CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

Source: CVE-2018-15908

CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

Source: CVE-2018-15909

CVE-2018-3927

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability.

Source: CVE-2018-3927

CVE-2018-3904

An exploitable buffer overflow vulnerability exists in the camera ‘update’ feature of video-core’s HTTP server of Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

Source: CVE-2018-3904

CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings’ remote servers, which incorrectly handle camera IDs for the ‘sync’ operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.

Source: CVE-2018-3918

CVE-2018-3893

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core’s HTTP server of Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

Source: CVE-2018-3893

CVE-2018-15887

Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.

Source: CVE-2018-15887

CVE-2018-15904

A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008.

Source: CVE-2018-15904

CVE-2018-15810

Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters.

Source: CVE-2018-15810

CVE-2018-1644

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 – 9.0.0.4, 8.0.0.0 – 8.0.0.19, 8.0.1.0 – 8.0.1.13, 8.0.3.0 – 8.0.3.6, 8.0.4.0 – 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.

Source: CVE-2018-1644