CVE-2018-5301

CVE: CVE-2018-5301
Published: 2018-01-08T22:29Z
Vendor: magento
Products: magento
Versions: 1.9.1.0, 1.9.2.2, 1.14.1.0, 1.14.2.2,
Description Language: en
Description: Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
References:
https://magento.com/security/patches/magento-2010-and-212-security-update

CVE-2018-5298

CVE: CVE-2018-5298
Published: 2018-01-08T08:29Z
Vendor: pg
Products: oral-b_app
Versions: 5.0.0,
Description Language: en
Description: In the Procter & Gamble “Oral-B App” (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.
References:
https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html

CVE-2018-5296

CVE: CVE-2018-5296
Published: 2018-01-08T07:29Z
Vendor: podofo_project
Products: podofo
Versions: 0.9.5,
Description Language: en
Description: In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1531956

CVE-2018-5295

CVE: CVE-2018-5295
Published: 2018-01-08T07:29Z
Vendor: podofo_project
Products: podofo
Versions: 0.9.5,
Description Language: en
Description: In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1531897

CVE-2018-5294

CVE: CVE-2018-5294
Published: 2018-01-08T07:29Z
Vendor: libming
Products: libming
Versions: 0.4.8,
Description Language: en
Description: In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.
References:
https://github.com/libming/libming/issues/98

CVE-2018-5293

CVE: CVE-2018-5293
Published: 2018-01-08T07:29Z
Vendor: gd_rating_system_project
Products: gd_rating_system
Versions: 2.3,
Description Language: en
Description: The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
https://wpvulndb.com/vulnerabilities/8995

CVE-2018-5292

CVE: CVE-2018-5292
Published: 2018-01-08T07:29Z
Vendor: gd_rating_system_project
Products: gd_rating_system
Versions: 2.3,
Description Language: en
Description: The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
https://wpvulndb.com/vulnerabilities/8995

CVE-2018-5291

CVE: CVE-2018-5291
Published: 2018-01-08T07:29Z
Vendor: gd_rating_system_project
Products: gd_rating_system
Versions: 2.3,
Description Language: en
Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
https://wpvulndb.com/vulnerabilities/8995

CVE-2018-5290

CVE: CVE-2018-5290
Published: 2018-01-08T07:29Z
Vendor: gd_rating_system_project
Products: gd_rating_system
Versions: 2.3,
Description Language: en
Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
https://wpvulndb.com/vulnerabilities/8995

CVE-2018-5289

CVE: CVE-2018-5289
Published: 2018-01-08T07:29Z
Vendor: gd_rating_system_project
Products: gd_rating_system
Versions: 2.3,
Description Language: en
Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
https://wpvulndb.com/vulnerabilities/8995

CVE-2018-5288

CVE: CVE-2018-5288
Published: 2018-01-08T07:29Z
Vendor: gd_rating_system_project
Products: gd_rating_system
Versions: 2.3,
Description Language: en
Description: The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
https://wpvulndb.com/vulnerabilities/8995

CVE-2018-5287

CVE: CVE-2018-5287
Published: 2018-01-08T07:29Z
Vendor: gd_rating_system_project
Products: gd_rating_system
Versions: 2.3,
Description Language: en
Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
https://wpvulndb.com/vulnerabilities/8995