본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-036)] 2018년 1월 29일까지 발표된 보안 취약점

by manga0713 2018. 2. 6.

 

 

 

*** [US-CERT: Bulletin(SB18-036)] 2018년 1월 29일까지 발표된 보안 취약점

 

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
wondercms -- wondercms In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. 2018-01-26 6.5 CVE-2017-14521
MISC(link is external)
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
7-zip -- 7-zip_and_p7zip Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. 2018-01-31 not yet calculated CVE-2018-5996
MISC(link is external)
7-zip -- 7-zip_and_p7zip Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. 2018-01-30 not yet calculated CVE-2017-17969
MISC(link is external)
apache -- cordova After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip 2018-02-01 not yet calculated CVE-2017-3160
MISC
apache -- poi Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). 2018-01-29 not yet calculated CVE-2017-12626
BID(link is external)
MLIST
apache -- tomcat As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. 2018-01-31 not yet calculated CVE-2017-15706
MLIST
apache -- tomcat_native_connector When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. 2018-01-31 not yet calculated CVE-2017-15698
MLIST
apport -- apport Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. 2018-02-02 not yet calculated CVE-2017-14179
CONFIRM(link is external)
CONFIRM(link is external)
apport -- apport Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. 2018-02-02 not yet calculated CVE-2017-14177
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
UBUNTU(link is external)
apport -- apport Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. 2018-02-02 not yet calculated CVE-2017-14180
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
UBUNTU(link is external)
apsis -- pound Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. 2018-01-29 not yet calculated CVE-2016-10711
CONFIRM(link is external)
arq -- arq The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. 2018-01-31 not yet calculated CVE-2017-16945
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
arq -- arq The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. 2018-01-31 not yet calculated CVE-2017-16928
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
artifex -- mupdf pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. 2018-02-02 not yet calculated CVE-2018-6544
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
asus -- asuswrt Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. 2018-01-31 not yet calculated CVE-2017-15656
MISC(link is external)
FULLDISC
asus -- asuswrt Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. 2018-01-31 not yet calculated CVE-2017-15655
MISC(link is external)
FULLDISC
MISC(link is external)
asus -- asuswrt Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. 2018-01-31 not yet calculated CVE-2017-15654
MISC(link is external)
FULLDISC
asus -- asuswrt Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. 2018-01-31 not yet calculated CVE-2017-15653
MISC(link is external)
FULLDISC
asus -- multiple_routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. 2018-01-29 not yet calculated CVE-2017-14698
CONFIRM(link is external)
MISC(link is external)
asus -- multiple_routers Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. 2018-01-29 not yet calculated CVE-2017-14699
CONFIRM(link is external)
MISC(link is external)
atlassian -- activity_streams Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. 2018-01-29 not yet calculated CVE-2017-9513
BID(link is external)
CONFIRM(link is external)
atlassian -- bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. 2018-02-02 not yet calculated CVE-2017-18042
CONFIRM(link is external)
atlassian -- bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. 2018-02-02 not yet calculated CVE-2017-18080
CONFIRM(link is external)
atlassian -- bamboo The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. 2018-02-02 not yet calculated CVE-2017-18041
CONFIRM(link is external)
atlassian -- bamboo The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. 2018-02-02 not yet calculated CVE-2017-18040
CONFIRM(link is external)
atlassian -- bamboo The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. 2018-02-02 not yet calculated CVE-2017-18081
CONFIRM(link is external)
atlassian -- bamboo The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. 2018-02-02 not yet calculated CVE-2017-18082
CONFIRM(link is external)
atlassian -- bitbucket_server The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. 2018-02-02 not yet calculated CVE-2017-18036
CONFIRM(link is external)
atlassian -- bitbucket_server The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag. 2018-02-02 not yet calculated CVE-2017-18037
CONFIRM(link is external)
atlassian -- bitbucket_server The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. 2018-02-02 not yet calculated CVE-2017-18038
CONFIRM(link is external)
atlassian -- confluence_server The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. 2018-02-02 not yet calculated CVE-2017-18085
CONFIRM(link is external)
atlassian -- confluence_server The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. 2018-02-02 not yet calculated CVE-2017-18083
CONFIRM(link is external)
atlassian -- confluence_server The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. 2018-02-02 not yet calculated CVE-2017-18084
CONFIRM(link is external)
atlassian -- confluence_server
 
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. 2018-02-02 not yet calculated CVE-2017-18086
CONFIRM(link is external)
atlassian -- crowd The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1. 2018-01-31 not yet calculated CVE-2017-16858
CONFIRM(link is external)
atlassian -- fisheye_and_crucible It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability. 2018-01-31 not yet calculated CVE-2017-16861
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
atlassian -- fisheye_and_crucible The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. 2018-02-02 not yet calculated CVE-2017-18035
CONFIRM(link is external)
CONFIRM(link is external)
atlassian -- fisheye_and_crucible The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch. 2018-02-02 not yet calculated CVE-2017-18034
CONFIRM(link is external)
CONFIRM(link is external)
atlassian -- jira The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. 2018-02-02 not yet calculated CVE-2017-18039
CONFIRM(link is external)
bmc -- track-it! BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments. 2018-01-30 not yet calculated CVE-2016-6599
MISC(link is external)
FULLDISC
CONFIRM(link is external)
MISC(link is external)
bmc -- track-it! BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. 2018-01-30 not yet calculated CVE-2016-6598
MISC(link is external)
FULLDISC
CONFIRM(link is external)
MISC(link is external)
brace-expansion -- brace-expansion index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters. 2018-01-27 not yet calculated CVE-2017-18077
MISC
MISC(link is external)
MISC(link is external)
MISC(link is external)
ccn-lite -- ccn-lite A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient. 2018-01-31 not yet calculated CVE-2018-6480
CONFIRM(link is external)
center_for_internet_security -- cis-cat_pro_dashboard In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access. 2018-01-31 not yet calculated CVE-2017-8916
CONFIRM
cisco -- adaptive_security_appliance A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618. 2018-01-29 not yet calculated CVE-2018-0101
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xr A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800. 2018-01-31 not yet calculated CVE-2018-0136
SECTRACK(link is external)
CONFIRM(link is external)
citrix -- netscaler_vpx Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. 2018-02-01 not yet calculated CVE-2018-6186
MISC(link is external)
clamav -- clamav ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device. 2018-01-26 not yet calculated CVE-2017-12378
CONFIRM(link is external)
CONFIRM(link is external)
clamav -- clamav ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code. 2018-01-26 not yet calculated CVE-2017-12376
CONFIRM(link is external)
CONFIRM(link is external)
clamav -- clamav ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition. 2018-01-26 not yet calculated CVE-2017-12380
CONFIRM(link is external)
CONFIRM(link is external)
clamav -- clamav The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device. 2018-01-26 not yet calculated CVE-2017-12375
CONFIRM(link is external)
CONFIRM(link is external)
clamav -- clamav ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device. 2018-01-26 not yet calculated CVE-2017-12379
CONFIRM(link is external)
CONFIRM(link is external)
clamav -- clamav The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition. 2018-01-26 not yet calculated CVE-2017-12374
CONFIRM(link is external)
CONFIRM(link is external)
clamav -- clamav ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device. 2018-01-26 not yet calculated CVE-2017-12377
CONFIRM(link is external)
CONFIRM(link is external)
cloud_foundry_foundation -- cf-release In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user. 2018-02-01 not yet calculated CVE-2018-1192
CONFIRM
conceptronic -- cipcamptiwl_devices An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device. 2018-01-30 not yet calculated CVE-2018-6407
MISC(link is external)
conceptronic -- cipcamptiwl_devices An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. 2018-01-30 not yet calculated CVE-2018-6408
MISC(link is external)
data_components -- tsitebuilder SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. 2018-01-29 not yet calculated CVE-2018-6365
MISC(link is external)
EXPLOIT-DB(link is external)
debian -- debian zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. 2018-01-30 not yet calculated CVE-2011-2902
MLIST(link is external)
CONFIRM
CONFIRM
dodocool -- dc38_3-in-1_n300_mini_wireless_range_devices An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc. 2018-01-29 not yet calculated CVE-2018-5720
EXPLOIT-DB(link is external)
dojo -- dojo_toolkit dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. 2018-02-02 not yet calculated CVE-2018-6561
MISC(link is external)
drupal -- drupal The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks. 2018-02-01 not yet calculated CVE-2014-9503
MLIST(link is external)
XF(link is external)
MISC
CONFIRM
drupal -- drupal Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. 2018-02-01 not yet calculated CVE-2014-9502
MLIST(link is external)
XF(link is external)
MISC
CONFIRM
drupal -- drupal
 
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. 2018-02-01 not yet calculated CVE-2014-9504
MLIST(link is external)
XF(link is external)
MISC
CONFIRM
electrum -- electrum The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022. 2018-01-27 not yet calculated CVE-2018-6353
MISC(link is external)
MISC(link is external)
eventum -- eventum Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. 2018-01-31 not yet calculated CVE-2014-1631
CONFIRM(link is external)
BUGTRAQ(link is external)
CONFIRM(link is external)
MISC(link is external)
eventum -- eventum htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. 2018-01-31 not yet calculated CVE-2014-1632
CONFIRM(link is external)
BUGTRAQ(link is external)
CONFIRM(link is external)
MISC(link is external)
evergreen -- evergreen Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. 2018-02-01 not yet calculated CVE-2015-2204
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
evergreen -- evergreen Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. 2018-02-01 not yet calculated CVE-2015-2203
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
evergreen -- evergreen The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. 2018-02-01 not yet calculated CVE-2013-7435
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST(link is external)
CONFIRM(link is external)
ezcode -- event_manager SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. 2018-02-02 not yet calculated CVE-2018-6576
EXPLOIT-DB(link is external)
ffmpeg -- ffmpeg The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. 2018-01-29 not yet calculated CVE-2018-6392
BID(link is external)
CONFIRM
CONFIRM
flatpak -- flatpak In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. 2018-02-02 not yet calculated CVE-2018-6560
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
flexense -- syncbreeze_enterprise A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. 2018-02-02 not yet calculated CVE-2018-6537
EXPLOIT-DB(link is external)
formspree -- formspree templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. 2018-01-27 not yet calculated CVE-2018-6354
MISC(link is external)
fortinet -- fortios A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. 2018-01-29 not yet calculated CVE-2017-14190
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
freepbx -- freepbx FreePBX 10.13.66-32bit allows post-authentication SQL injection via the order parameter. 2018-01-29 not yet calculated CVE-2018-6393
MISC(link is external)
BID(link is external)
g_data_totalprotection -- g_data_totalprotection The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call. 2018-02-01 not yet calculated CVE-2014-3752
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
MISC(link is external)
gifsicle -- gifsicle A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. 2018-02-02 not yet calculated CVE-2017-18120
MISC
MISC
MISC(link is external)
MISC(link is external)
glibc -- glibc A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. 2018-01-31 not yet calculated CVE-2017-1000409
MLIST
EXPLOIT-DB(link is external)
glibc -- glibc A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. 2018-01-31 not yet calculated CVE-2017-1000408
MLIST
EXPLOIT-DB(link is external)
glibc -- glibc In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. 2018-01-31 not yet calculated CVE-2018-1000001
MLIST
BID(link is external)
SECTRACK(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
gnu -- binutils The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-01-26 not yet calculated CVE-2018-6323
BID(link is external)
CONFIRM
gnu -- binutils In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-02-02 not yet calculated CVE-2018-6543
MISC
gnu -- cpio It was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory. 2018-01-29 not yet calculated CVE-2017-7516
CONFIRM(link is external)
MISC
gnu -- glibc An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. 2018-02-01 not yet calculated CVE-2018-6485
CONFIRM
CONFIRM
gnu -- glibc The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. 2018-02-02 not yet calculated CVE-2018-6551
CONFIRM
CONFIRM
hotspot_shield -- hotspot_shield Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address. 2018-01-31 not yet calculated CVE-2018-6460
MISC(link is external)
huawei -- multple_products Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. 2018-01-30 not yet calculated CVE-2014-4705
SECUNIA(link is external)
CONFIRM(link is external)
iball -- 300m_devices /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. 2018-01-30 not yet calculated CVE-2018-6355
MISC(link is external)
iball -- ib-wra150n_devices iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. 2018-01-29 not yet calculated CVE-2018-6388
MISC(link is external)
iball -- ib-wra150n_devices iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. 2018-01-29 not yet calculated CVE-2018-6387
MISC(link is external)
ibm -- cognos_analytics IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857. 2018-01-29 not yet calculated CVE-2017-1783
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- cognos_analytics IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. 2018-01-29 not yet calculated CVE-2017-1779
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- cognos_analytics IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858. 2018-01-29 not yet calculated CVE-2017-1784
CONFIRM(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- cognos_tm1 IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617. 2018-01-26 not yet calculated CVE-2017-1506
CONFIRM(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- content_navigator IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449. 2018-01-29 not yet calculated CVE-2018-1364
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- datapower_gateways IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. 2018-01-31 not yet calculated CVE-2017-1773
CONFIRM(link is external)
MISC(link is external)
ibm -- doors_web_access IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914. 2018-01-26 not yet calculated CVE-2017-1545
CONFIRM(link is external)
MISC(link is external)
ibm -- doors_web_access IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808. 2018-01-26 not yet calculated CVE-2017-1540
CONFIRM(link is external)
MISC(link is external)
ibm -- doors_web_access IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 131769. 2018-01-26 not yet calculated CVE-2017-1567
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- doors_web_access IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763. 2018-01-26 not yet calculated CVE-2017-1563
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- doors_web_access IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. 2018-01-26 not yet calculated CVE-2017-1532
CONFIRM(link is external)
MISC(link is external)
ibm -- doors_web_access IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. 2018-01-26 not yet calculated CVE-2017-1515
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- doors_web_access IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826. 2018-01-26 not yet calculated CVE-2017-1516
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- jazz_foundation IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268. 2018-01-26 not yet calculated CVE-2017-1653
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- remote_control IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912. 2018-01-31 not yet calculated CVE-2017-1233
CONFIRM(link is external)
MISC(link is external)
ibm -- tealeaf_customer_experience IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. 2018-01-26 not yet calculated CVE-2016-2983
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
ibm -- tealeaf_customer_experience IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740. 2018-01-26 not yet calculated CVE-2017-1204
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
ibm -- tealeaf_customer_experience
 
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757. 2018-01-26 not yet calculated CVE-2017-1279
CONFIRM(link is external)
MISC(link is external)
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. 2018-01-30 not yet calculated CVE-2017-1731
CONFIRM(link is external)
MISC(link is external)
icinga -- icinga An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake. 2018-02-02 not yet calculated CVE-2018-6536
MISC(link is external)
imagemagick -- imagemagick In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. 2018-01-30 not yet calculated CVE-2018-6405
CONFIRM(link is external)
imm2 -- imm2 An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease. 2018-01-26 not yet calculated CVE-2017-3768
CONFIRM(link is external)
intel -- graphics_driver Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access. 2018-02-02 not yet calculated CVE-2017-5727
CONFIRM(link is external)
iolo -- system_shield In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003. 2018-01-31 not yet calculated CVE-2018-5701
MISC(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
ipswitch -- moveit Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks. 2018-02-02 not yet calculated CVE-2018-6545
MISC(link is external)
japan_total_system -- groupsession Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2018-01-26 not yet calculated CVE-2017-2166
JVN(link is external)
jenkins -- jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. 2018-01-29 not yet calculated CVE-2017-1000355
BID(link is external)
CONFIRM(link is external)
jenkins -- jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. 2018-01-29 not yet calculated CVE-2017-1000353
BID(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
jenkins -- jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance. 2018-01-29 not yet calculated CVE-2017-1000354
BID(link is external)
CONFIRM(link is external)
jenkins -- jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. 2018-01-29 not yet calculated CVE-2017-1000356
BID(link is external)
CONFIRM(link is external)
joomla! -- joomla! SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. 2018-01-30 not yet calculated CVE-2018-6395
EXPLOIT-DB(link is external)
joomla! -- joomla! CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. 2018-01-29 not yet calculated CVE-2018-6007
MISC(link is external)
EXPLOIT-DB(link is external)
joomla! -- joomla! SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. 2018-02-02 not yet calculated CVE-2018-6581
EXPLOIT-DB(link is external)
joomla! -- joomla! In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. 2018-01-30 not yet calculated CVE-2018-6379
SECTRACK(link is external)
CONFIRM
joomla! -- joomla! In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox 2018-01-30 not yet calculated CVE-2018-6377
SECTRACK(link is external)
CONFIRM
joomla! -- joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. 2018-01-30 not yet calculated CVE-2018-6376
SECTRACK(link is external)
CONFIRM
joomla! -- joomla! SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. 2018-01-30 not yet calculated CVE-2018-6398
EXPLOIT-DB(link is external)
joomla! -- joomla! In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. 2018-01-30 not yet calculated CVE-2018-6380
SECTRACK(link is external)
CONFIRM
joomla! -- joomla! SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. 2018-02-02 not yet calculated CVE-2018-6578
EXPLOIT-DB(link is external)
joomla! -- joomla! Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. 2018-02-02 not yet calculated CVE-2018-6580
EXPLOIT-DB(link is external)
joomla! -- joomla! Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. 2018-01-29 not yet calculated CVE-2018-6008
MISC(link is external)
EXPLOIT-DB(link is external)
joomla! -- joomla! SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. 2018-02-02 not yet calculated CVE-2018-6579
EXPLOIT-DB(link is external)
joomla! -- joomla! Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. 2018-01-30 not yet calculated CVE-2018-6397
EXPLOIT-DB(link is external)
joomla! -- joomla! SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. 2018-02-02 not yet calculated CVE-2018-6577
EXPLOIT-DB(link is external)
joomla! -- joomla! SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. 2018-02-02 not yet calculated CVE-2018-6575
EXPLOIT-DB(link is external)
kingsoft -- wps_office The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. 2018-01-29 not yet calculated CVE-2018-6390
MISC(link is external)

kkcal -- epg_search_result_viewer

Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-02-01 not yet calculated CVE-2018-0508
CONFIRM(link is external)
JVN(link is external)
kkcal -- epg_search_result_viewer Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. 2018-02-01 not yet calculated CVE-2018-0509
CONFIRM(link is external)
JVN(link is external)
kkcal -- epg_search_result_viewer Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors. 2018-02-01 not yet calculated CVE-2018-0510
CONFIRM(link is external)
JVN(link is external)
libming -- libming The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. 2018-01-27 not yet calculated CVE-2018-6358
CONFIRM(link is external)
libming -- libming The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. 2018-01-27 not yet calculated CVE-2018-6359
BID(link is external)
CONFIRM(link is external)
libwebm -- libwebm A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. 2018-02-02 not yet calculated CVE-2018-6548
MISC
MISC(link is external)
libwebm -- libwebm The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. 2018-01-30 not yet calculated CVE-2018-6406
MISC
MISC(link is external)
linux -- linux_kernel The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. 2018-01-26 not yet calculated CVE-2018-5750
CONFIRM
linux -- linux_kernel The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. 2018-02-01 not yet calculated CVE-2014-3519
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
linux -- linux_kernel drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. 2018-01-29 not yet calculated CVE-2017-18079
CONFIRM
CONFIRM(link is external)
CONFIRM
linux -- linux_kernel The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. 2018-01-31 not yet calculated CVE-2017-16913
BID(link is external)
MISC
MISC
MISC
MISC
MISC(link is external)
MISC(link is external)
MISC(link is external)
linux -- linux_kernel In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. 2018-01-31 not yet calculated CVE-2018-6412
MISC(link is external)
linux -- linux_kernel The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. 2018-01-31 not yet calculated CVE-2017-16914
BID(link is external)
MISC
MISC
MISC
MISC
MISC
MISC(link is external)
MISC(link is external)
MISC(link is external)
linux -- linux_kernel The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. 2018-01-31 not yet calculated CVE-2017-16911
BID(link is external)
MISC
MISC
MISC
MISC(link is external)
MISC(link is external)
MISC(link is external)
linux -- linux_kernel The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. 2018-01-31 not yet calculated CVE-2017-16912
BID(link is external)
MISC
MISC
MISC
MISC
MISC(link is external)
MISC(link is external)
MISC(link is external)
mantisbt -- mantisbt view_all_bug_page.php in MantisBT 2.10.0 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. 2018-02-02 not yet calculated CVE-2018-6526
MISC
mantisbt -- mantisbt MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address, 2018-01-30 not yet calculated CVE-2018-6382
MISC
MISC
micro_focus -- fortify_audit_workbench_and_software_security_center XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection. 2018-02-02 not yet calculated CVE-2018-6486
CONFIRM(link is external)
miekg-dns -- miekg-dns A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections. 2018-01-29 not yet calculated CVE-2017-15133
CONFIRM(link is external)
CONFIRM(link is external)
monstra -- monstra_cms Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. 2018-02-02 not yet calculated CVE-2018-6550
CONFIRM(link is external)
CONFIRM(link is external)
monstra -- monstra_cms Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. 2018-01-29 not yet calculated CVE-2018-6383
MISC(link is external)
mpv -- mpv mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. 2018-01-27 not yet calculated CVE-2018-6360
MISC(link is external)
MISC(link is external)
netis -- wf2419_devices A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. 2018-01-29 not yet calculated CVE-2018-6391
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
netwave -- ip_camera_devices An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. 2018-01-31 not yet calculated CVE-2018-6479
MISC(link is external)
nibbleblog -- nibbleblog Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. 2018-02-01 not yet calculated CVE-2018-6470
MISC(link is external)
nootka -- nootka Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2018-01-26 not yet calculated CVE-2018-0506
JVN(link is external)
nprotect -- nprotect_avs In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458. 2018-02-01 not yet calculated CVE-2018-6525
MISC(link is external)
nprotect -- nprotect_avs In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20. 2018-02-01 not yet calculated CVE-2018-6524
MISC(link is external)
nprotect -- nprotect_avs In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c. 2018-02-01 not yet calculated CVE-2018-6523
MISC(link is external)
nprotect -- nprotect_avs In nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408. 2018-02-01 not yet calculated CVE-2018-6522
MISC(link is external)
nsclient++ -- nsclient++ Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder. 2018-01-31 not yet calculated CVE-2018-6384
CONFIRM
ntt-cert -- flet's_virus_clear_easy_setup_&_application_tool Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-01-26 not yet calculated CVE-2018-0507
JVN(link is external)
omniauth -- omniauth In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. 2018-01-26 not yet calculated CVE-2017-18076
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
opendaylight -- opendaylight OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout. 2018-01-31 not yet calculated CVE-2017-1000411
MLIST
BID(link is external)
packetfence -- packetfence html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. 2018-02-01 not yet calculated CVE-2011-4069
CONFIRM
CONFIRM
packetfence -- packetfence The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. 2018-02-01 not yet calculated CVE-2011-4068
CONFIRM
CONFIRM
perfex_crm -- perfex_crm In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. 2018-01-26 not yet calculated CVE-2017-17976
MISC(link is external)
EXPLOIT-DB(link is external)
phoenix_contact -- mguard An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. 2018-01-30 not yet calculated CVE-2018-5441
MISC
phpscriptsmall.com -- multilanguage_real_estate_mlm_script SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. 2018-01-29 not yet calculated CVE-2018-6364
MISC(link is external)
EXPLOIT-DB(link is external)
pictuscode -- taskrabbit_clone_script SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. 2018-01-29 not yet calculated CVE-2018-6363
MISC(link is external)
EXPLOIT-DB(link is external)
podofo -- podofo In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. 2018-01-27 not yet calculated CVE-2018-6352
MISC(link is external)
ptex -- ptex An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution. 2018-01-29 not yet calculated CVE-2018-3835
MISC(link is external)
pulse_secure -- desktop_linux The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. 2018-01-31 not yet calculated CVE-2018-6374
CONFIRM(link is external)
puppet -- puppet_enterprise Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. 2018-02-01 not yet calculated CVE-2017-2293
CONFIRM(link is external)
puppet -- puppet_enterprise Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens. 2018-02-01 not yet calculated CVE-2017-2297
CONFIRM(link is external)
puppet -- puppet_enterprise In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2. 2018-02-01 not yet calculated CVE-2017-2296
CONFIRM(link is external)
qemu -- qemu Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). 2018-01-31 not yet calculated CVE-2017-18043
MLIST(link is external)
BID(link is external)
CONFIRM
simditor -- simditor Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1. 2018-01-31 not yet calculated CVE-2018-6464
MISC(link is external)
simplesamlphp -- simplesamlphp The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. 2018-02-02 not yet calculated CVE-2017-18121
CONFIRM
simplesamlphp -- simplesamlphp A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP. 2018-02-02 not yet calculated CVE-2017-18122
CONFIRM
simplesamlphp -- simplesamlphp The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. 2018-02-01 not yet calculated CVE-2018-6519
CONFIRM
simplesamlphp -- simplesamlphp The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. 2018-02-01 not yet calculated CVE-2018-6521
CONFIRM
simplesamlphp -- simplesamlphp SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. 2018-02-01 not yet calculated CVE-2018-6520
CONFIRM
snapd -- snapd In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions. 2018-02-02 not yet calculated CVE-2017-14178
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sophos -- puremessage_for_unix Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-01-26 not yet calculated CVE-2016-6217
CONFIRM(link is external)
sugarcrm -- sugarcrm XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. 2018-02-01 not yet calculated CVE-2014-3244
FULLDISC
BID(link is external)
MISC
superantispyware -- superantispyware_professional_trial In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. 2018-01-31 not yet calculated CVE-2018-6473
MISC(link is external)
superantispyware -- superantispyware_professional_trial In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. 2018-01-31 not yet calculated CVE-2018-6472
MISC(link is external)
superantispyware -- superantispyware_professional_trial In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. 2018-01-31 not yet calculated CVE-2018-6476
MISC(link is external)
superantispyware -- superantispyware_professional_trial In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. 2018-01-31 not yet calculated CVE-2018-6474
MISC(link is external)
superantispyware -- superantispyware_professional_trial In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. 2018-01-31 not yet calculated CVE-2018-6475
MISC(link is external)
superantispyware -- superantispyware_professional_trial In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. 2018-01-31 not yet calculated CVE-2018-6471
MISC(link is external)
systemd -- systemd systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. 2018-01-29 not yet calculated CVE-2017-18078
MISC(link is external)
EXPLOIT-DB(link is external)
tracker -- pdf-xchange_viewer_and_viewer_ax_sdk Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. 2018-01-31 not yet calculated CVE-2018-6462
CONFIRM(link is external)
vastal_i-tech -- buddy_zone_facebook_clone SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. 2018-01-29 not yet calculated CVE-2018-6367
MISC(link is external)
EXPLOIT-DB(link is external)
vmware -- airwatch_console VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices. 2018-01-29 not yet calculated CVE-2017-4951
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
vmware -- realize_automation VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. 2018-01-29 not yet calculated CVE-2017-4947
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
wondercms -- wondercms In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. 2018-01-26 not yet calculated CVE-2017-14522
MISC(link is external)
wondercms -- wondercms WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. 2018-01-26 not yet calculated CVE-2017-14523
MISC(link is external)
wordpress -- wordpress admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php. 2018-01-30 not yet calculated CVE-2018-6195
MISC(link is external)
FULLDISC
CONFIRM
MISC(link is external)
wordpress -- wordpress The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. 2018-01-31 not yet calculated CVE-2018-6465
MISC(link is external)
MISC
MISC
MISC(link is external)
wordpress -- wordpress Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-02-01 not yet calculated CVE-2018-0511
JVN(link is external)
CONFIRM
wordpress -- wordpress A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php. 2018-01-30 not yet calculated CVE-2018-6194
MISC(link is external)
FULLDISC
CONFIRM
MISC(link is external)
wordpress -- wordpress An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. 2018-01-26 not yet calculated CVE-2018-6015
MISC(link is external)
CONFIRM
EXPLOIT-DB(link is external)
wordpress -- wordpress The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. 2018-01-27 not yet calculated CVE-2018-6357
MISC(link is external)
MISC
zabbix -- zabbix XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. 2018-02-01 not yet calculated CVE-2014-3005
FEDORA
FEDORA
FULLDISC
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC
zziplib -- zziplib In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. 2018-02-01 not yet calculated CVE-2018-6484
MISC(link is external)
zziplib -- zziplib In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. 2018-01-29 not yet calculated CVE-2018-6381
MISC(link is external)
zziplib -- zziplib In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. 2018-02-02 not yet calculated CVE-2018-6542
MISC(link is external)
zziplib -- zziplib In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. 2018-02-02 not yet calculated CVE-2018-6540
MISC(link is external)
zziplib -- zziplib In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. 2018-02-02 not yet calculated CVE-2018-6541
MISC