|
CVE-2018-0428
|
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548. |
HIGH |
Aug 18, 2018 |
|
CVE-2018-10140
|
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. |
MEDIUM |
Aug 18, 2018 |
|
CVE-2018-14007
|
Citrix XenServer 7.1 and newer allows Directory Traversal. |
HIGH |
Aug 18, 2018 |
|
CVE-2018-14057
|
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the Settings > Users / Roles function. |
MEDIUM |
Aug 18, 2018 |
|
CVE-2018-14058
|
Pimcore before 5.3.0 allows SQL Injection via the REST web service API. |
MEDIUM |
Aug 18, 2018 |
|
CVE-2018-15172
|
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. |
MEDIUM |
Aug 18, 2018 |
|
CVE-2018-5546
|
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. |
HIGH |
Aug 18, 2018 |
|
CVE-2018-5547
|
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges |
HIGH |
Aug 18, 2018 |
|
CVE-2016-9598
|
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2017-1732
|
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-0410
|
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-11509
|
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-11511
|
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the \'album_id\' or \'scope\' parameter via a photo-gallery/api/album/tree_lists/ URI. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-14981
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-14982
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-15350
|
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-15351
|
Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-15352
|
An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15353
|
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-15354
|
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15355
|
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15356
|
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15357
|
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15358
|
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15359
|
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15360
|
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-15468
|
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15469
|
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15470
|
An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 Operations on data structures of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15471
|
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15482
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-15491
|
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%�emana�ALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15492
|
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15494
|
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-15495
|
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15501
|
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol ng packet that lacks a \'\\0\' byte to trigger an out-of-bounds read that leads to DoS. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15504
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-15505
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted Host header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. |
MEDIUM |
Aug 17, 2018 |
|
CVE-2018-3783
|
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-3784
|
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-3785
|
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. |
HIGH |
Aug 17, 2018 |
|
CVE-2018-6622
|
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation. |
LOW |
Aug 17, 2018 |
|
CVE-2016-9596
|
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. |
MEDIUM |
Aug 16, 2018 |
|
CVE-2018-12256
|
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. |
MEDIUM |
Aug 16, 2018 |
|
CVE-2018-15122
|
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource. |
MEDIUM |
Aug 16, 2018 |
|
CVE-2018-1712
|
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. |
HIGH |
Aug 16, 2018 |
|
CVE-2018-1715
|
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. |
LOW |
Aug 16, 2018 |
|
CVE-2018-6973
|
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. |
HIGH |
Aug 16, 2018 |
|
CVE-2018-8200
|
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka Device Guard Code Integrity Policy Security Feature Bypass Vulnerability. This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204. |
MEDIUM |
Aug 16, 2018 |
|
CVE-2018-8204
|
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka Device Guard Code Integrity Policy Security Feature Bypass Vulnerability. This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200. |
MEDIUM |
Aug 16, 2018 |
