Weekly Update: a new vulnerability is published on the National Vulnerability Database (29 items)

New vulnerabilities from the NVD: CVE-2018-17944 On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change. Published at: March 12, 2019 at 06:29PM View on website March 12, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17937 gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. Published at: March 13, 2019 at 07:29PM View on website March 13, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-2254 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch. Published at: March 13, 2019 at 06:29PM View on website March 13, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-0389 A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier. Published at: March 13, 2019 at 11:29PM View on website March 14, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-20801 (highcharts) In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS. Published at: March 14, 2019 at 06:29PM View on website March 14, 2019 at 09:57PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12215 Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12214 Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12213 Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12212 Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12211 Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12210 Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12209 Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12208 Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12205 Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow unauthenticated user to potentially execute arbitrary code via physical access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12204 Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially execute arbitrary code via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12203 Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12202 Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12201 Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12200 Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12199 Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12198 Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12196 Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12192 Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12191 Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12190 Insufficient input validation in Intel CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially execute arbitrary code via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12189 Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12188 Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12187 Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12185 Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Published at: March 14, 2019 at 10:29PM View on website March 15, 2019 at 01:57AM via National Vulnerability Database