*** 출처: [US-CERT: Bulletin(SB18-029)] 2018년 1월 22일까지 발표된 보안 취약점
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 389-ds-base -- 389-ds-base | It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances. | 2018-01-24 | not yet calculated | CVE-2017-15135 BID CONFIRM |
| advantech -- webaccess/scada | A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. | 2018-01-24 | not yet calculated | CVE-2018-5443 BID MISC |
| advantech -- webaccess/scada | A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | 2018-01-24 | not yet calculated | CVE-2018-5445 BID MISC |
| affiligator -- affiliate_webshop_management_system | SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. | 2018-01-24 | not yet calculated | CVE-2018-5977 EXPLOIT-DB |
| apache -- hadoop | The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. | 2018-01-24 | not yet calculated | CVE-2017-15718 MLIST |
| apache -- nifi | A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | 2018-01-23 | not yet calculated | CVE-2017-15697 CONFIRM |
| apache -- nifi | Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | 2018-01-25 | not yet calculated | CVE-2017-15703 CONFIRM |
| apache -- nifi | A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | 2018-01-23 | not yet calculated | CVE-2017-12632 CONFIRM |
| artifex -- mujs | jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file. | 2018-01-24 | not yet calculated | CVE-2018-5759 MISC MISC |
| artifex -- mujs | In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | 2018-01-24 | not yet calculated | CVE-2018-6187 MISC |
| artifex -- mujs | The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. | 2018-01-24 | not yet calculated | CVE-2018-6191 MISC MISC |
| artifex -- mupdf | Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | 2018-01-22 | not yet calculated | CVE-2017-17858 MISC MISC MISC |
| artifex -- mupdf | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | 2018-01-24 | not yet calculated | CVE-2018-6192 MISC |
| asus -- asuswrt | An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999. | 2018-01-22 | not yet calculated | CVE-2018-6000 MISC MISC MISC EXPLOIT-DB |
| asus -- asuswrt | An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails. | 2018-01-22 | not yet calculated | CVE-2018-5999 MISC MISC MISC EXPLOIT-DB |
| atlassian -- sourcetree | Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability | 2018-01-25 | not yet calculated | CVE-2017-14593 CONFIRM CONFIRM |
| atlassian -- sourcetree | Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability. | 2018-01-25 | not yet calculated | CVE-2017-14592 CONFIRM CONFIRM |
| axtls -- axtls | axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050. | 2018-01-22 | not yet calculated | CVE-2017-1000416 MISC MISC |
| bigtree -- bigtree | Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php. | 2018-01-22 | not yet calculated | CVE-2018-6013 MISC |
| biscom -- biscom_secure_file_transfer | Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix. | 2018-01-25 | not yet calculated | CVE-2016-10710 MISC |
| brace-expansion -- brace-expansion | index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters. | 2018-01-27 | not yet calculated | CVE-2017-18077 MISC MISC MISC MISC |
| bylancer -- classified_ads_cms_quickad | SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. | 2018-01-24 | not yet calculated | CVE-2018-5972 EXPLOIT-DB |
| bylancer -- wchat | SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. | 2018-01-24 | not yet calculated | CVE-2018-5979 EXPLOIT-DB |
| bylancer -- zechat | SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. | 2018-01-24 | not yet calculated | CVE-2018-5978 EXPLOIT-DB |
| centos-webpanel.com -- centos_web_panel | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | 2018-01-21 | not yet calculated | CVE-2018-5961 MISC |
| centos-webpanel.com -- centos_web_panel | index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | 2018-01-21 | not yet calculated | CVE-2018-5962 MISC |
| clamav -- clamav | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition. | 2018-01-26 | not yet calculated | CVE-2017-12374 CONFIRM CONFIRM |
| clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code. | 2018-01-26 | not yet calculated | CVE-2017-12376 CONFIRM CONFIRM |
| clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device. | 2018-01-26 | not yet calculated | CVE-2017-12379 CONFIRM CONFIRM |
| clamav -- clamav | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device. | 2018-01-26 | not yet calculated | CVE-2017-12375 CONFIRM CONFIRM |
| clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device. | 2018-01-26 | not yet calculated | CVE-2017-12378 CONFIRM CONFIRM |
| clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition. | 2018-01-26 | not yet calculated | CVE-2017-12380 CONFIRM CONFIRM |
| clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device. | 2018-01-26 | not yet calculated | CVE-2017-12377 CONFIRM CONFIRM |
| cms_made_simple -- cms_made_simple | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | 2018-01-25 | not yet calculated | CVE-2018-5963 MISC FULLDISC MISC |
| cms_made_simple -- cms_made_simple | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | 2018-01-25 | not yet calculated | CVE-2018-5964 MISC FULLDISC MISC |
| cms_made_simple -- cms_made_simple | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | 2018-01-25 | not yet calculated | CVE-2018-5965 MISC FULLDISC MISC |
| cpp-ethereum -- cpp-ethereum | An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12112 BID MISC |
| cpp-ethereum -- cpp-ethereum | An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12116 BID MISC |
| cpp-ethereum -- cpp-ethereum | An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12118 BID MISC |
| cpp-ethereum -- cpp-ethereum | An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-14457 BID MISC |
| cpp-ethereum -- cpp-ethereum |
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12113 BID MISC |
| cpp-ethereum -- cpp-ethereum |
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12114 BID MISC |
| cpp-ethereum -- cpp-ethereum |
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12119 BID MISC |
| cpp-ethereum -- cpp-ethereum |
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. | 2018-01-19 | not yet calculated | CVE-2017-12115 BID MISC |
| cpp-ethereum -- cpp-ethereum |
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12117 BID MISC |
| dasan -- gpon_ont_wifi_router_h640x | Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi). | 2018-01-21 | not yet calculated | CVE-2017-18046 MISC |
| dell_emc -- rsa_authentication_manager | The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. | 2018-01-24 | not yet calculated | CVE-2017-15546 CONFIRM SECTRACK |
| desigo – desigo_automation_controllers_and_operator_unit_pxm20-e | A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication. | 2018-01-24 | not yet calculated | CVE-2018-4834 MISC CONFIRM |
| dnsmasq -- dnsmasq | A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. | 2018-01-23 | not yet calculated | CVE-2017-15107 MLIST BID |
| dovecot -- dovecot | A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. | 2018-01-25 | not yet calculated | CVE-2017-15132 CONFIRM CONFIRM |
| dyw -- flexible_poll | SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. | 2018-01-24 | not yet calculated | CVE-2018-5988 EXPLOIT-DB |
| e.i_hi-tech -- professional_local_directory_script | SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. | 2018-01-25 | not yet calculated | CVE-2018-5973 MISC EXPLOIT-DB |
| easycarscript.com -- easy_car_script_2014 | SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. | 2018-01-24 | not yet calculated | CVE-2018-5986 EXPLOIT-DB |
| electron -- electron | GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16. | 2018-01-24 | not yet calculated | CVE-2018-1000006 BID CONFIRM MISC EXPLOIT-DB |
| electrum -- electrum | The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022. | 2018-01-27 | not yet calculated | CVE-2018-6353 MISC MISC |
| f5 -- big-ip_advanced_firewall_manager | X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. | 2018-01-19 | not yet calculated | CVE-2017-6142 SECTRACK CONFIRM |
| fasterxml -- jackson-databind | FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | 2018-01-21 | not yet calculated | CVE-2018-5968 MISC |
| flets -- virus_clear | Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-01-26 | not yet calculated | CVE-2018-0507 JVN |
| flexense -- multiple_products | A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request. | 2018-01-24 | not yet calculated | CVE-2017-13696 EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB MISC |
| flexsense -- sysguage | The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow. | 2018-01-23 | not yet calculated | CVE-2018-5359 MISC EXPLOIT-DB |
| formspree -- formspree | templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. | 2018-01-27 | not yet calculated | CVE-2018-6354 MISC |
| freesshd -- freesshd | FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges. | 2018-01-24 | not yet calculated | CVE-2017-1000475 MISC |
| gitstack -- gitstack | An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI. | 2018-01-21 | not yet calculated | CVE-2018-5955 MISC |
| gnu -- bitutils | The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-01-26 | not yet calculated | CVE-2018-6323 CONFIRM |
| gnu -- libtasn1 | An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | 2018-01-22 | not yet calculated | CVE-2018-6003 CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- android | Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713. | 2018-01-22 | not yet calculated | CVE-2016-5345 BID CONFIRM CONFIRM |
| groupsession -- groupsession | Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2018-01-26 | not yet calculated | CVE-2017-2166 JVN |
| hp -- designjet_and_latex_printers | HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. | 2018-01-23 | not yet calculated | CVE-2017-2747 HP |
| hp -- jetadvantage_security_manager | Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service. | 2018-01-23 | not yet calculated | CVE-2017-2746 HP |
| hp -- jetadvantage_security_manager | Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser. | 2018-01-23 | not yet calculated | CVE-2017-2745 HP |
| hp -- multiple_printers | Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions. | 2018-01-23 | not yet calculated | CVE-2017-2750 BID HP |
| hp -- multiple_printers | HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack. | 2018-01-23 | not yet calculated | CVE-2017-2743 HP |
| hp -- pagewide_and_officejet_pro_printers | A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code. | 2018-01-23 | not yet calculated | CVE-2017-2741 HP EXPLOIT-DB |
| hp -- support_assistant | The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1. | 2018-01-23 | not yet calculated | CVE-2017-2744 HP |
| hp -- thinpro_operating_system | A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device. | 2018-01-23 | not yet calculated | CVE-2017-2740 HP |
| hp -- web_jetadmin | A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service. | 2018-01-23 | not yet calculated | CVE-2017-2742 SECTRACK HP |
| ibm -- business_process_manager | IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783. | 2018-01-24 | not yet calculated | CVE-2017-1769 CONFIRM BID MISC |
| ibm -- cognos_tm1 | IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617. | 2018-01-26 | not yet calculated | CVE-2017-1506 CONFIRM MISC |
| ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914. | 2018-01-26 | not yet calculated | CVE-2017-1545 CONFIRM MISC |
| ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763. | 2018-01-26 | not yet calculated | CVE-2017-1563 CONFIRM MISC |
| ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808. | 2018-01-26 | not yet calculated | CVE-2017-1540 CONFIRM MISC |
| ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. | 2018-01-26 | not yet calculated | CVE-2017-1515 CONFIRM MISC |
| ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826. | 2018-01-26 | not yet calculated | CVE-2017-1516 CONFIRM MISC |
| ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 131769. | 2018-01-26 | not yet calculated | CVE-2017-1567 CONFIRM MISC |
| ibm -- doors_web_access | IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. | 2018-01-26 | not yet calculated | CVE-2017-1532 CONFIRM MISC |
| ibm -- integration_bus | IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164. | 2018-01-19 | not yet calculated | CVE-2017-1693 CONFIRM BID MISC |
|
ibm -- jazz_foundation |
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268. | 2018-01-26 | not yet calculated | CVE-2017-1653 CONFIRM MISC |
| ibm -- tealeaf_customer_experience | IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740. | 2018-01-26 | not yet calculated | CVE-2017-1204 CONFIRM CONFIRM MISC |
| ibm -- tealeaf_customer_experience | IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. | 2018-01-26 | not yet calculated | CVE-2016-2983 CONFIRM CONFIRM MISC |
| ibm -- tealeaf_customer_experience | IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757. | 2018-01-26 | not yet calculated | CVE-2017-1279 CONFIRM MISC |
| impulseadventure -- jpegsnoop | ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service. | 2018-01-25 | not yet calculated | CVE-2017-1000414 CONFIRM CONFIRM |
| ipswitch -- whatsup_gold | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors. | 2018-01-24 | not yet calculated | CVE-2018-5777 CONFIRM |
| ipswitch -- whatsup_gold | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors. | 2018-01-24 | not yet calculated | CVE-2018-5778 CONFIRM |
| jbmc -- directadmin | JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request. | 2018-01-21 | not yet calculated | CVE-2017-18045 CONFIRM |
| jboss -- jboss_enterprise_application_platform | It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | 2018-01-24 | not yet calculated | CVE-2018-1048 CONFIRM |
| jenkins -- jenkins | Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations. | 2018-01-25 | not yet calculated | CVE-2017-1000387 BID CONFIRM |
| jenkins -- jenkins | The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. | 2018-01-25 | not yet calculated | CVE-2017-1000404 BID CONFIRM |
| jenkins -- jenkins | The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to. | 2018-01-25 | not yet calculated | CVE-2017-1000400 CONFIRM |
| jenkins -- jenkins | The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API endpoint is now only available for tasks that the current user has access to. | 2018-01-25 | not yet calculated | CVE-2017-1000399 CONFIRM |
| jenkins -- jenkins | Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins. | 2018-01-25 | not yet calculated | CVE-2017-1000394 CONFIRM |
| jenkins -- jenkins | Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | 2018-01-25 | not yet calculated | CVE-2017-1000388 CONFIRM |
| jenkins -- jenkins | The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks. | 2018-01-25 | not yet calculated | CVE-2017-1000398 CONFIRM |
| jenkins -- jenkins | In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval. | 2018-01-25 | not yet calculated | CVE-2017-1000505 CONFIRM |
| jenkins -- jenkins | Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins. | 2018-01-25 | not yet calculated | CVE-2017-1000396 CONFIRM |
| jenkins -- jenkins | The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged. | 2018-01-25 | not yet calculated | CVE-2017-1000401 CONFIRM |
| jenkins -- jenkins | Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts. | 2018-01-25 | not yet calculated | CVE-2017-1000403 CONFIRM |
| jenkins -- jenkins | Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. | 2018-01-25 | not yet calculated | CVE-2017-1000392 CONFIRM |
| jenkins -- jenkins | Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator. | 2018-01-25 | not yet calculated | CVE-2017-1000395 CONFIRM |
| jenkins -- jenkins | Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability. | 2018-01-25 | not yet calculated | CVE-2017-1000389 CONFIRM |
| jenkins -- jenkins | Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output. | 2018-01-25 | not yet calculated | CVE-2017-1000386 BID CONFIRM |
| jenkins -- jenkins | Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient. | 2018-01-25 | not yet calculated | CVE-2017-1000397 CONFIRM |
| jenkins -- jenkins | Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 2018-01-23 | not yet calculated | CVE-2018-1000009 CONFIRM |
| jenkins -- jenkins | A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective. | 2018-01-24 | not yet calculated | CVE-2017-1000504 CONFIRM |
| jenkins -- jenkins | Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 2018-01-23 | not yet calculated | CVE-2018-1000008 CONFIRM |
| jenkins -- jenkins | Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. | 2018-01-25 | not yet calculated | CVE-2017-1000390 CONFIRM |
| jenkins -- jenkins | Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. | 2018-01-23 | not yet calculated | CVE-2018-1000013 CONFIRM |
| jenkins -- jenkins | On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier. | 2018-01-23 | not yet calculated | CVE-2018-1000015 CONFIRM |
| jenkins -- jenkins | Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators. | 2018-01-24 | not yet calculated | CVE-2017-1000502 CONFIRM |
| jenkins -- jenkins | Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 2018-01-23 | not yet calculated | CVE-2018-1000010 CONFIRM |
| jenkins -- jenkins | A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default. | 2018-01-24 | not yet calculated | CVE-2017-1000503 CONFIRM |
| jenkins -- jenkins | Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files. | 2018-01-25 | not yet calculated | CVE-2017-1000391 CONFIRM |
| jenkins -- jenkins | Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 2018-01-23 | not yet calculated | CVE-2018-1000011 CONFIRM |
| jenkins -- jenkins | Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators. | 2018-01-25 | not yet calculated | CVE-2017-1000393 CONFIRM |
| jenkins -- jenkins | Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. | 2018-01-25 | not yet calculated | CVE-2017-1000402 CONFIRM |
| jenkins -- jenkins | Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator. | 2018-01-23 | not yet calculated | CVE-2018-1000014 BID CONFIRM |
| jenkins -- jenkins | Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 2018-01-23 | not yet calculated | CVE-2018-1000012 CONFIRM |
| joomla! -- joomla! | SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI. | 2018-01-24 | not yet calculated | CVE-2018-5984 EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request. | 2018-01-24 | not yet calculated | CVE-2018-5985 EXPLOIT-DB |
| kingsoft -- wps_office | The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. | 2018-01-25 | not yet calculated | CVE-2018-6217 MISC |
| knot_resolver -- knot_resolver | Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | 2018-01-22 | not yet calculated | CVE-2018-1000002 CONFIRM |
| labf -- nfsaxe | Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply. | 2018-01-21 | not yet calculated | CVE-2017-18047 EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB |
| lenovo -- fingerprint_manager_pro | Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. | 2018-01-25 | not yet calculated | CVE-2017-3762 CONFIRM |
| lenovo -- integrated_management_module_2 | An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease. | 2018-01-26 | not yet calculated | CVE-2017-3768 CONFIRM |
| libcurl -- libcurl | libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. | 2018-01-24 | not yet calculated | CVE-2018-1000005 SECTRACK CONFIRM CONFIRM DEBIAN |
| libcurl -- libcurl | libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. | 2018-01-24 | not yet calculated | CVE-2018-1000007 SECTRACK CONFIRM DEBIAN |
| libming -- libming | The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. | 2018-01-27 | not yet calculated | CVE-2018-6358 CONFIRM |
| libming -- libming | The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | 2018-01-27 | not yet calculated | CVE-2018-6359 CONFIRM |
| libming -- libming | The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | 2018-01-25 | not yet calculated | CVE-2018-6315 CONFIRM |
| libvirt -- libvirt | qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | 2018-01-25 | not yet calculated | CVE-2018-5748 MLIST |
| linux -- linux_kernel | On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | 2018-01-23 | not yet calculated | CVE-2015-1142857 MLIST CONFIRM MISC |
| linux -- linux_kernel | The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | 2018-01-26 | not yet calculated | CVE-2018-5750 CONFIRM |
| linux – linux_kernel | crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. | 2018-01-24 | not yet calculated | CVE-2017-18075 CONFIRM BID CONFIRM CONFIRM |
| mailman -- mailman | Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-01-23 | not yet calculated | CVE-2018-5950 MLIST |
| mariadb_and_percona -- mariadb_ and_percona_xtradb_cluster | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. | 2018-01-25 | not yet calculated | CVE-2017-15365 CONFIRM CONFIRM FEDORA CONFIRM CONFIRM CONFIRM CONFIRM |
| matrixssl -- matrixssl | MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. | 2018-01-22 | not yet calculated | CVE-2017-1000417 MISC MISC MISC |
| maxsecure -- maxsecure_antivirus | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220011. | 2018-01-24 | not yet calculated | CVE-2018-6206 MISC |
| maxsecure -- maxsecure_antivirus | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22000d. | 2018-01-24 | not yet calculated | CVE-2018-6208 MISC |
| maxsecure -- maxsecure_antivirus | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019. | 2018-01-24 | not yet calculated | CVE-2018-6207 MISC |
| maxsecure -- maxsecure_antivirus | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220009. | 2018-01-24 | not yet calculated | CVE-2018-6205 MISC |
| maxsecure -- maxsecure_antivirus | In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019. | 2018-01-24 | not yet calculated | CVE-2018-6204 MISC |
| maxsecure -- maxsecure_antivirus | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019. | 2018-01-24 | not yet calculated | CVE-2018-6209 MISC |
| microsoft -- office | Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | 2018-01-22 | not yet calculated | CVE-2018-0845 BID CONFIRM |
| microsoft -- office | Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | 2018-01-22 | not yet calculated | CVE-2018-0848 BID CONFIRM |
| microsoft -- office | Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | 2018-01-22 | not yet calculated | CVE-2018-0862 BID CONFIRM |
| microsoft -- office | Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | 2018-01-22 | not yet calculated | CVE-2018-0849 BID CONFIRM |
| microworld_technologies -- escan_antivirus | In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4. | 2018-01-24 | not yet calculated | CVE-2018-6201 MISC |
| microworld_technologies -- escan_antivirus | In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C. | 2018-01-24 | not yet calculated | CVE-2018-6203 MISC |
| microworld_technologies -- escan_antivirus | In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8. | 2018-01-24 | not yet calculated | CVE-2018-6202 MISC |
| mojang -- minecraft_servers_list_lite_and_premium_minecraft_servers_list | install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter. | 2018-01-23 | not yet calculated | CVE-2018-5749 MISC |
| monstra -- monstra_cms | Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not. | 2018-01-23 | not yet calculated | CVE-2017-18048 MISC MISC MISC EXPLOIT-DB |
| moodle -- moodle | In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. | 2018-01-22 | not yet calculated | CVE-2018-1043 BID CONFIRM |
| moodle -- moodle | In Moodle 3.x, there is XSS via a calendar event name. | 2018-01-22 | not yet calculated | CVE-2018-1045 BID CONFIRM |
| moodle -- moodle | In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | 2018-01-22 | not yet calculated | CVE-2018-1044 BID CONFIRM |
| moodle -- moodle | Moodle 3.x has Server Side Request Forgery in the filepicker. | 2018-01-22 | not yet calculated | CVE-2018-1042 BID CONFIRM |
| mpv -- mpv | mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. | 2018-01-27 | not yet calculated | CVE-2018-6360 MISC MISC |
| nari -- pcs-9611 | An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system. | 2018-01-25 | not yet calculated | CVE-2018-5447 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099. | 2018-01-22 | not yet calculated | CVE-2017-16590 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5100. | 2018-01-22 | not yet calculated | CVE-2017-16591 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103. | 2018-01-22 | not yet calculated | CVE-2017-16592 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751. | 2018-01-22 | not yet calculated | CVE-2017-16610 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080. | 2018-01-22 | not yet calculated | CVE-2017-17407 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749. | 2018-01-22 | not yet calculated | CVE-2017-16608 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753. | 2018-01-22 | not yet calculated | CVE-2017-17406 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197. | 2018-01-22 | not yet calculated | CVE-2017-16606 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196. | 2018-01-22 | not yet calculated | CVE-2017-16605 BID MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194. | 2018-01-22 | not yet calculated | CVE-2017-16603 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750. | 2018-01-22 | not yet calculated | CVE-2017-16609 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118. | 2018-01-22 | not yet calculated | CVE-2017-16595 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104. | 2018-01-22 | not yet calculated | CVE-2017-16593 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193. | 2018-01-22 | not yet calculated | CVE-2017-16602 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191. | 2018-01-22 | not yet calculated | CVE-2017-16600 BID MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5119. | 2018-01-22 | not yet calculated | CVE-2017-16596 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718. | 2018-01-22 | not yet calculated | CVE-2017-16607 BID MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the ip parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5138. | 2018-01-22 | not yet calculated | CVE-2017-16598 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117. | 2018-01-22 | not yet calculated | CVE-2017-16594 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192. | 2018-01-22 | not yet calculated | CVE-2017-16601 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5137. | 2018-01-22 | not yet calculated | CVE-2017-16597 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195. | 2018-01-22 | not yet calculated | CVE-2017-16604 MISC |
| netgain_systems -- enterprise_manager | This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190. | 2018-01-22 | not yet calculated | CVE-2017-16599 MISC |
| netiq -- access_manager_and_administrative_console | A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. | 2018-01-25 | not yet calculated | CVE-2018-1342 CONFIRM |
| netis -- wf2419_devices | Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. | 2018-01-25 | not yet calculated | CVE-2018-5967 MISC |
| netis -- wf2419_devices | Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. | 2018-01-24 | not yet calculated | CVE-2018-6190 MISC |
| nonecms -- nonecms | The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring. | 2018-01-23 | not yet calculated | CVE-2018-6029 MISC |
| nonecms -- nonecms | Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter. | 2018-01-23 | not yet calculated | CVE-2018-6022 MISC |
| omniauth -- omniauth | In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. | 2018-01-26 | not yet calculated | CVE-2017-18076 CONFIRM CONFIRM CONFIRM |
| openssh -- openssh | sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | 2018-01-21 | not yet calculated | CVE-2016-10708 MISC BID MISC MISC |
| ovirt -- ovirt-hosted-engine-setup | An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | 2018-01-24 | not yet calculated | CVE-2018-1000018 CONFIRM CONFIRM |
| perfex_crm -- perfex_crm | In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | 2018-01-26 | not yet calculated | CVE-2017-17976 MISC EXPLOIT-DB |
| pfsense -- pfsense | pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | 2018-01-21 | not yet calculated | CVE-2016-10709 EXPLOIT-DB MISC MISC MISC |
| photography_cms -- photography_cms | Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | 2018-01-24 | not yet calculated | CVE-2018-5969 EXPLOIT-DB |
| phpfreechat -- phpfreechat | phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. | 2018-01-25 | not yet calculated | CVE-2018-5954 MISC EXPLOIT-DB |
| podofo -- podofo | In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. | 2018-01-27 | not yet calculated | CVE-2018-6352 MISC |
| powerdns -- powerdns | Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | 2018-01-22 | not yet calculated | CVE-2018-1000003 CONFIRM |
| powerdns -- powerdns_authoritative |
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. | 2018-01-23 | not yet calculated | CVE-2017-15091 BID CONFIRM |
| powerdns -- powerdns_recursor | When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration. | 2018-01-23 | not yet calculated | CVE-2017-15093 BID CONFIRM |
| powerdns -- powerdns_recursor | A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content. | 2018-01-23 | not yet calculated | CVE-2017-15092 BID CONFIRM |
| powerdns -- powerdns_recursor | An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default). | 2018-01-23 | not yet calculated | CVE-2017-15094 BID CONFIRM |
| powerdns -- powerdns_recursor | An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records. | 2018-01-23 | not yet calculated | CVE-2017-15090 BID CONFIRM |
| putra -- rsvp_invitation_online | Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | 2018-01-24 | not yet calculated | CVE-2018-5976 EXPLOIT-DB |
| qemu -- qemu | The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | 2018-01-23 | not yet calculated | CVE-2018-5683 MLIST BID MLIST |
| qemu -- qemu | The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. | 2018-01-23 | not yet calculated | CVE-2017-18030 MLIST BID CONFIRM |
| ravpower -- filehub | RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | 2018-01-24 | not yet calculated | CVE-2018-5319 EXPLOIT-DB |
| ravpower -- filehub |
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. | 2018-01-25 | not yet calculated | CVE-2018-5997 EXPLOIT-DB |
| reservo -- image_hosting | Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed. | 2018-01-24 | not yet calculated | CVE-2018-5705 MISC EXPLOIT-DB |
| resteasy -- resteasy | It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. | 2018-01-25 | not yet calculated | CVE-2018-1051 CONFIRM |
| rise -- ultimate_project_manager | SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | 2018-01-23 | not yet calculated | CVE-2017-17999 MISC EXPLOIT-DB |
| routers2 -- routers2 | A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl. | 2018-01-24 | not yet calculated | CVE-2018-6193 MISC |
| rubrik – cdm | A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter. | 2018-01-22 | not yet calculated | CVE-2018-5761 CONFIRM CONFIRM |
| rubygems -- rails_gem | An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12097 BID MISC |
| rubygems -- rails_gem | An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12098 BID MISC |
| seelook -- nootka | Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2018-01-26 | not yet calculated | CVE-2018-0506 JVN |
| siemens -- telecontrol_server_basic | A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition. | 2018-01-25 | not yet calculated | CVE-2018-4837 BID CONFIRM |
| siemens -- telecontrol_server_basic | A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. | 2018-01-25 | not yet calculated | CVE-2018-4835 CONFIRM |
| siemens -- telecontrol_server_basic | A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations. | 2018-01-25 | not yet calculated | CVE-2018-4836 CONFIRM |
| silverstripe -- silverstripe | In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page. | 2018-01-23 | not yet calculated | CVE-2017-18049 EXPLOIT-DB MISC |
| sophos -- puremessage_for_unix | Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-01-26 | not yet calculated | CVE-2016-6217 CONFIRM |
| soyket_chowdhury -- vehicle_sales_management_system | Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing. | 2018-01-24 | not yet calculated | CVE-2017-1000474 MISC |
| subsonic -- subsonic | Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data. | 2018-01-22 | not yet calculated | CVE-2018-6014 MISC MISC |
| sugarcrm -- sugarcrm_community_edition | Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php. | 2018-01-25 | not yet calculated | CVE-2018-6308 MISC |
| symantec -- reporter | Symantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. | 2018-01-23 | not yet calculated | CVE-2017-15531 BID CONFIRM |
| tinder -- tinder | Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic. | 2018-01-24 | not yet calculated | CVE-2018-6018 MISC MISC |
| tinder -- tinder | Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic. | 2018-01-24 | not yet calculated | CVE-2018-6017 MISC MISC |
| tinysvcmds -- tinysvcmds | An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability. | 2018-01-19 | not yet calculated | CVE-2017-12130 BID MISC |
| trend_micro -- mobile_security | An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | 2018-01-19 | not yet calculated | CVE-2017-14082 BID MISC CONFIRM |
| trend_micro -- smart_protection_server | A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. | 2018-01-19 | not yet calculated | CVE-2017-11398 BID CONFIRM MISC EXPLOIT-DB |
| trend_micro -- smart_protection_server | A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | 2018-01-19 | not yet calculated | CVE-2017-14094 BID CONFIRM MISC EXPLOIT-DB |
| trend_micro -- smart_protection_server | A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | 2018-01-19 | not yet calculated | CVE-2017-14096 BID CONFIRM MISC EXPLOIT-DB |
| trend_micro -- smart_protection_server | A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | 2018-01-19 | not yet calculated | CVE-2017-14095 BID CONFIRM MISC EXPLOIT-DB |
| trend_micro -- smart_protection_server |
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system. | 2018-01-19 | not yet calculated | CVE-2017-14097 BID CONFIRM MISC EXPLOIT-DB |
| unbound -- unbound | A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. | 2018-01-23 | not yet calculated | CVE-2017-15105 BID CONFIRM |
| vbulletin -- vbulletin | vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. | 2018-01-24 | not yet calculated | CVE-2018-6200 MISC |
| w3m_project -- w3m | w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | 2018-01-24 | not yet calculated | CVE-2018-6198 CONFIRM CONFIRM CONFIRM |
| w3m_project -- w3m | w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | 2018-01-24 | not yet calculated | CVE-2018-6196 CONFIRM CONFIRM |
| w3m_project -- w3m | w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | 2018-01-24 | not yet calculated | CVE-2018-6197 CONFIRM CONFIRM |
| wbce_cms -- wbce_cms | Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. | 2018-01-25 | not yet calculated | CVE-2018-6313 MISC |
| wildfly -- wildfly | A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. | 2018-01-24 | not yet calculated | CVE-2018-1047 CONFIRM CONFIRM |
| wondercms -- wondercms | WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. | 2018-01-26 | not yet calculated | CVE-2017-14523 MISC |
| wondercms -- wondercms | In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | 2018-01-26 | not yet calculated | CVE-2017-14521 MISC |
| wondercms -- wondercms | In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. | 2018-01-26 | not yet calculated | CVE-2017-14522 MISC |
| wordpress -- wordpress | The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). | 2018-01-22 | not yet calculated | CVE-2018-6002 MISC |
| wordpress -- wordpress | An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. | 2018-01-26 | not yet calculated | CVE-2018-6015 MISC |
| wordpress -- wordpress | The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | 2018-01-22 | not yet calculated | CVE-2018-6001 MISC |
| wordpress -- wordpress | The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | 2018-01-27 | not yet calculated | CVE-2018-6357 MISC MISC |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12184 CONFIRM CONFIRM DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12186 CONFIRM CONFIRM DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12183 CONFIRM CONFIRM GENTOO DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12178 CONFIRM CONFIRM GENTOO DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12182 CONFIRM CONFIRM GENTOO DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12187 CONFIRM CONFIRM DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12179 CONFIRM CONFIRM GENTOO DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12185 CONFIRM CONFIRM DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12176 CONFIRM CONFIRM GENTOO DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12180 CONFIRM CONFIRM GENTOO DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12177 CONFIRM CONFIRM GENTOO DEBIAN |
| x.org -- x11_server | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 2018-01-24 | not yet calculated | CVE-2017-12181 CONFIRM CONFIRM GENTOO DEBIAN |
| yii_framework -- yii_framework | In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php. | 2018-01-22 | not yet calculated | CVE-2018-6010 CONFIRM |
| yii_framework -- yii_framework | In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | 2018-01-22 | not yet calculated | CVE-2018-6009 CONFIRM |
| zeit_next.js -- zeit_next.js | ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. | 2018-01-24 | not yet calculated | CVE-2018-6184 CONFIRM |
| zenario -- zenario | Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | 2018-01-21 | not yet calculated | CVE-2018-5960 MISC |
| zillya! -- zillya!_antivirus | In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424. | 2018-01-21 | not yet calculated | CVE-2018-5958 MISC |
| zillya! -- zillya!_antivirus | In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C. | 2018-01-21 | not yet calculated | CVE-2018-5957 MISC |
| zillya! -- zillya!_antivirus | In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414. | 2018-01-21 | not yet calculated | CVE-2018-5956 MISC |
'IT 와 Social 이야기' 카테고리의 다른 글
| [KIF한국금융연구원] 사이버복원력 평가지침서 - Cyber Resilience Assessment Methoodology (0) | 2018.01.30 |
|---|---|
| [KISA 한국인터넷진흥원] 2018 개인정보보호 7대 이슈 전망 (0) | 2018.01.30 |
| [NIA] 플랫폼으로 진화하는 컴패니언 로봇 활용 전략 - 윤훈주 대표, 정지선 수석 (0) | 2018.01.26 |
| [NIA] 4차 산업혁명과 빅데이터 전략 - 10대 빅데이터 시범사업 소개 - 우상근, 이준영 (0) | 2018.01.26 |
| [KIET 산업연구원] 인공지능의 현재와 미래 - AI Summit 2017 내용 중심 - 박유미 연구원 (0) | 2018.01.26 |
