NVD

CVE-2018-12591

NVD Vulnerabilities - Wed, 06/20/2018 - 08:29
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions.
Categories: NVD

CVE-2018-12592

NVD Vulnerabilities - Wed, 06/20/2018 - 08:29
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.
Categories: NVD

CVE-2018-8030

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.
Categories: NVD

CVE-2018-1117

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.
Categories: NVD

CVE-2018-11701

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: NVD

CVE-2018-11702

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: NVD

CVE-2018-11703

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: NVD

CVE-2018-11704

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: NVD

CVE-2018-11705

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: NVD

CVE-2018-11706

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: NVD

CVE-2018-11707

NVD Vulnerabilities - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: NVD

CVE-2018-12294

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
Categories: NVD

CVE-2018-12519

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
Categories: NVD

CVE-2018-12588

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).
Categories: NVD

CVE-2018-10811

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
Categories: NVD

CVE-2018-10945

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.
Categories: NVD

CVE-2018-11116

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution.
Categories: NVD

CVE-2018-11723

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file.
Categories: NVD

CVE-2018-11724

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
Categories: NVD

CVE-2018-11725

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.
Categories: NVD