Weekly Update: a new vulnerability is published on the National Vulnerability Database (38 items)

New vulnerabilities from the NVD: CVE-2017-15515 NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. Published at: March 05, 2019 at 12:29AM View on website March 05, 2019 at 01:25AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-15361 UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. Published at: March 05, 2019 at 05:29PM View on website March 05, 2019 at 07:26PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-11793 When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. Published at: March 05, 2019 at 11:29PM View on website March 06, 2019 at 01:25AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-1912 IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152736. Published at: March 06, 2019 at 10:29PM View on website March 06, 2019 at 11:50PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-1911 IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152735. Published at: March 06, 2019 at 10:29PM View on website March 06, 2019 at 11:50PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-20799 (pfsense) In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions. Published at: March 01, 2019 at 05:29PM View on website March 07, 2019 at 05:50PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-11783 sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. Published at: March 07, 2019 at 08:29PM View on website March 07, 2019 at 09:50PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-0192 In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. Published at: March 07, 2019 at 11:29PM View on website March 08, 2019 at 01:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-18816 The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. Published at: March 08, 2019 at 12:29AM View on website March 08, 2019 at 01:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-18815 The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. Published at: March 08, 2019 at 12:29AM View on website March 08, 2019 at 01:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-18809 The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Com munity Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. Published at: March 08, 2019 at 12:29AM View on website March 08, 2019 at 01:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-18808 The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. Published at: March 08, 2019 at 12:29AM View on website March 08, 2019 at 01:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-18449 EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17988 LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17429 /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17426 WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17425 WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17422 dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17421 An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17420 An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17419 An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17418 Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17416 A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17415 zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17414 zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17413 XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17412 zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16809 An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16808 An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16804 An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14499 An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14498 get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14038 The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-12447 GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7468 Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7467 Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7466 Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. Published at: March 08, 2019 at 01:29AM View on website March 08, 2019 at 03:50AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-3164 Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. Published at: March 08, 2019 at 11:29PM View on website March 09, 2019 at 01:51AM via National Vulnerability Database