SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
F5 BIG-IP 13.0.0-220.127.116.11, 12.1.0-18.104.22.168, or 11.6.0-22.214.171.124 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".
Through undisclosed methods, on F5 BIG-IP 13.0.0-126.96.36.199, 12.1.0-188.8.131.52, 11.6.0-184.108.40.206, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2).
A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-220.127.116.11 or 12.1.0-18.104.22.168 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-22.214.171.124, 12.1.0-126.96.36.199, 11.6.0-188.8.131.52, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.
On F5 BIG-IP DNS 13.1.0-184.108.40.206, 12.1.3-220.127.116.11, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".
Under certain conditions, on F5 BIG-IP ASM 13.0.0-18.104.22.168, 12.1.0-22.214.171.124, 11.6.0-126.96.36.199, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file.
When F5 BIG-IP ASM 13.0.0-188.8.131.52, 12.1.0-184.108.40.206, 11.6.0-220.127.116.11, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.
F5 BIG-IP 13.0.0-13.0.1, 12.1.0-18.104.22.168, or 11.2.1-22.214.171.124 HTTPS health monitors do not validate the identity of the monitored server.
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers.
Symantec Management Agent (Altiris) CVE-2018-5240 Privilege Escalation Vulnerability
Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid.