759
CONFIRM
portainer.io — portainer Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. 2018-11-20 not yet calculated CVE-2018-19367
MISC
MISC
prestashop — prestashop modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). 2018-11-18 not yet calculated CVE-2018-19355
MISC
project_jupyter — jupyter_notebook Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. 2018-11-18 not yet calculated CVE-2018-19351
MISC
MISC
MISC
MISC
project_jupyter — jupyter_notebook
 
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. 2018-11-18 not yet calculated CVE-2018-19352
MISC
MISC
MISC
roche_diagnostics — accu-check_inform_ii_base_unit_and_coaguchek An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface. 2018-11-20 not yet calculated CVE-2018-18562
BID
MISC
roche_diagnostics — accu-chek_inform_ii_base_unit_and_coaguchek An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system. 2018-11-20 not yet calculated CVE-2018-18561
BID
MISC
roche_diagnostics — multiple_products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message. 2018-11-20 not yet calculated CVE-2018-18563
BID
MISC
roche_diagnostics — multiple_products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package. 2018-11-20 not yet calculated CVE-2018-18565
BID
MISC
roche_diagnostics — multiple_products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration. 2018-11-20 not yet calculated CVE-2018-18564
BID
MISC

royal_applications — royal_ts_and_tsx_browser_extensions

The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. 2018-11-20 not yet calculated CVE-2018-18865
MISC
FULLDISC
FULLDISC
EXPLOIT-DB
samsung — 840_evo_devices An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. 2018-11-20 not yet calculated CVE-2018-12038
CERT-VN
BID
MISC
CONFIRM
samsung — multiple_devices An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in “ATA high” mode, not vulnerable in “TCG” or “ATA max” mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. 2018-11-20 not yet calculated CVE-2018-12037
BID
MISC
CONFIRM
showdoc — showdoc ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. 2018-11-22 not yet calculated CVE-2018-19433
MISC
subrion — subrion_cms /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. 2018-11-21 not yet calculated CVE-2018-19422
MISC
sysstat — sysstat An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. 2018-11-21 not yet calculated CVE-2018-19416
MISC
sysstat — sysstat An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. 2018-11-24 not yet calculated CVE-2018-19517
MISC
tryton — tryton The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle. 2018-11-22 not yet calculated CVE-2018-19443
MISC
MISC
ucms — ucms UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE[‘admin_’.cookiehash] is used for arbitrary cookie values that are set and not empty. 2018-11-22 not yet calculated CVE-2018-19437
MISC
vanilla_forums — vanilla Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. 2018-11-23 not yet calculated CVE-2018-19499
MISC
weberp — weberp An issue was discovered on the “Bank Account Matching – Receipts” screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. 2018-11-22 not yet calculated CVE-2018-19434
MISC
weberp — weberp An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. 2018-11-22 not yet calculated CVE-2018-19435
MISC
weberp — weberp An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. 2018-11-22 not yet calculated CVE-2018-19436
MISC
yxcms — yxcms In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. 2018-11-20 not yet calculated CVE-2018-19404
MISC
z-blogphp — z-blogphp zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. 2018-11-22 not yet calculated CVE-2018-19463
MISC
zoho — manageengine_opmanager Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. 2018-11-20 not yet calculated CVE-2018-18716
MISC
FULLDISC
BUGTRAQ
zoho — manageengine_opmanager Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. 2018-11-20 not yet calculated CVE-2018-18715
MISC
FULLDISC
BUGTRAQ

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

November 26, 2018