본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-043)] 2018년 2월 5일까지 발표된 보안 취약점

by manga0713 2018. 2. 13.

 

 

 

 

***출처: [US-CERT: Bulletin(SB18-043)] 2018년 2월 5일까지 발표된 보안 취약점

 

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abrt -- abrt
 
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. 2018-02-09 not yet calculated CVE-2015-1862
MISC(link is external)
MISC(link is external)
MISC(link is external)
FULLDISC
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
EXPLOIT-DB(link is external)
adobe -- flash_player
 
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to quality of service functionality. A successful attack can lead to arbitrary code execution. 2018-02-06 not yet calculated CVE-2018-4877
BID(link is external)
REDHAT(link is external)
MISC(link is external)
adobe -- flash_player
 
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to the handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. 2018-02-06 not yet calculated CVE-2018-4878
MISC(link is external)
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
anymail -- anymail
 
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events. 2018-02-03 not yet calculated CVE-2018-6596
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
apache -- allura
 
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable. 2018-02-06 not yet calculated CVE-2018-1299
CONFIRM
MLIST
apache -- cloudstack
 
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. 2018-02-06 not yet calculated CVE-2013-4317
MLIST
apache -- cloudstack
 
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources. 2018-02-06 not yet calculated CVE-2016-6813
MLIST
BID(link is external)
MLIST
apache -- juddi
 
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5. 2018-02-09 not yet calculated CVE-2018-1307
CONFIRM
CONFIRM
apache -- mod-gnutls
 
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. 2018-02-03 not yet calculated CVE-2009-5144
CONFIRM(link is external)
MLIST(link is external)
CONFIRM
CONFIRM(link is external)
apache -- qpid_broker
 
A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable. 2018-02-09 not yet calculated CVE-2018-1298
MLIST
apport -- apport
 
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. 2018-02-02 not yet calculated CVE-2017-14177
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
UBUNTU(link is external)
apport -- apport
 
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. 2018-02-02 not yet calculated CVE-2017-14180
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
UBUNTU(link is external)
apport -- apport
 
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. 2018-02-02 not yet calculated CVE-2017-14179
CONFIRM(link is external)
CONFIRM(link is external)
armmbed -- mbedtls
 
ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity. 2018-02-09 not yet calculated CVE-2018-1000061
CONFIRM(link is external)
artifex -- mupdf
 
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. 2018-02-02 not yet calculated CVE-2018-6544
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
artifex -- mupdf
 
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. 2018-02-09 not yet calculated CVE-2018-1000051
CONFIRM(link is external)
CONFIRM(link is external)
atlassian -- bamboo
 
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. 2018-02-02 not yet calculated CVE-2017-18040
CONFIRM(link is external)
atlassian -- bamboo
 
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. 2018-02-02 not yet calculated CVE-2017-18042
CONFIRM(link is external)
atlassian -- bamboo
 
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. 2018-02-02 not yet calculated CVE-2017-18082
CONFIRM(link is external)
atlassian -- bamboo
 
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. 2018-02-02 not yet calculated CVE-2017-18080
CONFIRM(link is external)
atlassian -- bamboo
 
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. 2018-02-02 not yet calculated CVE-2017-18081
CONFIRM(link is external)
atlassian -- bamboo
 
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. 2018-02-02 not yet calculated CVE-2017-18041
CONFIRM(link is external)
atlassian -- bitbucket_server
 
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag. 2018-02-02 not yet calculated CVE-2017-18037
CONFIRM(link is external)
atlassian -- bitbucket_server
 
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. 2018-02-02 not yet calculated CVE-2017-18036
BID(link is external)
CONFIRM(link is external)
atlassian -- bitbucket_server
 
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. 2018-02-02 not yet calculated CVE-2017-18038
CONFIRM(link is external)
atlassian -- confluence_server The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. 2018-02-02 not yet calculated CVE-2017-18085
CONFIRM(link is external)
atlassian -- confluence_server
 
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. 2018-02-02 not yet calculated CVE-2017-18083
CONFIRM(link is external)
atlassian -- confluence_server
 
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. 2018-02-02 not yet calculated CVE-2017-18086
CONFIRM(link is external)
atlassian -- confluence_server
 
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. 2018-02-02 not yet calculated CVE-2017-18084
CONFIRM(link is external)
atlassian -- fisheye_and_crucible
 
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. 2018-02-02 not yet calculated CVE-2017-18035
CONFIRM(link is external)
CONFIRM(link is external)
atlassian -- fisheye_and_crucible
 
The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch. 2018-02-02 not yet calculated CVE-2017-18034
CONFIRM(link is external)
CONFIRM(link is external)
atlassian -- jira
 
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. 2018-02-02 not yet calculated CVE-2017-18039
CONFIRM(link is external)
audacity -- audacity
 
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure. 2018-02-07 not yet calculated CVE-2016-2540
CONFIRM
MISC(link is external)
audacity -- audacity
 
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file. 2018-02-07 not yet calculated CVE-2016-2541
CONFIRM
MISC(link is external)
avaya -- aura
 
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. 2018-02-05 not yet calculated CVE-2018-6635
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
bitpay -- insight-api
 
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request. 2018-02-09 not yet calculated CVE-2018-1000023
CONFIRM(link is external)
boot2docker -- boot2docker Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. 2018-02-06 not yet calculated CVE-2014-5282
CONFIRM(link is external)
CONFIRM(link is external)
boot2docker -- boot2docker
 
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication. 2018-02-06 not yet calculated CVE-2014-5280
CONFIRM(link is external)
boot2docker -- boot2docker
 
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers. 2018-02-06 not yet calculated CVE-2014-5279
CONFIRM(link is external)
borg -- borg_servers
 
Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3. 2018-02-08 not yet calculated CVE-2017-15914
CONFIRM(link is external)
brocade -- fabric_os
 
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. 2018-02-08 not yet calculated CVE-2017-6225
CONFIRM(link is external)
brocade -- fabric_os
 
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. 2018-02-08 not yet calculated CVE-2017-6227
CONFIRM(link is external)
canvs_canvas -- canvs_canvas
 
Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code. 2018-02-09 not yet calculated CVE-2017-1000507
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow. 2018-02-07 not yet calculated CVE-2017-12412
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values." 2018-02-07 not yet calculated CVE-2017-12473
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown. 2018-02-07 not yet calculated CVE-2017-12463
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables. 2018-02-07 not yet calculated CVE-2017-12470
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable. 2018-02-07 not yet calculated CVE-2017-12464
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access. 2018-02-07 not yet calculated CVE-2017-12466
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation. 2018-02-07 not yet calculated CVE-2017-12469
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member. 2018-02-07 not yet calculated CVE-2017-12467
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function. 2018-02-07 not yet calculated CVE-2017-12465
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables. 2018-02-07 not yet calculated CVE-2017-12468
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function. 2018-02-07 not yet calculated CVE-2017-12471
CONFIRM(link is external)
CONFIRM(link is external)
ccn-lite -- ccn-lite
 
ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc. 2018-02-07 not yet calculated CVE-2017-12472
CONFIRM(link is external)
CONFIRM(link is external)
cisco -- data_center_analytics_framework
 
A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02088. 2018-02-08 not yet calculated CVE-2018-0129
BID(link is external)
CONFIRM(link is external)
cisco -- data_center_analytics_framework
 
A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02082. 2018-02-08 not yet calculated CVE-2018-0128
BID(link is external)
CONFIRM(link is external)
cisco -- email_security_appliance_and _content_security_management_appliance
 
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. 2018-02-08 not yet calculated CVE-2018-0140
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- firepower_system_software
 
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946. 2018-02-08 not yet calculated CVE-2018-0138
CONFIRM(link is external)
cisco -- ios_and_ios_xe_software
 
A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950. 2018-02-08 not yet calculated CVE-2018-0123
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xr_software A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency between the FIB and the RIB, resulting in a DoS condition. Cisco Bug IDs: CSCus84718. 2018-02-08 not yet calculated CVE-2018-0132
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- policy_suite
 
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830. 2018-02-08 not yet calculated CVE-2018-0134
BID(link is external)
CONFIRM(link is external)

cisco -- policy_suite


 
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124. 2018-02-08 not yet calculated CVE-2018-0116
CONFIRM(link is external)

cisco -- prime_network


 
A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152. 2018-02-08 not yet calculated CVE-2018-0137
BID(link is external)
CONFIRM(link is external)

cisco -- rv132w_adsl2+_wireless-n_vpn_ and _rv134w_vdsl2_wireless-ac_vpn_routers


 
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172. 2018-02-08 not yet calculated CVE-2018-0127
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- rv132w_adsl2+_wireless-n_vpn_and_rv134w_vdsl2_wireless-ac_vpn_routers
 
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170. 2018-02-08 not yet calculated CVE-2018-0125
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- spark
 
A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206. 2018-02-08 not yet calculated CVE-2018-0119
CONFIRM(link is external)

cisco -- staros_operating_system_for_cisco_asr_5000_series_aggregation_services_routers


 
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335. 2018-02-08 not yet calculated CVE-2018-0122
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ucs_central
 
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825. 2018-02-08 not yet calculated CVE-2018-0113
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- unified_communications_manager
 
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644. 2018-02-08 not yet calculated CVE-2018-0135
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- unified_communications_manager
 
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810. 2018-02-08 not yet calculated CVE-2018-0120
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- virtualized_packet_core-distributed_instance_software A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. Cisco Bug IDs: CSCve17656. 2018-02-08 not yet calculated CVE-2018-0117
CONFIRM(link is external)
claymore -- dual_gpu_miner
 
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service. 2018-02-02 not yet calculated CVE-2018-6317
MISC(link is external)
EXPLOIT-DB(link is external)
claymore -- dual_gpu_miner
 
nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote Code Execution vulnerability in API that can result in RCE by abusing the remote manager API. This attack appear to be exploitable via The victim must run the miner with read/write mode enabled. 2018-02-09 not yet calculated CVE-2018-1000049
MISC(link is external)
MISC(link is external)
cloudera -- cloudera
 
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables. 2018-02-04 not yet calculated CVE-2017-15536
CONFIRM(link is external)
cozy -- cozy
 
Cozy has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset. 2018-02-07 not yet calculated CVE-2018-6824
MISC(link is external)
croogo -- croogo
 
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. 2018-02-09 not yet calculated CVE-2017-1000510
CONFIRM(link is external)
django -- django
 
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. 2018-02-04 not yet calculated CVE-2018-6188
CONFIRM(link is external)
dojo -- dojo_toolkit
 
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. 2018-02-02 not yet calculated CVE-2018-6561
MISC(link is external)
dokuwiki -- dokuwiki
 
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. 2018-02-03 not yet calculated CVE-2017-18123
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MLIST
MISC(link is external)
dolibarr -- dolibarr
 
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. 2018-02-09 not yet calculated CVE-2017-1000509
CONFIRM(link is external)
echor -- echor The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. 2018-02-02 not yet calculated CVE-2014-1834
MLIST(link is external)
echor -- echor
 
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. 2018-02-02 not yet calculated CVE-2014-1835
MLIST(link is external)
XF(link is external)
edx -- edx
 
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed. 2018-02-03 not yet calculated CVE-2015-2186
CONFIRM(link is external)
CONFIRM
efront -- cms
 
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter. 2018-02-05 not yet calculated CVE-2015-4461
CONFIRM(link is external)
MISC(link is external)
electrum_technologies -- electrum_bitcoin_wallet
 
Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5. 2018-02-09 not yet calculated CVE-2018-1000022
MISC
MISC
CONFIRM(link is external)
MISC(link is external)
emc -- recoverpoint
 
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges. 2018-02-03 not yet calculated CVE-2018-1184
CONFIRM
SECTRACK(link is external)
emc -- recoverpoint
 
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges. 2018-02-03 not yet calculated CVE-2018-1185
CONFIRM
SECTRACK(link is external)
epson -- airprint
 
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user. 2018-02-08 not yet calculated CVE-2018-5550
MISC(link is external)
CONFIRM(link is external)
ether -- etherpad_lite
 
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. 2018-02-08 not yet calculated CVE-2018-6834
CONFIRM(link is external)
CONFIRM(link is external)
ether -- etherpad_lite
 
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. 2018-02-08 not yet calculated CVE-2018-6835
CONFIRM(link is external)
CONFIRM(link is external)
exim -- exim
 
An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific function. This can be used to execute code remotely. 2018-02-08 not yet calculated CVE-2018-6789
MLIST(link is external)
CONFIRM
extreme_networks -- extremewireless_wing An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets. 2018-02-04 not yet calculated CVE-2018-5787
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets. 2018-02-04 not yet calculated CVE-2018-5793
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets. 2018-02-04 not yet calculated CVE-2018-5791
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets. 2018-02-04 not yet calculated CVE-2018-5792
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. 2018-02-04 not yet calculated CVE-2018-5797
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets. 2018-02-04 not yet calculated CVE-2018-5790
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets. 2018-02-04 not yet calculated CVE-2018-5788
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet. 2018-02-04 not yet calculated CVE-2018-5794
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface. 2018-02-04 not yet calculated CVE-2018-5789
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller. 2018-02-04 not yet calculated CVE-2018-5795
CONFIRM(link is external)
extreme_networks -- extremewireless_wing
 
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command. 2018-02-04 not yet calculated CVE-2018-5796
CONFIRM(link is external)
ezcode -- event_manager
 
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. 2018-02-02 not yet calculated CVE-2018-6576
EXPLOIT-DB(link is external)
f5 -- big-ip
 
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization. 2018-02-06 not yet calculated CVE-2017-6169
SECTRACK(link is external)
CONFIRM(link is external)
fasterxml -- jackson-databind
 
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. 2018-02-06 not yet calculated CVE-2017-15095
SECTRACK(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
fasterxml -- jackson-databind
 
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. 2018-02-06 not yet calculated CVE-2017-7525
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
ffmpeg -- ffmpeg
 
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. 2018-02-08 not yet calculated CVE-2012-5359
MISC(link is external)
CONFIRM
ffmpeg -- ffmpeg
 
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. 2018-02-08 not yet calculated CVE-2012-5360
MISC(link is external)
CONFIRM
ffmpeg -- ffmpeg
 
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. 2018-02-04 not yet calculated CVE-2018-6621
BID(link is external)
CONFIRM
firebase -- firebase
 
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1. 2018-02-09 not yet calculated CVE-2018-1000025
CONFIRM(link is external)
CONFIRM(link is external)
fishshell -- fish fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. 2018-02-09 not yet calculated CVE-2014-3219
FEDORA
GENTOO
MLIST(link is external)
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
flatpak -- flatpak
 
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. 2018-02-02 not yet calculated CVE-2018-6560
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
flexense -- diskboss
 
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener. 2018-02-02 not yet calculated CVE-2018-5261
MISC(link is external)
flexense -- syncbreeze_enterprise A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the SyncBreeze Enterprise server and possibly remote command execution with SYSTEM privilege. 2018-02-06 not yet calculated CVE-2017-17996
FULLDISC
MISC(link is external)
flexense -- syncbreeze_enterprise
 
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. 2018-02-02 not yet calculated CVE-2018-6537
EXPLOIT-DB(link is external)
fmtlib -- fmtlib
 
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7. 2018-02-09 not yet calculated CVE-2018-1000052
CONFIRM(link is external)
CONFIRM(link is external)
fortinet -- fortigate_fortidb Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf. 2018-02-09 not yet calculated CVE-2012-6347
CONFIRM(link is external)
MISC(link is external)
fortinet -- fortigate_utm_waf_appliances_with_fortios Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. 2018-02-08 not yet calculated CVE-2012-0941
MISC
BID(link is external)
XF(link is external)
CONFIRM(link is external)
SECTRACK(link is external)
MISC(link is external)
fortinet -- fortiweb Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. 2018-02-09 not yet calculated CVE-2012-6346
CONFIRM(link is external)
MISC(link is external)
foxit -- foxit_reader_and_phantompdf
 
Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. 2018-02-07 not yet calculated CVE-2016-6169
MISC(link is external)
CONFIRM(link is external)
foxit -- foxit_reader_and_phantompdf
 
Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. 2018-02-07 not yet calculated CVE-2016-6168
MISC(link is external)
CONFIRM(link is external)
freebsd -- freebsd
 
patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1 allows remote attackers to execute arbitrary commands via a crafted patch file. 2018-02-05 not yet calculated CVE-2015-1418
BID(link is external)
SECTRACK(link is external)
FREEBSD
freebsd -- freebsd
 
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected. 2018-02-05 not yet calculated CVE-2015-5674
BID(link is external)
SECTRACK(link is external)
FREEBSD
freebsd -- freebsd
 
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file. 2018-02-05 not yet calculated CVE-2015-1416
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
FREEBSD
fuji_electric -- v-server_vpr
 
A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. 2018-02-05 not yet calculated CVE-2018-5442
BID(link is external)
MISC
futomi -- mp_form_mail_cgi_ecommerce_edition
 
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2018-02-08 not yet calculated CVE-2018-0514
CONFIRM(link is external)
JVN(link is external)
gifsicle -- gifsicle
 
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. 2018-02-02 not yet calculated CVE-2017-18120
MISC
MISC
MISC(link is external)
MISC(link is external)
git -- git
 
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). 2018-02-09 not yet calculated CVE-2018-1000021
MISC(link is external)
gnome -- librsvg
 
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. 2018-02-09 not yet calculated CVE-2018-1000041
CONFIRM(link is external)
CONFIRM(link is external)
gnu -- binutils
 
The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. 2018-02-09 not yet calculated CVE-2018-6872
CONFIRM
CONFIRM
gnu -- binutils
 
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. 2018-02-06 not yet calculated CVE-2018-6759
CONFIRM
gnu -- binutils
 
In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-02-02 not yet calculated CVE-2018-6543
MISC
gnu -- c_library
 
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. 2018-02-02 not yet calculated CVE-2018-6551
CONFIRM
CONFIRM
go -- go
 
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. 2018-02-07 not yet calculated CVE-2018-6574
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258. 2018-02-06 not yet calculated CVE-2017-6258
CONFIRM(link is external)
google -- android
 
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279. 2018-02-06 not yet calculated CVE-2017-6279
CONFIRM(link is external)
google -- chrome
 
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2018-02-07 not yet calculated CVE-2017-5126
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. 2018-02-07 not yet calculated CVE-2017-5128
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2018-02-07 not yet calculated CVE-2017-15390
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2018-02-07 not yet calculated CVE-2017-5129
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position. 2018-02-07 not yet calculated CVE-2017-15397
BID(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
google -- chrome
 
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. 2018-02-07 not yet calculated CVE-2017-15391
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. 2018-02-07 not yet calculated CVE-2017-5124
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
MISC(link is external)
google -- chrome
 
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. 2018-02-07 not yet calculated CVE-2017-15395
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2018-02-07 not yet calculated CVE-2017-15386
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2018-02-07 not yet calculated CVE-2017-15389
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. 2018-02-07 not yet calculated CVE-2017-5130
MISC
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
MISC
MLIST
GENTOO
google -- chrome
 
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. 2018-02-07 not yet calculated CVE-2017-5131
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2018-02-07 not yet calculated CVE-2017-5127
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. 2018-02-07 not yet calculated CVE-2017-15394
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2018-02-07 not yet calculated CVE-2017-5125
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. 2018-02-07 not yet calculated CVE-2017-15393
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. 2018-02-07 not yet calculated CVE-2017-5132
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2018-02-07 not yet calculated CVE-2017-15388
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site. 2018-02-05 not yet calculated CVE-2018-6654
MISC
google -- chrome
 
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. 2018-02-07 not yet calculated CVE-2017-15392
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. 2018-02-07 not yet calculated CVE-2017-15400
MISC(link is external)
MISC(link is external)
google -- chrome
 
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentiality execute code via a crafted PDF file. 2018-02-07 not yet calculated CVE-2017-5133
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. 2018-02-07 not yet calculated CVE-2017-15387
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
graphicsmagick -- graphicsmagick
 
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. 2018-02-07 not yet calculated CVE-2018-6799
CONFIRM
gskit -- gskit
 
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212. 2018-02-07 not yet calculated CVE-2018-1388
CONFIRM(link is external)
MISC(link is external)
i-o_data_device -- multiple_products
 
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. 2018-02-08 not yet calculated CVE-2018-0512
CONFIRM(link is external)
JVN(link is external)
ibm -- aix
 
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067. 2018-02-07 not yet calculated CVE-2017-1692
CONFIRM(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- api_connect
 
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. 2018-02-07 not yet calculated CVE-2017-1785
CONFIRM(link is external)
MISC(link is external)
ibm -- api_connect
 
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079. 2018-02-07 not yet calculated CVE-2018-1382
CONFIRM(link is external)
MISC(link is external)
ibm -- content_navigator
 
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452. 2018-02-07 not yet calculated CVE-2018-1366
CONFIRM(link is external)
MISC(link is external)
ibm -- emptoris_sourcing
 
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692. 2018-02-02 not yet calculated CVE-2016-0329
CONFIRM(link is external)
XF(link is external)
ibm -- sametime IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048. 2018-02-08 not yet calculated CVE-2012-3331
CONFIRM(link is external)
XF(link is external)
ibm -- security_guardium_database_activity_monitor
 
IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765. 2018-02-09 not yet calculated CVE-2018-1368
CONFIRM(link is external)
MISC(link is external)
ibm -- tivoli_business_service_manager
 
Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480. 2018-02-02 not yet calculated CVE-2016-0311
CONFIRM(link is external)
XF(link is external)
CONFIRM(link is external)
ibm -- tivoli_integrated_portal
 
Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-02-02 not yet calculated CVE-2016-0303
CONFIRM(link is external)
ibm -- tririga_application_platform
 
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486. 2018-02-02 not yet calculated CVE-2016-0312
CONFIRM(link is external)
XF(link is external)
ibm -- tririga_application_platform
 
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412. 2018-02-02 not yet calculated CVE-2016-0300
CONFIRM(link is external)
XF(link is external)
ibm -- tririga_application_platform
 
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783. 2018-02-02 not yet calculated CVE-2016-0342
CONFIRM(link is external)
XF(link is external)
ibm -- websphere_application_server The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. 2018-02-08 not yet calculated CVE-2011-4889
XF(link is external)
CONFIRM(link is external)
ibm -- websphere_portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. 2018-02-09 not yet calculated CVE-2017-1761
CONFIRM(link is external)
MISC(link is external)
ibm -- websphere_portal IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437. 2018-02-09 not yet calculated CVE-2018-1401
MISC(link is external)
CONFIRM(link is external)
ibm -- xiv_storage_system_devices
 
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unspecified vectors. IBM X-Force ID: 75041. 2018-02-08 not yet calculated CVE-2012-2166
CONFIRM(link is external)
XF(link is external)
icinga -- icinga
 
An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake. 2018-02-02 not yet calculated CVE-2018-6536
MISC(link is external)
imagemagick -- imagemagick
 
THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. 2018-02-09 not yet calculated CVE-2018-6876
MISC(link is external)
infozip -- unzip
 
A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. 2018-02-09 not yet calculated CVE-2018-1000031
MISC(link is external)
infozip -- unzip
 
An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. 2018-02-09 not yet calculated CVE-2018-1000033
MISC(link is external)
infozip -- unzip
 
A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. 2018-02-09 not yet calculated CVE-2018-1000032
MISC(link is external)
infozip -- unzip
 
An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. 2018-02-09 not yet calculated CVE-2018-1000034
MISC(link is external)
infozip -- unzip
 
A heap-based buffer overflow exists in InfoZip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. 2018-02-09 not yet calculated CVE-2018-1000035
MISC(link is external)
intel -- graphics_driver
 
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access. 2018-02-02 not yet calculated CVE-2017-5727
CONFIRM(link is external)
invoiceplane -- invoiceplane
 
Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later. 2018-02-09 not yet calculated CVE-2017-1000508
CONFIRM(link is external)
CONFIRM(link is external)
ipswitch -- moveit
 
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks. 2018-02-02 not yet calculated CVE-2018-6545
MISC(link is external)
jenkins -- jenkins
 
Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. 2018-02-09 not yet calculated CVE-2018-1000054
CONFIRM(link is external)
jenkins -- jenkins
 
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. 2018-02-09 not yet calculated CVE-2018-1000056
CONFIRM(link is external)
jenkins -- jenkins
 
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. 2018-02-09 not yet calculated CVE-2018-1000055
CONFIRM(link is external)
jenkins -- jenkins
 
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. 2018-02-09 not yet calculated CVE-2018-1000057
CONFIRM(link is external)
jenkins -- jenkins
 
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. 2018-02-09 not yet calculated CVE-2018-1000058
CONFIRM(link is external)
jhead -- jhead
 
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. 2018-02-04 not yet calculated CVE-2018-6612
CONFIRM
CONFIRM(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x221808. 2018-02-06 not yet calculated CVE-2018-6787
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081E4. 2018-02-06 not yet calculated CVE-2018-6780
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008088. 2018-02-06 not yet calculated CVE-2018-6774
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008084. 2018-02-06 not yet calculated CVE-2018-6773
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00825C. 2018-02-06 not yet calculated CVE-2018-6783
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008090. 2018-02-06 not yet calculated CVE-2018-6768
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2208C0. 2018-02-06 not yet calculated CVE-2018-6788
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008224. 2018-02-06 not yet calculated CVE-2018-6771
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400. 2018-02-06 not yet calculated CVE-2018-6777
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00824C. 2018-02-06 not yet calculated CVE-2018-6784
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008208. 2018-02-06 not yet calculated CVE-2018-6772
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008254. 2018-02-06 not yet calculated CVE-2018-6785
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x990081C8. 2018-02-06 not yet calculated CVE-2018-6775
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220840. 2018-02-06 not yet calculated CVE-2018-6786
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008264. 2018-02-06 not yet calculated CVE-2018-6781
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008020. 2018-02-06 not yet calculated CVE-2018-6769
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008268. 2018-02-06 not yet calculated CVE-2018-6778
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00813C. 2018-02-06 not yet calculated CVE-2018-6776
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081DC. 2018-02-06 not yet calculated CVE-2018-6782
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008240. 2018-02-06 not yet calculated CVE-2018-6779
MISC(link is external)
jiangmin -- antivirus
 
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008210. 2018-02-06 not yet calculated CVE-2018-6770
MISC(link is external)
joomla! -- joomla!
 
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. 2018-02-02 not yet calculated CVE-2018-6581
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. 2018-02-02 not yet calculated CVE-2018-6578
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. 2018-02-05 not yet calculated CVE-2018-6582
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. 2018-02-02 not yet calculated CVE-2018-6579
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. 2018-02-02 not yet calculated CVE-2018-6580
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request. 2018-02-05 not yet calculated CVE-2018-6604
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. 2018-02-05 not yet calculated CVE-2018-6605
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. 2018-02-02 not yet calculated CVE-2018-6577
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action. 2018-02-05 not yet calculated CVE-2018-6609
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. 2018-02-02 not yet calculated CVE-2018-6575
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request. 2018-02-05 not yet calculated CVE-2018-6610
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company." 2018-02-06 not yet calculated CVE-2015-3619
CONFIRM(link is external)
MISC(link is external)
CONFIRM(link is external)
kaspersky -- secure_mail_gateway
 
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. 2018-02-06 not yet calculated CVE-2018-6289
CONFIRM(link is external)
kaspersky -- secure_mail_gateway
 
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. 2018-02-06 not yet calculated CVE-2018-6291
CONFIRM(link is external)
kaspersky -- secure_mail_gateway
 
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. 2018-02-06 not yet calculated CVE-2018-6290
CONFIRM(link is external)
kaspersky -- secure_mail_gateway
 
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. 2018-02-06 not yet calculated CVE-2018-6288
CONFIRM(link is external)
kddi -- anshin_net_security_for_windows
 
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-02-08 not yet calculated CVE-2018-0517
JVN(link is external)
kde -- plasma_workspace
 
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element. 2018-02-06 not yet calculated CVE-2018-6790
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kde -- plasma_workspace
 
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder. 2018-02-06 not yet calculated CVE-2018-6791
CONFIRM
CONFIRM
konakart -- konakart_ecommerce_platform
 
Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server. 2018-02-03 not yet calculated CVE-2017-17108
BUGTRAQ(link is external)
krzysztof_kowalczyk -- sumatrapdf
 
Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file. 2018-02-08 not yet calculated CVE-2013-2830
MISC(link is external)
libgcrypt -- libgcrypt
 
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. 2018-02-07 not yet calculated CVE-2018-6829
MISC(link is external)
MISC(link is external)
MISC
libreoffice -- libreoffice
 
LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. 2018-02-09 not yet calculated CVE-2018-6871
MISC(link is external)
libwebm -- libwebm
 
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. 2018-02-02 not yet calculated CVE-2018-6548
MISC
MISC(link is external)
limesurvey -- limesurvey
 
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint. 2018-02-09 not yet calculated CVE-2018-1000053
CONFIRM(link is external)
linux -- linux_kernel
 
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. 2018-02-09 not yet calculated CVE-2014-8171
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
BID(link is external)
CONFIRM(link is external)
linux -- linux_kernel
 
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. 2018-02-09 not yet calculated CVE-2018-1000026
MLIST(link is external)
MLIST(link is external)
MISC
linux -- linux_kernel
 
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. 2018-02-09 not yet calculated CVE-2018-1000028
CONFIRM
mailbutler -- shimo_for_macos
 
In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root. 2018-02-07 not yet calculated CVE-2018-6823
MISC(link is external)
malwarefox -- antimalware
 
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges. 2018-02-03 not yet calculated CVE-2018-6593
MISC(link is external)
EXPLOIT-DB(link is external)
malwarefox -- antimalware
 
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges. 2018-02-03 not yet calculated CVE-2018-6606
MISC(link is external)
mantisbt -- mantisbt
 
view_all_bug_page.php in MantisBT before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. 2018-02-02 not yet calculated CVE-2018-6526
MISC
march-hare -- wincvs
 
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. 2018-02-05 not yet calculated CVE-2018-6461
CONFIRM(link is external)
marked_2 --marked_2
 
Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls. 2018-02-07 not yet calculated CVE-2018-6806
MISC(link is external)
MISC(link is external)
mautic -- mautic
 
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. 2018-02-09 not yet calculated CVE-2017-1000506
CONFIRM(link is external)
mcholste -- enterprise_log_search_and_archive
 
mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via the type, name, and value parameters of /Query/set_preference and the name and value parameters of /Query/preference. Payload executed when the user visits the index view (/). 2018-02-09 not yet calculated CVE-2018-1000029
CONFIRM(link is external)
micro_focus -- fortify_audit_workbench_and_fortify_software_security_center
 
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection. 2018-02-02 not yet calculated CVE-2018-6486
BID(link is external)
CONFIRM(link is external)
micropoint -- proactive_defense_software
 
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000014c. 2018-02-05 not yet calculated CVE-2018-6630
MISC(link is external)
micropoint -- proactive_defense_software
 
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000010c. 2018-02-05 not yet calculated CVE-2018-6628
MISC(link is external)
micropoint -- proactive_defense_software
 
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110009.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000170. 2018-02-05 not yet calculated CVE-2018-6631
MISC(link is external)
micropoint -- proactive_defense_software
 
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000035. 2018-02-05 not yet calculated CVE-2018-6626
MISC(link is external)
micropoint -- proactive_defense_software
 
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000110. 2018-02-05 not yet calculated CVE-2018-6632
MISC(link is external)
micropoint -- proactive_defense_software
 
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038. 2018-02-05 not yet calculated CVE-2018-6633
MISC(link is external)
micropoint -- proactive_defense_software
 
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000118. 2018-02-05 not yet calculated CVE-2018-6629
MISC(link is external)
microsoft -- internet_explorer
 
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806. 2018-02-08 not yet calculated CVE-2014-4066
MS(link is external)
microsoft -- internet_explorer
 
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145. 2018-02-08 not yet calculated CVE-2014-8985
MS(link is external)
microsoft -- internet_explorer
 
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304. 2018-02-08 not yet calculated CVE-2014-4112
MS(link is external)
microsoft -- internet_explorer
 
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985. 2018-02-08 not yet calculated CVE-2014-4145
MS(link is external)
mini_httpd -- mini_httpd
 
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. 2018-02-06 not yet calculated CVE-2017-17663
CONFIRM(link is external)
monstra -- monstra_cms
 
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. 2018-02-02 not yet calculated CVE-2018-6550
CONFIRM(link is external)
CONFIRM(link is external)
mybb -- mybb
 
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. 2018-02-08 not yet calculated CVE-2018-6844
MISC(link is external)
nagios -- business_process_intelligence
 
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php. 2018-02-06 not yet calculated CVE-2015-3618
CONFIRM(link is external)
MISC(link is external)
nasa -- kodiak
 
NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library. 2018-02-09 not yet calculated CVE-2018-1000047
MISC(link is external)
nasa -- pyblock
 
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4. 2018-02-09 not yet calculated CVE-2018-1000046
CONFIRM(link is external)
nasa -- rtretrievalframework
 
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file. 2018-02-09 not yet calculated CVE-2018-1000048
MISC(link is external)
nasa -- singledop
 
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1. 2018-02-09 not yet calculated CVE-2018-1000045
CONFIRM(link is external)
nitro_software -- nitro_pro_and_nitro_reader
 
Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file. 2018-02-08 not yet calculated CVE-2013-3553
MISC(link is external)
nitro_software -- nitro_pro_and_nitro_reader
 
Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file. 2018-02-08 not yet calculated CVE-2013-3552
MISC(link is external)
odoo -- odoo
 
Odoo does not require authentication to be configured for a Backup Database action. 2018-02-04 not yet calculated CVE-2018-6620
MISC(link is external)
omron -- ns_devices
 
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. 2018-02-05 not yet calculated CVE-2018-6624
MISC(link is external)
openemr -- openemr
 
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher. 2018-02-09 not yet calculated CVE-2018-1000019
CONFIRM
MISC(link is external)
openemr -- openemr
 
OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher. 2018-02-09 not yet calculated CVE-2018-1000020
CONFIRM
MISC(link is external)
openjpeg -- openjpeg
 
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. 2018-02-04 not yet calculated CVE-2018-6616
MISC(link is external)
openmpt -- openmpt
 
soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. 2018-02-04 not yet calculated CVE-2018-6611
CONFIRM(link is external)
CONFIRM
openvms -- openvms
 
An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. 2018-02-07 not yet calculated CVE-2017-17482
MISC
MISC(link is external)
MISC(link is external)
php -- php
 
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. 2018-02-09 not yet calculated CVE-2016-10712
CONFIRM(link is external)
CONFIRM(link is external)
php_scripts_mall -- doctor_search_script PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. 2018-02-07 not yet calculated CVE-2018-6655
EXPLOIT-DB(link is external)
php_scripts_mall -- hot_scripts_clone_script_classified Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. 2018-02-09 not yet calculated CVE-2018-6878
EXPLOIT-DB(link is external)
php_scripts_mall -- multilanguage_real_estate_mlm_script PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. 2018-02-07 not yet calculated CVE-2018-6796
EXPLOIT-DB(link is external)
php_scripts_mall -- naukri_clone_script PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. 2018-02-07 not yet calculated CVE-2018-6795
EXPLOIT-DB(link is external)
postgresql -- postgresql
 
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. 2018-02-09 not yet calculated CVE-2018-1053
CONFIRM
postgresql -- postgresql
 
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. 2018-02-09 not yet calculated CVE-2018-1052
CONFIRM
project-pier -- projectpier-core
 
Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php. 2018-02-02 not yet calculated CVE-2015-2796
CONFIRM(link is external)
CONFIRM(link is external)
promise_technology -- webpam_pro-e_devices
 
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. 2018-02-07 not yet calculated CVE-2018-6603
MISC(link is external)
puppet -- puppet_agent In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4 2018-02-09 not yet calculated CVE-2017-10690
CONFIRM(link is external)
puppet -- puppet_agent In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. 2018-02-09 not yet calculated CVE-2017-10689
CONFIRM(link is external)
puppet -- puppet_enterprise Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability. 2018-02-09 not yet calculated CVE-2018-6508
CONFIRM(link is external)
purevpn -- purevpn
 
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root. 2018-02-07 not yet calculated CVE-2018-6822
MISC(link is external)
pycrypto -- pycrypto lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. 2018-02-03 not yet calculated CVE-2018-6594
MISC(link is external)
MISC(link is external)
python -- python
 
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. 2018-02-08 not yet calculated CVE-2018-1000030
CONFIRM
MISC(link is external)
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4316. 2018-02-08 not yet calculated CVE-2017-17658
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230. 2018-02-08 not yet calculated CVE-2017-17419
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4238. 2018-02-08 not yet calculated CVE-2017-17652
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225. 2018-02-08 not yet calculated CVE-2017-17414
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4292. 2018-02-08 not yet calculated CVE-2017-17656
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4294. 2018-02-08 not yet calculated CVE-2017-17657
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4237. 2018-02-08 not yet calculated CVE-2017-17425
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215. 2018-02-08 not yet calculated CVE-2018-1161
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4226. 2018-02-08 not yet calculated CVE-2017-17415
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4229. 2018-02-08 not yet calculated CVE-2017-17418
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4234. 2018-02-08 not yet calculated CVE-2017-17423
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4231. 2018-02-08 not yet calculated CVE-2017-17420
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4287. 2018-02-08 not yet calculated CVE-2017-17654
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4224. 2018-02-08 not yet calculated CVE-2017-17413
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4906. 2018-02-08 not yet calculated CVE-2017-17659
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233. 2018-02-08 not yet calculated CVE-2017-17422
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within the handling of Export requests. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to arbitrarily overwrite files resulting in a denial-of-service condition. Was ZDI-CAN-4222. 2018-02-08 not yet calculated CVE-2018-1162
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228. 2018-02-08 not yet calculated CVE-2017-17417
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4232. 2018-02-08 not yet calculated CVE-2017-17421
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the underlying database. Was ZDI-CAN-4223. 2018-02-08 not yet calculated CVE-2017-17412
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286. 2018-02-08 not yet calculated CVE-2017-17653
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752. 2018-02-08 not yet calculated CVE-2018-1163
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4227. 2018-02-08 not yet calculated CVE-2017-17416
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4289. 2018-02-08 not yet calculated CVE-2017-17655
MISC(link is external)
quest -- netvault_backup
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4235. 2018-02-08 not yet calculated CVE-2017-17424
MISC(link is external)
redcap -- redcap
 
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload. 2018-02-08 not yet calculated CVE-2017-7351
MISC(link is external)
ring -- video_doorbells
 
Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module. 2018-02-06 not yet calculated CVE-2015-4400
MISC(link is external)
MISC(link is external)
MISC(link is external)
ruby -- ruby
 
BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string. 2018-02-05 not yet calculated CVE-2015-4412
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
saifor -- cvms_hub
 
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:filter. The GET parameter is nombreAgente. 2018-02-06 not yet calculated CVE-2018-6792
MISC(link is external)
sandstorm -- sandstorm
 
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly. 2018-02-06 not yet calculated CVE-2017-6201
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sandstorm -- sandstorm
 
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field. 2018-02-06 not yet calculated CVE-2017-6199
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sandstorm -- sandstorm
 
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space. 2018-02-06 not yet calculated CVE-2017-6198
MISC(link is external)
MISC(link is external)
sandstorm -- sandstorm
 
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name. 2018-02-06 not yet calculated CVE-2017-6200
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sblim -- small_footprint_cim_broker
 
SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. 2018-02-08 not yet calculated CVE-2018-6644
MLIST(link is external)
security_onion_solutions -- squert
 
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0. 2018-02-09 not yet calculated CVE-2018-1000044
CONFIRM(link is external)
security_onion_solutions -- squert
 
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0. 2018-02-09 not yet calculated CVE-2018-1000043
CONFIRM(link is external)
security_onion_solutions -- squert
 
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0. 2018-02-09 not yet calculated CVE-2018-1000042
CONFIRM(link is external)
sensu -- sensu_core
 
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b. 2018-02-09 not yet calculated CVE-2018-1000060
CONFIRM(link is external)
CONFIRM(link is external)
simplesamlphp -- simplesamlphp The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. 2018-02-02 not yet calculated CVE-2017-18121
CONFIRM
simplesamlphp -- simplesamlphp
 
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP. 2018-02-02 not yet calculated CVE-2017-18122
CONFIRM
snapd -- snapd
 
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions. 2018-02-02 not yet calculated CVE-2017-14178
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sonatype -- nexus_repository_manager
 
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. 2018-02-09 not yet calculated CVE-2018-5306
FULLDISC
CONFIRM(link is external)
MISC(link is external)
sonatype -- nexus_repository_manager
 
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. 2018-02-09 not yet calculated CVE-2018-5307
FULLDISC
CONFIRM(link is external)
MISC(link is external)
sophos -- tester_tool
 
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack. 2018-02-02 not yet calculated CVE-2018-6318
MISC(link is external)
sophos -- tester_tool
 
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine. 2018-02-02 not yet calculated CVE-2018-6319
MISC(link is external)

squid_software_foundation -- squid_http_caching_proxy


 
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. 2018-02-09 not yet calculated CVE-2018-1000024
CONFIRM
MISC
squid_software_foundation -- squid_http_caching_proxy
 
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. 2018-02-09 not yet calculated CVE-2018-1000027
CONFIRM
CONFIRM
CONFIRM
CONFIRM(link is external)
stb_vorbis -- stb_vorbis
 
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13. 2018-02-09 not yet calculated CVE-2018-1000050
CONFIRM(link is external)
subsonic -- subsonic
 
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. 2018-02-05 not yet calculated CVE-2017-9414
MISC
MISC(link is external)
EXPLOIT-DB(link is external)
suricata -- suricata
 
Suricata before 4.1 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual. 2018-02-07 not yet calculated CVE-2018-6794
CONFIRM(link is external)
CONFIRM
synacor -- zimbra_collaboration_suite
 
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS. 2018-02-03 not yet calculated CVE-2017-17703
CONFIRM(link is external)
CONFIRM(link is external)
synacor -- zimbra_collaboration_suite
 
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS. 2018-02-03 not yet calculated CVE-2017-8783
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
the_masha_brand -- online_voting_system
 
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. 2018-02-08 not yet calculated CVE-2018-6180
MISC(link is external)
EXPLOIT-DB(link is external)
tiki_wiki -- cms_groupware
 
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. 2018-02-06 not yet calculated CVE-2016-7394
CONFIRM(link is external)
trend_micro -- control_manager XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3607
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
trend_micro -- control_manager
 
An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3602
CONFIRM(link is external)
MISC(link is external)
trend_micro -- control_manager
 
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3603
CONFIRM(link is external)
MISC(link is external)
trend_micro -- control_manager
 
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3601
CONFIRM(link is external)
MISC(link is external)
trend_micro -- control_manager
 
A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3600
CONFIRM(link is external)
MISC(link is external)
trend_micro -- control_manager
 
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3604
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
trend_micro -- control_manager
 
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3605
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
trend_micro -- control_manager
 
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. 2018-02-09 not yet calculated CVE-2018-3606
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
twitter -- twitter_kit_for_ios
 
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service. 2018-02-09 not yet calculated CVE-2017-0911
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
unbit -- uwsgi
 
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length. 2018-02-06 not yet calculated CVE-2018-6758
MISC(link is external)
MISC(link is external)
uncurl -- uncurl
 
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. 2018-02-05 not yet calculated CVE-2018-6651
CONFIRM(link is external)
CONFIRM(link is external)
validformbuilder -- validformbuilder
 
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system. 2018-02-09 not yet calculated CVE-2018-1000059
CONFIRM(link is external)
vobot -- vobot_clock
 
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response. 2018-02-09 not yet calculated CVE-2018-6826
MISC(link is external)
vobot -- vobot_clock
 
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access. 2018-02-09 not yet calculated CVE-2018-6825
MISC(link is external)
vobot -- vobot_clock
 
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. 2018-02-09 not yet calculated CVE-2018-6827
MISC(link is external)
vyaire_medical -- carefusion_upgrade_utility_used_with_windows_xp_systems
 
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application. 2018-02-06 not yet calculated CVE-2018-5457
MISC
watchdog -- anti-malware
 
In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054. 2018-02-05 not yet calculated CVE-2018-6627
MISC(link is external)
watchdog -- anti-malware
 
In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010. 2018-02-05 not yet calculated CVE-2018-6625
MISC(link is external)
wavpack -- wavpack
 
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. 2018-02-06 not yet calculated CVE-2018-6767
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
web2py -- web2py
 
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. 2018-02-06 not yet calculated CVE-2016-3954
MISC(link is external)
web2py -- web2py
 
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. 2018-02-06 not yet calculated CVE-2016-3953
MISC(link is external)
MISC(link is external)
web2py -- web2py
 
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key. 2018-02-06 not yet calculated CVE-2016-3957
MISC(link is external)
MISC(link is external)
web2py -- web2py
 
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. 2018-02-06 not yet calculated CVE-2016-3952
MISC(link is external)
CONFIRM(link is external)
west_wind -- web_server
 
West Wind Web Server 6.x does not require authentication for /ADMIN.ASP. 2018-02-05 not yet calculated CVE-2018-6569
MISC(link is external)
wireshark -- wireshark
 
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-02-08 not yet calculated CVE-2018-6836
MISC
MISC
MISC
MISC
wondercms -- wondercms
 
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File. 2018-02-09 not yet calculated CVE-2018-1000062
CONFIRM(link is external)
CONFIRM(link is external)
wordpress -- wordpress
 
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. 2018-02-06 not yet calculated CVE-2018-6467
MISC(link is external)
wordpress -- wordpress
 
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. 2018-02-06 not yet calculated CVE-2018-6389
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php. 2018-02-06 not yet calculated CVE-2018-6468
MISC(link is external)
wordpress -- wordpress
 
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. 2018-02-08 not yet calculated CVE-2015-2329
MISC(link is external)
CONFIRM(link is external)
wordpress -- wordpress
 
Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-02-08 not yet calculated CVE-2018-0513
CONFIRM(link is external)
JVN(link is external)
wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php. 2018-02-06 not yet calculated CVE-2018-6469
MISC(link is external)
wordpress -- wordpress
 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress. 2018-02-05 not yet calculated CVE-2015-4179
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php. 2018-02-06 not yet calculated CVE-2018-6466
MISC(link is external)
z-blogphp -- z-blogphp
 
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. 2018-02-06 not yet calculated CVE-2018-6656
MISC(link is external)
MISC(link is external)
z-blogphp -- z-blogphp
 
Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. 2018-02-08 not yet calculated CVE-2018-6846
CONFIRM(link is external)
zoho -- manageengine_ad_manager_plus
 
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. 2018-02-07 not yet calculated CVE-2017-17552
MISC(link is external)
zziplib -- zziplib
 
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. 2018-02-02 not yet calculated CVE-2018-6541
MISC(link is external)
zziplib -- zziplib
 
In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. 2018-02-02 not yet calculated CVE-2018-6542
MISC(link is external)
zziplib -- zziplib
 
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. 2018-02-02 not yet calculated CVE-2018-6540
MISC(link is external)
zziplib -- zziplib
 
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. 2018-02-09 not yet calculated CVE-2018-6869
MISC