1. The right quantity

2. The approach to splitting data

3. The past

4. Domain expertise

5. The right kind of data transformation

Posted by manga0713

 

 

 

 

 

 

 

1. Prescriptive Analytics

 

2. Dark Data Revelation

 

3. Increased focus on data quality

 

4. Tackling data security

 

5. Integrating new data streams

 

6. Specialization of job roles

 

7. Increased valuation of data assets

 

8. Rise of analytics as a service

 

9. Data Humanism

 

10. Incoperating new analytical tools

 

11. Cognitive Technologies

 

12. Machine learning

Posted by manga0713

 

 

 

 

 

 

 

1. The Rise of Voice Shopping

 

2. The Social-Commerce Relationship

 

3. Connecting Offline-to-Online Sales

 

4. The Data Collaboration Inperative

 

5. The Power of Product Feed Optimization

 

6. Under GDPR & Data Management

 

7. The Battle for Video

 

8. The Growth of Acquisition and Partnerships

Posted by manga0713

[이미지출처: Gartner Top 10 Strategic Technology Trends for 2018]

 

 

 

 

 

 

1. 인공지능 강화 시스템(AI Foundation)

 

2. 지능형 애플리케이션 및 분석(Intelligent Apps and Analytics)

 

3. 지능형 사물(Intelligent Things)

 

4. 디지털 트윈(Digital Twin)

 

5. 클라우드에서 엣지로(Cloud to the Edge)

 

6. 대화형 플랫폼(Conversational Platforms)

 

7. 몰입 경험(Immersive Experience)

 

8. 블록체인(Blockchain)

 

9. 이벤트 기반 모델(Event-Driven)

 

10. 지속적이며 적응 가능한 리스크·신뢰 평가(CARTA) 접근법

 

 

 

*** 참조사이트

 

1. SKC&C 블로그 "[가트너 2018] 10대 전략 기술 트렌드 살펴보기"

2. ITWorld "가트너, 2018년 10대 전략 기술 트렌드 발표"

 

Posted by manga0713

 

 

 

***출처: [US-CERT: Bulletin(SB18-008)] 2018년 1월 1일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
arm -- cortex-a Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 2018-01-04 4.7 CVE-2017-5715
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
CERT-VN
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CISCO(link is external)
EXPLOIT-DB(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
arm -- cortex-a Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. 2018-01-04 4.7 CVE-2017-5754
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CERT-VN
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CISCO(link is external)
DEBIAN
CONFIRM(link is external)
CONFIRM(link is external)
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess
 
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. 2018-01-05 not yet calculated CVE-2017-16716
MISC
advantech -- webaccess
 
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. 2018-01-05 not yet calculated CVE-2017-16753
MISC
advantech -- webaccess
 
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. 2018-01-05 not yet calculated CVE-2017-16728
MISC
advantech -- webaccess
 
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. 2018-01-05 not yet calculated CVE-2017-16724
MISC
advantech -- webaccess
 
A Path Traversal issue was discovered in WebAccess versions prior to 8.3. An attacker has access to files within the directory structure of the target device. 2018-01-05 not yet calculated CVE-2017-16720
MISC
androidsvg_androidsvg
 
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution 2018-01-03 not yet calculated CVE-2017-1000498
CONFIRM(link is external)
apache -- deltaspike-jsf
 
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1. 2018-01-04 not yet calculated CVE-2017-17837
CONFIRM
CONFIRM
apache -- ofbiz
 
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute. 2018-01-04 not yet calculated CVE-2017-15714
MLIST
awstats -- awstats
 
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. 2018-01-03 not yet calculated CVE-2017-1000501
MISC
CONFIRM(link is external)
CONFIRM(link is external)
b2evolution -- b2evolution
 
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. 2018-01-02 not yet calculated CVE-2017-1000423
CONFIRM(link is external)
CONFIRM(link is external)
ba_systems -- bas_web
 
BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account. 2017-12-29 not yet calculated CVE-2017-17974
MISC(link is external)
MISC(link is external)
bento4 -- bento4
 
The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. 2018-01-05 not yet calculated CVE-2018-5253
MISC(link is external)
bookstack -- bookstack
 
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. 2018-01-03 not yet calculated CVE-2017-1000462
MISC(link is external)
brave_software -- brave_browser
 
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). 2018-01-03 not yet calculated CVE-2017-1000461
MISC(link is external)
bro -- bro
 
Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation. 2018-01-02 not yet calculated CVE-2017-1000458
MISC(link is external)
MISC(link is external)
cisco -- node-jose_open_source_library
 
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header. 2018-01-04 not yet calculated CVE-2018-0114
CONFIRM(link is external)
CONFIRM(link is external)
cisco -- webex_network_recording_player_for_advanced_recording_format
 
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839. 2018-01-04 not yet calculated CVE-2018-0103
BID(link is external)
CONFIRM(link is external)
cisco -- webex_network_recording_player_for_advanced_recording_format
 
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857. 2018-01-04 not yet calculated CVE-2018-0104
BID(link is external)
CONFIRM(link is external)
cms_made_simple -- cms_made_simple
 
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 2018-01-02 not yet calculated CVE-2017-1000454
MISC
cms_made_simple -- cms_made_simple
 
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. 2018-01-02 not yet calculated CVE-2017-1000453
MISC
cobbler -- cobbler
 
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. 2018-01-03 not yet calculated CVE-2017-1000469
CONFIRM(link is external)
commsy -- commsy
 
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. 2018-01-03 not yet calculated CVE-2017-1000496
CONFIRM(link is external)
craft -- craft_cms
 
Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension. 2018-01-01 not yet calculated CVE-2018-3814
MISC(link is external)

creolabs -- gravity


 
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution. 2018-01-02 not yet calculated CVE-2017-1000437
MISC(link is external)
dell -- dell_emc
 
In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application. 2018-01-04 not yet calculated CVE-2017-14383
CONFIRM
dolibarr -- dolibarr_erp/crm
 
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. 2017-12-29 not yet calculated CVE-2017-17971
MISC(link is external)
dozer -- dozer
 
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. 2017-12-29 not yet calculated CVE-2014-9515
CONFIRM(link is external)
MISC(link is external)
MISC
duolingo -- tinycards
 
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. 2018-01-05 not yet calculated CVE-2017-16905
MISC(link is external)
MISC(link is external)
elabftw -- elabftw
 
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. 2018-01-03 not yet calculated CVE-2017-1000478
MISC(link is external)
eleix -- openhacker
 
Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution 2018-01-02 not yet calculated CVE-2017-1000444
CONFIRM(link is external)
CONFIRM(link is external)
eleix -- openhacker
 
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. 2018-01-02 not yet calculated CVE-2017-1000443
CONFIRM(link is external)
CONFIRM(link is external)
embedthis -- goahead
 
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service. 2018-01-03 not yet calculated CVE-2017-1000470
MISC(link is external)
MISC(link is external)
embedthis -- goahead
 
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. 2018-01-03 not yet calculated CVE-2017-1000471
MISC(link is external)
MISC(link is external)
emc -- multiple_products
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. 2018-01-05 not yet calculated CVE-2017-15550
CONFIRM
emc -- multiple_products
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. 2018-01-05 not yet calculated CVE-2017-15549
CONFIRM
emc -- multiple_products
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. 2018-01-05 not yet calculated CVE-2017-15548
CONFIRM
exiv2 -- exiv2
 
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. 2017-12-31 not yet calculated CVE-2017-18005
CONFIRM(link is external)
exiv2 -- exiv2
 
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. 2018-01-03 not yet calculated CVE-2018-4868
MISC(link is external)
extensis – portfolio_netpublish
 
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. 2017-12-31 not yet calculated CVE-2017-18006
MISC
ez_systems -- ez_publish
 
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials. 2018-01-02 not yet calculated CVE-2017-1000431
CONFIRM(link is external)
flir -- brickstream_2300_devices
 
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. 2018-01-01 not yet calculated CVE-2018-3813
MISC(link is external)
fork -- fork_cms
 
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. 2018-01-04 not yet calculated CVE-2018-5215
MISC(link is external)
freedesktop.org -- libpopplerg
 
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. 2018-01-02 not yet calculated CVE-2017-1000456
MISC
fs-git -- fs-git
 
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec. 2018-01-02 not yet calculated CVE-2017-1000451
MISC(link is external)
gifsicle -- gifview
 
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution 2018-01-02 not yet calculated CVE-2017-1000421
CONFIRM(link is external)
github -- electron
 
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control. 2018-01-02 not yet calculated CVE-2017-1000424
CONFIRM(link is external)
CONFIRM(link is external)
gitlab -- gitlab
 
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. 2018-01-05 not yet calculated CVE-2014-8540
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
XF(link is external)
CONFIRM(link is external)
gnome -- gdk-pixbuf
 
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution 2018-01-02 not yet calculated CVE-2017-1000422
CONFIRM
gnu -- gnu_coreutils
 
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. 2018-01-03 not yet calculated CVE-2017-18018
MISC
gps-server.net -- gps-server.net
 
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php. 2018-01-02 not yet calculated CVE-2017-17097
MISC(link is external)
MISC(link is external)
gps-server.net -- gps-server.net
 
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. 2018-01-02 not yet calculated CVE-2017-17098
MISC(link is external)
MISC(link is external)
guixsd -- guixsd
 
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. 2018-01-02 not yet calculated CVE-2017-1000455
MISC
hawt.io -- hawt.io Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." 2017-12-29 not yet calculated CVE-2014-0120
CONFIRM(link is external)
CONFIRM(link is external)
MISC
hawt.io -- hawt.io
 
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. 2017-12-29 not yet calculated CVE-2014-0121
CONFIRM(link is external)
CONFIRM(link is external)
MISC
hoermann -- bisecur_devices
 
On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices. 2017-12-29 not yet calculated CVE-2017-17910
MISC(link is external)
MISC(link is external)
ibm -- mq_managed_file_transfer_agent
 
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391. 2018-01-04 not yet calculated CVE-2017-1699
CONFIRM(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557. 2018-01-04 not yet calculated CVE-2017-1664
CONFIRM(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. 2018-01-04 not yet calculated CVE-2017-1669
CONFIRM(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. 2018-01-04 not yet calculated CVE-2017-1673
CONFIRM(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. 2018-01-04 not yet calculated CVE-2017-1672
CONFIRM(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. 2018-01-04 not yet calculated CVE-2017-1665
CONFIRM(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. 2018-01-04 not yet calculated CVE-2017-1727
CONFIRM(link is external)
MISC(link is external)
ibm -- websphere_mq
 
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. 2018-01-02 not yet calculated CVE-2017-1557
CONFIRM(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service 2018-01-02 not yet calculated CVE-2017-1000445
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. 2018-01-05 not yet calculated CVE-2018-5248
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. 2018-01-05 not yet calculated CVE-2018-5247
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. 2018-01-01 not yet calculated CVE-2017-18008
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. 2018-01-03 not yet calculated CVE-2017-1000476
MISC(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. 2018-01-05 not yet calculated CVE-2017-18022
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. 2018-01-05 not yet calculated CVE-2018-5246
CONFIRM(link is external)
imageworsener -- imageworsener
 
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c. 2018-01-05 not yet calculated CVE-2018-5252
MISC(link is external)
inteno -- iopsys
 
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration. 2018-01-04 not yet calculated CVE-2017-17867
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)

invoice_ninja -- invoice_ninja


 
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. 2018-01-02 not yet calculated CVE-2017-1000466
CONFIRM(link is external)
jboss -- keycloak
 
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation. 2017-12-29 not yet calculated CVE-2014-3651
CONFIRM(link is external)
CONFIRM
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578. 2018-01-04 not yet calculated CVE-2018-5217
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100. 2018-01-03 not yet calculated CVE-2018-5087
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C. 2018-01-03 not yet calculated CVE-2018-5084
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B. 2018-01-03 not yet calculated CVE-2018-5083
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610. 2018-01-04 not yet calculated CVE-2018-5220
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F. 2018-01-03 not yet calculated CVE-2018-5086
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0. 2018-01-03 not yet calculated CVE-2018-5081
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130. 2018-01-03 not yet calculated CVE-2018-5079
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0. 2018-01-04 not yet calculated CVE-2018-5218
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC. 2018-01-03 not yet calculated CVE-2018-5080
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168. 2018-01-04 not yet calculated CVE-2018-5219
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C. 2018-01-03 not yet calculated CVE-2018-5088
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124. 2018-01-03 not yet calculated CVE-2018-5085
MISC(link is external)
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128. 2018-01-03 not yet calculated CVE-2018-5082
MISC(link is external)

k7_computing -- k7_total_security


 
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer. 2018-01-03 not yet calculated CVE-2017-18019
MISC(link is external)
keycloak -- keycloak
 
Keycloak SSO versions prior to 2.x are vulnerable to Host Header Injection on the forgot password page causing the application to send a poisoned URL as the password reset link. 2018-01-03 not yet calculated CVE-2017-1000500
CONFIRM(link is external)
lavalite -- lavalite
 
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. 2018-01-03 not yet calculated CVE-2017-1000467
CONFIRM(link is external)
leafpub -- leafpub
 
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code. 2018-01-02 not yet calculated CVE-2017-1000463
MISC(link is external)
leanote -- leanote
 
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration 2018-01-02 not yet calculated CVE-2017-1000492
CONFIRM(link is external)
CONFIRM(link is external)
leanote -- leanote
 
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes 2018-01-02 not yet calculated CVE-2017-1000459
MISC(link is external)
libav_ffmpeg_chromium -- libav_ffmpeg_chromium
 
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. 2018-01-03 not yet calculated CVE-2017-1000460
MISC
MISC(link is external)
MISC
libming -- libming
 
In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-01-05 not yet calculated CVE-2018-5251
MISC(link is external)
libtiff -- libtiff
 
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. 2018-01-01 not yet calculated CVE-2017-18013
CONFIRM
BID(link is external)
CONFIRM(link is external)
libtiff -- libtiff
 
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. 2017-12-29 not yet calculated CVE-2017-17973
MISC
BID(link is external)
liferay -- portal_ce
 
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. 2018-01-02 not yet calculated CVE-2017-1000425
MISC(link is external)
MISC(link is external)
linaro -- op-tee
 
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. 2018-01-02 not yet calculated CVE-2017-1000412
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
linaro -- op-tee
 
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. 2018-01-02 not yet calculated CVE-2017-1000413
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
linux -- dash
 
Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. 2018-01-03 not yet calculated CVE-2017-1000473
MISC(link is external)
linux -- linux_kernel
 
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. 2018-01-03 not yet calculated CVE-2017-18017
MISC
MISC
BID(link is external)
MISC(link is external)
MISC(link is external)
MISC
MISC
linux -- linux_kernel
 
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. 2017-12-29 not yet calculated CVE-2017-17975
MISC
BID(link is external)
linux -- linux_kernel
 
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. 2017-12-29 not yet calculated CVE-2016-3695
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
magento -- community_edition_and_enterprise_edition Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. 2017-12-30 not yet calculated CVE-2016-10704
CONFIRM(link is external)
manageengine -- desktop_central_and_desktop_central_msp
 
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. 2018-01-04 not yet calculated CVE-2014-7862
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
XF(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
mapproxy -- mapproxy
 
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure. 2018-01-02 not yet calculated CVE-2017-1000426
CONFIRM(link is external)
marked -- marked
 
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. 2018-01-02 not yet calculated CVE-2017-1000427
MISC(link is external)
mautic -- mautic
 
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. 2018-01-03 not yet calculated CVE-2017-1000488
MISC(link is external)
mautic -- mautic
 
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address 2018-01-03 not yet calculated CVE-2017-1000489
CONFIRM(link is external)
mautic -- mautic
 
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. 2018-01-03 not yet calculated CVE-2017-1000490
CONFIRM(link is external)
mediawiki -- mediawiki 
 
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. 2017-12-29 not yet calculated CVE-2015-8008
FEDORA
FEDORA
FEDORA
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
MLIST
CONFIRM
microsoft -- edge

 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0770
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800. 2018-01-04 not yet calculated CVE-2018-0767
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0773
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge

 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0769
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0777
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability". 2018-01-04 not yet calculated CVE-2018-0803
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge

 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0768
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0774
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0776
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780. 2018-01-04 not yet calculated CVE-2018-0800
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0778
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". 2018-01-04 not yet calculated CVE-2018-0766
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778. 2018-01-04 not yet calculated CVE-2018-0781
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800. 2018-01-04 not yet calculated CVE-2018-0780
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0758
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0775
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0762
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. 2018-01-04 not yet calculated CVE-2018-0772
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability". 2018-01-04 not yet calculated CVE-2018-0754
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability". 2018-01-04 not yet calculated CVE-2018-0788
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability". 2018-01-04 not yet calculated CVE-2018-0749
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability". 2018-01-04 not yet calculated CVE-2018-0753
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_10_and_windows_server Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability". 2018-01-04 not yet calculated CVE-2018-0743
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
MISC(link is external)
microsoft -- windows_7_and_windows_server_2008 The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability". 2018-01-04 not yet calculated CVE-2018-0741
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_7_and_windows_server_2008 The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". 2018-01-04 not yet calculated CVE-2018-0750
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_kernel The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751. 2018-01-04 not yet calculated CVE-2018-0752
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_kernel
 
The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747. 2018-01-04 not yet calculated CVE-2018-0745
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_kernel
 
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747. 2018-01-04 not yet calculated CVE-2018-0746
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_kernel
 
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746. 2018-01-04 not yet calculated CVE-2018-0747
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_kernel
 
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752. 2018-01-04 not yet calculated CVE-2018-0751
BID