본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-071)] 2018년 3월 5일까지 발표된 보안 취약점

by manga0713 2018. 3. 13.

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-071)] 2018년 3월 5일까지 발표된 보안 취약점

 

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
389-ds-base -- 389-ds-base
 
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. 2018-03-07 not yet calculated CVE-2018-1054
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
3cx -- 3cx
 
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. 2018-03-03 not yet calculated CVE-2018-7654
MISC(link is external)
MISC(link is external)
adminer -- adminer
 
Adminer through 4.3.1 has SSRF via the server parameter. 2018-03-05 not yet calculated CVE-2018-7667
MISC
afian -- filerun
 
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request. 2018-03-06 not yet calculated CVE-2018-7734
MISC(link is external)
MISC(link is external)
MISC(link is external)
afian -- filerun
 
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request. 2018-03-06 not yet calculated CVE-2018-7735
MISC(link is external)
MISC(link is external)
MISC(link is external)
antsle_antman -- antsle_antman
 
antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation. 2018-03-06 not yet calculated CVE-2018-7739
MISC(link is external)
EXPLOIT-DB(link is external)
EXPLOIT-DB(link is external)
apache -- http_server_mod_cluster
 
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. 2018-03-09 not yet calculated CVE-2016-8612
REDHAT(link is external)
BID(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
apache -- ode
 
The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake. 2018-03-05 not yet calculated CVE-2018-1316
MLIST
MLIST
arista -- eos
 
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets. 2018-03-05 not yet calculated CVE-2018-5255
CONFIRM(link is external)
aruba_networks -- web_management_portal
 
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. 2018-03-09 not yet calculated CVE-2014-2592
MISC(link is external)
auth0 -- auth0.js
 
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. 2018-03-06 not yet calculated CVE-2018-7307
CONFIRM(link is external)
bacula-web -- bacula-web
 
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. 2018-03-07 not yet calculated CVE-2017-15367
CONFIRM
CONFIRM
CONFIRM(link is external)
belden -- multiple_products
 
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication. 2018-03-06 not yet calculated CVE-2018-5469
BID(link is external)
MISC
belden -- multiple_products
 
An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack. 2018-03-06 not yet calculated CVE-2018-5461
BID(link is external)
MISC
belden -- multiple_products
 
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions. 2018-03-06 not yet calculated CVE-2018-5465
BID(link is external)
MISC
belden -- multiple_products
 
A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack. 2018-03-06 not yet calculated CVE-2018-5471
BID(link is external)
MISC
belden -- multiple_products
 
An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. 2018-03-06 not yet calculated CVE-2018-5467
BID(link is external)
MISC
bleach -- bleach
 
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. 2018-03-07 not yet calculated CVE-2018-7753
MISC
MISC(link is external)
MISC(link is external)
bmc -- remedy_ar_system
 
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. 2018-03-10 not yet calculated CVE-2017-18223
CONFIRM(link is external)
buffalo -- wxr-1900dhp2­_firmware
 
Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. 2018-03-09 not yet calculated CVE-2018-0522
CONFIRM(link is external)
JVN(link is external)
buffalo -- wxr-1900dhp2­_firmware
 
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. 2018-03-09 not yet calculated CVE-2018-0521
CONFIRM(link is external)
JVN(link is external)
buffalo -- wxr-1900dhp2­_firmware
 
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2018-03-09 not yet calculated CVE-2018-0523
CONFIRM(link is external)
JVN(link is external)
cactusvpn -- cactusvpn
 
CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root. 2018-03-05 not yet calculated CVE-2018-7493
MISC(link is external)
calibre -- calibre
 
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. 2018-03-08 not yet calculated CVE-2018-7889
CONFIRM(link is external)
CONFIRM(link is external)
cavium -- multiple_products
 
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. 2018-03-05 not yet calculated CVE-2017-17428
BID(link is external)
SECTRACK(link is external)
CISCO(link is external)
CONFIRM(link is external)
CERT-VN
cisco -- data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvg88291. 2018-03-08 not yet calculated CVE-2018-0210
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine
 
A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials for the device. The vulnerability is due to incomplete input validation of user input for certain CLI ISE configuration commands. An attacker could exploit this vulnerability by authenticating as an administrative user, issuing a specific CLI command, and entering crafted, malicious user input for the command parameters. An exploit could allow the attacker to perform command injection to the lower-level Linux operating system. It is also possible the attacker could cause the ISE user interface for this management session to hang or disconnect. Cisco Bug IDs: CSCvg95479. 2018-03-08 not yet calculated CVE-2018-0221
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine
 
A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992. 2018-03-08 not yet calculated CVE-2018-0211
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvf69805. 2018-03-08 not yet calculated CVE-2018-0216
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf69963. 2018-03-08 not yet calculated CVE-2018-0212
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine
 
A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been restricted from this user. The vulnerability is due to insufficient input validation of CLI command user input. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a CLI command with crafted user input. A successful exploit could allow the attacker to execute arbitrary commands on the affected system that should be restricted. The attacker would need to have valid user credentials for the device. Cisco Bug IDs: CSCvf49844. 2018-03-08 not yet calculated CVE-2018-0214
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine
 
A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted. The attacker must have valid user credentials to the device to exploit this vulnerability. Cisco Bug IDs: CSCvf69753. 2018-03-08 not yet calculated CVE-2018-0213
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCuv32863. 2018-03-08 not yet calculated CVE-2018-0215
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- prime_collaboration_provisioning
 
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982. 2018-03-08 not yet calculated CVE-2018-0141
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- prime_data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051. 2018-03-08 not yet calculated CVE-2018-0144
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- registered_envelope_service
 
A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CSCvg74126. 2018-03-08 not yet calculated CVE-2018-0208
BID(link is external)
CONFIRM(link is external)
cisco -- secure_access_control_server
 
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616. 2018-03-08 not yet calculated CVE-2018-0218
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- secure_access_control_system
 
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988. 2018-03-08 not yet calculated CVE-2018-0147
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- secure_access_control_system
 
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595. 2018-03-08 not yet calculated CVE-2018-0207
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- security_manager
 
A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuy79668. 2018-03-08 not yet calculated CVE-2018-0223
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- simple_network_management_protocol
 
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135. 2018-03-08 not yet calculated CVE-2018-0209
CONFIRM(link is external)
cisco -- staros
 
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807. 2018-03-08 not yet calculated CVE-2018-0224
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- staros
 
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441. 2018-03-08 not yet calculated CVE-2018-0217
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- unified_computing_system_director
 
A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg86518. 2018-03-08 not yet calculated CVE-2018-0219
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- videoscape_anyres_live
 
A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg87525. 2018-03-08 not yet calculated CVE-2018-0220
BID(link is external)
CONFIRM(link is external)
cisco -- web_security_appliance
 
A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential validation. An attacker could exploit this vulnerability by using FTP to connect to the management IP address of the targeted device. A successful exploit could allow the attacker to log in to the FTP server of the Cisco WSA without having a valid password. This vulnerability affects Cisco AsyncOS for WSA Software on both virtual and hardware appliances that are running any release of Cisco AsyncOS 10.5.1 for WSA Software. The device is vulnerable only if FTP is enabled on the management interface. FTP is disabled by default. Cisco Bug IDs: CSCvf74281. 2018-03-08 not yet calculated CVE-2018-0087
SECTRACK(link is external)
CONFIRM(link is external)
citrix -- netscaler_adc_and_netscaler_gateway
 
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. 2018-03-06 not yet calculated CVE-2018-6810
SECTRACK(link is external)
CONFIRM(link is external)
citrix -- netscaler_adc_and_netscaler_gateway
 
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. 2018-03-06 not yet calculated CVE-2018-6809
SECTRACK(link is external)
CONFIRM(link is external)
citrix -- netscaler_adc_and_netscaler_gateway
 
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. 2018-03-06 not yet calculated CVE-2018-6811
SECTRACK(link is external)
CONFIRM(link is external)
citrix -- netscaler_adc_and_netscaler_gateway
 
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. 2018-03-06 not yet calculated CVE-2018-6808
SECTRACK(link is external)
CONFIRM(link is external)
clipbucket -- clipbucket
 
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php. 2018-03-05 not yet calculated CVE-2018-7664
MISC(link is external)
MISC(link is external)
clipbucket -- clipbucket
 
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter. 2018-03-05 not yet calculated CVE-2018-7666
MISC(link is external)
MISC(link is external)
clipbucket -- clipbucket
 
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php. 2018-03-05 not yet calculated CVE-2018-7665
MISC(link is external)
MISC(link is external)
corega -- cg-wgr1200_firmware
 
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors. 2018-03-09 not yet calculated CVE-2017-10852
CONFIRM(link is external)
JVN(link is external)
corega -- cg-wgr1200_firmware
 
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. 2018-03-09 not yet calculated CVE-2017-10853
CONFIRM(link is external)
JVN(link is external)
corega -- cg-wgr1200_firmware
 
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. 2018-03-09 not yet calculated CVE-2017-10854
CONFIRM(link is external)
JVN(link is external)
couch -- couch
 
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. 2018-03-04 not yet calculated CVE-2018-7662
CONFIRM(link is external)
d-link -- multiple_routers
 
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. 2018-03-06 not yet calculated CVE-2018-6529
CONFIRM
CONFIRM
CONFIRM
MISC(link is external)
d-link -- multiple_routers
 
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. 2018-03-06 not yet calculated CVE-2018-6527
CONFIRM
CONFIRM
CONFIRM
MISC(link is external)
d-link -- multiple_routers
 
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. 2018-03-06 not yet calculated CVE-2018-6528
CONFIRM
CONFIRM
CONFIRM
MISC(link is external)
d-link -- multiple_routers
 
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. 2018-03-06 not yet calculated CVE-2018-6530
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC(link is external)
d-link -- mydlink+_devices
 
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge. 2018-03-05 not yet calculated CVE-2018-7698
MISC(link is external)
dell -- dell_emc
 
A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface. 2018-03-08 not yet calculated CVE-2018-1216
CONFIRM
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
dell -- dell_emc
 
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability. 2018-03-08 not yet calculated CVE-2018-1215
CONFIRM
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
django -- django
 
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. 2018-03-09 not yet calculated CVE-2018-7536
MLIST
CONFIRM(link is external)
django -- django
 
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. 2018-03-09 not yet calculated CVE-2018-7537
MLIST
CONFIRM(link is external)
dovecot -- dovecot
 
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. 2018-03-02 not yet calculated CVE-2017-14461
BID(link is external)
MISC(link is external)
DEBIAN
MLIST
dovecot -- dovecot
 
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. 2018-03-02 not yet calculated CVE-2017-15130
MLIST
CONFIRM(link is external)
DEBIAN
MLIST
draytek -- vigor_ap910c_devices
 
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. 2018-03-06 not yet calculated CVE-2017-11650
MISC(link is external)
draytek -- vigor_ap910c_devices
 
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp. 2018-03-06 not yet calculated CVE-2017-11649
MISC(link is external)
dualdesk -- dualdesk
 
Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. 2018-03-03 not yet calculated CVE-2018-7583
EXPLOIT-DB(link is external)
emc -- rsa_archer
 
EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks. 2018-03-08 not yet calculated CVE-2018-1219
CONFIRM
BID(link is external)
SECTRACK(link is external)
emc -- rsa_archer
 
EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users. 2018-03-08 not yet calculated CVE-2018-1220
CONFIRM
BID(link is external)
SECTRACK(link is external)
emc -- rsa_identity_governance_and_lifecycle
 
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges. 2018-03-08 not yet calculated CVE-2018-1182
CONFIRM
BID(link is external)
SECTRACK(link is external)
emerson -- process_management_controlwave_micro_process_automation_controller
 
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode. 2018-03-07 not yet calculated CVE-2018-5452
BID(link is external)
MISC
eramba -- eramba
 
Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. 2018-03-07 not yet calculated CVE-2018-7741
MISC(link is external)
eramba -- eramba
 
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter. 2018-03-09 not yet calculated CVE-2018-7996
MISC(link is external)
eramba -- eramba
 
Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter). 2018-03-09 not yet calculated CVE-2018-7894
MISC(link is external)
eramba -- eramba
 
Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript. 2018-03-09 not yet calculated CVE-2018-7997
MISC(link is external)
exempi -- exempi
 
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. 2018-03-06 not yet calculated CVE-2018-7728
MISC
MISC
exempi -- exempi
 
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. 2018-03-06 not yet calculated CVE-2018-7731
MISC
MISC
exempi -- exempi
 
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. 2018-03-06 not yet calculated CVE-2018-7730
MISC
MISC
exempi -- exempi
 
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. 2018-03-06 not yet calculated CVE-2018-7729
MISC
MISC
exponent_cms -- exponent_cms
 
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." 2018-03-06 not yet calculated CVE-2016-7443
CONFIRM(link is external)
exponent_cms -- exponent_cms
 
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. 2018-03-03 not yet calculated CVE-2017-18213
MISC
MISC(link is external)
f5 -- big-iq_centralized_management
 
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. 2018-03-08 not yet calculated CVE-2017-6152
CONFIRM(link is external)
foxconn -- femtocell
 
A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used. 2018-03-10 not yet calculated CVE-2018-6312
MISC(link is external)
foxconn -- femtocell
 
One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications. 2018-03-10 not yet calculated CVE-2018-6311
MISC(link is external)
freebsd -- freebsd
 
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results. 2018-03-09 not yet calculated CVE-2018-6916
SECTRACK(link is external)
FREEBSD
github -- electron
 
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it. 2018-03-07 not yet calculated CVE-2018-1000118
CONFIRM
CONFIRM(link is external)
gnu -- binutils
 
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. 2018-03-02 not yet calculated CVE-2018-7643
BID(link is external)
MISC
google -- chrome
 
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. 2018-03-06 not yet calculated CVE-2016-5179
BID(link is external)
CONFIRM
CONFIRM(link is external)
gpac -- gpac
 
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. 2018-03-07 not yet calculated CVE-2018-7752
CONFIRM(link is external)
CONFIRM(link is external)
gpac -- mp4box
 
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE. 2018-03-06 not yet calculated CVE-2018-1000100
MISC(link is external)
graphicsmagick -- graphicsmagick
 
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. 2018-03-05 not yet calculated CVE-2017-18220
CONFIRM
BID(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick
 
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. 2018-03-05 not yet calculated CVE-2017-18219
CONFIRM
BID(link is external)
CONFIRM(link is external)
huawei -- cloudengine
 
Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak. 2018-03-09 not yet calculated CVE-2016-8784
CONFIRM(link is external)
BID(link is external)
huawei -- cloudengine
 
Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak. 2018-03-09 not yet calculated CVE-2016-8782
CONFIRM(link is external)
BID(link is external)
huawei -- dp300
 
Huawei DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. 2018-03-09 not yet calculated CVE-2017-17147
CONFIRM(link is external)
huawei -- dp300
 
Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. 2018-03-09 not yet calculated CVE-2017-17148
CONFIRM(link is external)
huawei -- dp300
 
Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device. 2018-03-09 not yet calculated CVE-2017-17146
CONFIRM(link is external)
huawei -- ensp
 
Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal. 2018-03-09 not yet calculated CVE-2017-17321
CONFIRM(link is external)
huawei -- h60
 
Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege. 2018-03-09 not yet calculated CVE-2016-8783
CONFIRM(link is external)
BID(link is external)
huawei -- hicinema_video_applications
 
Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same network with the user can obtain some information through a man-in-the-middle attack. 2018-03-09 not yet calculated CVE-2017-17325
CONFIRM(link is external)
huawei -- hiwallet_app
 
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet. 2018-03-09 not yet calculated CVE-2017-17149
CONFIRM(link is external)
huawei -- honor_smart_scale_application
 
Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure. 2018-03-09 not yet calculated CVE-2017-17322
CONFIRM(link is external)
huawei -- honor_v9_play
 
Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication. 2018-03-09 not yet calculated CVE-2017-17145
CONFIRM(link is external)
huawei -- huawei_smartphones
 
Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure. 2018-03-09 not yet calculated CVE-2017-17328
CONFIRM(link is external)
huawei -- huawei_smartphones
 
Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable. 2018-03-09 not yet calculated CVE-2017-17327
CONFIRM(link is external)
huawei -- ibmc
 
Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. 2018-03-09 not yet calculated CVE-2017-17323
CONFIRM(link is external)
huawei -- mate_10_smartphone
 
GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution. 2018-03-09 not yet calculated CVE-2017-17227
CONFIRM(link is external)
huawei -- mate_9_pro_smartphones
 
Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution. 2018-03-09 not yet calculated CVE-2017-17324
CONFIRM(link is external)
huawei -- mate_9_pro_smartphones
 
Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation. 2018-03-09 not yet calculated CVE-2017-17326
CONFIRM(link is external)
huawei -- mate_9_pro_smartphones
 
The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone. 2018-03-09 not yet calculated CVE-2017-17279
CONFIRM(link is external)
huawei -- mate_9_smartphones
 
Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak. 2018-03-05 not yet calculated CVE-2017-8165
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash. 2018-03-09 not yet calculated CVE-2017-17250
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak. 2018-03-05 not yet calculated CVE-2017-17139
CONFIRM(link is external)
huawei -- multiple_products
 
Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. 2018-03-09 not yet calculated CVE-2017-17150
CONFIRM(link is external)
huawei -- multiple_products
 
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service. 2018-03-05 not yet calculated CVE-2017-17137
CONFIRM(link is external)
huawei -- multiple_products
 
Backup feature of SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability when the module process a specific amount of state. The module cannot handle it causing SIP module DoS. 2018-03-05 not yet calculated CVE-2017-17144
CONFIRM(link is external)
huawei -- multiple_products
 
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service. 2018-03-05 not yet calculated CVE-2017-17135
CONFIRM(link is external)
huawei -- multiple_products
 
SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that the module cannot parse a malformed SIP message when validating variables. Attacker can exploit it to make one process reboot at random. 2018-03-05 not yet calculated CVE-2017-17143
CONFIRM(link is external)
huawei -- multiple_products
 
SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that attacker can exploit by sending a specially crafted SIP message leading to a process reboot at random. 2018-03-05 not yet calculated CVE-2017-17142
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak. 2018-03-05 not yet calculated CVE-2017-17140
CONFIRM(link is external)
huawei -- multiple_products
 
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service. 2018-03-05 not yet calculated CVE-2017-17136
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking of adequate input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS). 2018-03-09 not yet calculated CVE-2017-15323
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products. 2018-03-05 not yet calculated CVE-2017-17141
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart. 2018-03-09 not yet calculated CVE-2016-8786
CONFIRM(link is external)
BID(link is external)
huawei -- multiple_products
 
Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage. 2018-03-09 not yet calculated CVE-2016-8785
CONFIRM(link is external)
BID(link is external)
huawei -- multiple_products
 
Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally. 2018-03-09 not yet calculated CVE-2017-15315
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. 2018-03-09 not yet calculated CVE-2017-15314
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service. 2018-03-05 not yet calculated CVE-2017-17132
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system. 2018-03-05 not yet calculated CVE-2017-17131
CONFIRM(link is external)
huawei -- multiple_products
 
XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks. 2018-03-05 not yet calculated CVE-2017-17134
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei VP9660 V500R002C10 has a null pointer reference vulnerability in license module due to insufficient verification. An authenticated local attacker could place a malicious license file into system which cause memory null pointer accessing and related processing crash. The attacker can exploit this vulnerability to cause a denial of service. 2018-03-05 not yet calculated CVE-2017-17133
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. 2018-03-09 not yet calculated CVE-2017-17330
CONFIRM(link is external)
huawei -- multiple_products
 
Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. 2018-03-09 not yet calculated CVE-2017-17221
CONFIRM(link is external)
huawei -- multiple_products
 
SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. 2018-03-09 not yet calculated CVE-2017-17220
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. 2018-03-09 not yet calculated CVE-2017-17223
CONFIRM(link is external)
huawei -- multiple_products
 
SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak. 2018-03-09 not yet calculated CVE-2017-17281
CONFIRM(link is external)
huawei -- multiple_products
 
SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. 2018-03-09 not yet calculated CVE-2017-17219
CONFIRM(link is external)
huawei -- multiple_products
 
Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. 2018-03-09 not yet calculated CVE-2017-17222
CONFIRM(link is external)
huawei -- multiple_products
 
The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. 2018-03-09 not yet calculated CVE-2017-17304
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE30 V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE60 V100R001C10; V100R001C10B001; V100R001C10B002; V100R001C10B010; V100R001C10B011; V100R001C10B012; V100R001C10B013; V100R001C10B014; V100R001C10B016; V100R001C10B017; V100R001C10B018; V100R001C10B019; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800B011; V100R001C10SPC900; V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V500R002C00SPCe00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300 use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could allow the attacker to get the information and cause the sensitive information disclosure. 2018-03-09 not yet calculated CVE-2017-17303
CONFIRM(link is external)
huawei -- multiple_products
 
SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has a buffer overflow vulnerability. An attacker has to find a way to send malformed packets to the affected products repeatedly. Due to insufficient input validation, successful exploit may cause some service abnormal. 2018-03-09 not yet calculated CVE-2017-17282
CONFIRM(link is external)
huawei -- multiple_products
 
PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service. 2018-03-05 not yet calculated CVE-2017-17138
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable. 2018-03-09 not yet calculated CVE-2017-17200
CONFIRM(link is external)
huawei -- multiple_products
 
The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. 2018-03-09 not yet calculated CVE-2017-17169
CONFIRM(link is external)
huawei -- multiple_products
 
SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. 2018-03-09 not yet calculated CVE-2017-17218
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable. 2018-03-09 not yet calculated CVE-2017-17199
CONFIRM(link is external)
huawei -- multiple_products
 
Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. 2018-03-09 not yet calculated CVE-2017-17167
CONFIRM(link is external)
huawei -- multiple_products
 
The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. 2018-03-09 not yet calculated CVE-2017-17170
CONFIRM(link is external)
huawei -- multiple_products
 
The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. 2018-03-09 not yet calculated CVE-2017-17168
CONFIRM(link is external)
huawei -- multiple_products
 
Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds write vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. 2018-03-09 not yet calculated CVE-2017-17217
CONFIRM(link is external)
huawei -- multiple_products
 
Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable. 2018-03-05 not yet calculated CVE-2017-8164
CONFIRM(link is external)
huawei -- multiple_products
 
Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may cause process reboot. 2018-03-09 not yet calculated CVE-2017-17216
CONFIRM(link is external)
huawei -- near_field_communication
 
NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak. 2018-03-09 not yet calculated CVE-2017-17280
CONFIRM(link is external)
huawei -- near_field_communication
 
The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system restart or arbitrary code execution. 2018-03-09 not yet calculated CVE-2017-17225
CONFIRM(link is external)
huawei -- tripadvisor_app
 
The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL. 2018-03-09 not yet calculated CVE-2017-17226
CONFIRM(link is external)
huawei -- viewpoint_8660
 
Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. 2018-03-09 not yet calculated CVE-2017-17329
CONFIRM(link is external)
ibm -- application_performance_management-response_time_monitoring_agent
 
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. 2018-03-08 not yet calculated CVE-2018-1442
CONFIRM(link is external)
XF(link is external)
ibm -- application_performance_management_for_monitoring_and_diagnostics
 
IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210. 2018-03-08 not yet calculated CVE-2018-1387
CONFIRM(link is external)
XF(link is external)
ibm -- financial_transaction_manager
 
XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915. 2018-03-09 not yet calculated CVE-2016-0268
CONFIRM(link is external)
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. IBM X-Force ID: 111084. 2018-03-09 not yet calculated CVE-2016-0276
CONFIRM(link is external)
XF(link is external)
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. 2018-03-09 not yet calculated CVE-2016-0274
CONFIRM(link is external)
XF(link is external)
ibm -- financial_transaction_manager
 
Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052. 2018-03-09 not yet calculated CVE-2016-0272
CONFIRM(link is external)
XF(link is external)
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows local users to obtain sensitive information via vectors related to cacheable HTTPS responses. 2018-03-09 not yet calculated CVE-2016-0275
CONFIRM(link is external)
ibm -- financial_transaction_manager
 
Cross-site scripting (XSS) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110562. 2018-03-09 not yet calculated CVE-2016-0253
CONFIRM(link is external)
XF(link is external)
ibm -- publishing_engine
 
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. 2018-03-02 not yet calculated CVE-2017-1787
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- pulse_for_qradar IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 133123. 2018-03-08 not yet calculated CVE-2017-1625
CONFIRM(link is external)
XF(link is external)
ibm -- security_access_manager_and_tivoli_federated_identity_manager An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754. 2018-03-08 not yet calculated CVE-2018-1443
CONFIRM(link is external)
CONFIRM(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
XF(link is external)
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. 2018-03-02 not yet calculated CVE-2018-1373
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- trivoli_business_service_manager
 
IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote authenticated users to obtain administrator passwords by leveraging unspecified privileges. BM X-Force ID: 111234. 2018-03-09 not yet calculated CVE-2016-0286
CONFIRM(link is external)
XF(link is external)
imanager -- imanager
 
Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins. 2018-03-05 not yet calculated CVE-2017-7427
CONFIRM(link is external)
CONFIRM(link is external)
index.php -- index.php
 
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. 2018-03-04 not yet calculated CVE-2018-7653
MISC(link is external)
invoiceplane -- invoiceplane
 
An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/view.php. 2018-03-05 not yet calculated CVE-2017-18217
MISC(link is external)
MISC(link is external)
jasper_project -- jasper
 
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. 2018-03-09 not yet calculated CVE-2016-9591
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
GENTOO
DEBIAN
jboss -- artemis_and_hornetq
 
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. 2018-03-07 not yet calculated CVE-2017-12174
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
jboss -- resteasy
 
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. 2018-03-09 not yet calculated CVE-2016-9606
REDHAT(link is external)
REDHAT(link is external)
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
jease -- jease
 
Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. 2018-03-07 not yet calculated CVE-2014-8780
BUGTRAQ(link is external)
MISC(link is external)
joomla! -- joomla!
 
The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1. 2018-03-05 not yet calculated CVE-2018-7717
MISC(link is external)
jtrim -- jtrim
 
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-03-09 not yet calculated CVE-2018-0543
CONFIRM(link is external)
JVN(link is external)
jubatus -- jubatus
 
Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2018-03-09 not yet calculated CVE-2018-0525
MISC(link is external)
JVN(link is external)
jubatus -- jubatus
 
Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors. 2018-03-09 not yet calculated CVE-2018-0524
MISC(link is external)
JVN(link is external)
libgfortran -- libgfortran
 
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. 2018-03-07 not yet calculated CVE-2014-5044
MLIST(link is external)
MLIST(link is external)
CONFIRM(link is external)
XF(link is external)
MISC
libming -- libming
 
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. 2018-03-08 not yet calculated CVE-2018-7873
MISC
MISC(link is external)
libming -- libming
 
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. 2018-03-08 not yet calculated CVE-2018-7876
MISC
MISC(link is external)
libming -- libming
 
There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. 2018-03-08 not yet calculated CVE-2018-7875
MISC
MISC(link is external)
libming -- libming
 
An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-03-08 not yet calculated CVE-2018-7874
MISC
MISC(link is external)
libming -- libming
 
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack. 2018-03-08 not yet calculated CVE-2018-7877
MISC
MISC(link is external)
libming -- libming
 
An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-03-08 not yet calculated CVE-2018-7872
MISC
MISC(link is external)
libming -- libming
 
There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack. 2018-03-08 not yet calculated CVE-2018-7869
MISC
MISC(link is external)
libming -- libming
 
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. 2018-03-08 not yet calculated CVE-2018-7868
MISC
MISC(link is external)
libming -- libming
 
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack. 2018-03-08 not yet calculated CVE-2018-7867
MISC
MISC(link is external)
libming -- libming
 
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. 2018-03-08 not yet calculated CVE-2018-7871
MISC
MISC(link is external)
libming -- libming
 
A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-03-08 not yet calculated CVE-2018-7866
MISC
MISC(link is external)
libming -- libming
 
An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-03-08 not yet calculated CVE-2018-7870
MISC
MISC(link is external)
libvips -- libvips
 
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. 2018-03-09 not yet calculated CVE-2018-7998
MISC(link is external)
MISC(link is external)
linux -- linux_kernel
 
In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit. 2018-03-05 not yet calculated CVE-2017-18218
MISC
BID(link is external)
MISC(link is external)
linux -- linux_kernel
 
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). 2018-03-10 not yet calculated CVE-2018-8043
MISC
MISC(link is external)
linux -- linux_kernel
 
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. 2018-03-05 not yet calculated CVE-2017-18216
MISC
BID(link is external)
MISC(link is external)
linux -- linux_kernel
 
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. 2018-03-08 not yet calculated CVE-2018-7757
MISC
MISC(link is external)
linux -- linux_kernel
 
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. 2018-03-08 not yet calculated CVE-2018-7755
MISC
linux -- linux_kernel
 
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. 2018-03-09 not yet calculated CVE-2018-7995
MISC
MISC
linux -- linux_kernel
 
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. 2018-03-02 not yet calculated CVE-2018-1065
MISC
MISC(link is external)
MISC
SECTRACK(link is external)
MISC(link is external)
MISC(link is external)
linux -- linux_kernel
 
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings. 2018-03-08 not yet calculated CVE-2017-18222
MISC
MISC(link is external)
linux -- linux_kernel
 
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. 2018-03-07 not yet calculated CVE-2018-7740
BID(link is external)
CONFIRM
linux -- linux_kernel
 
The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls. 2018-03-07 not yet calculated CVE-2017-18221
MISC
MISC(link is external)
MISC
memcached -- memcached
 
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. 2018-03-05 not yet calculated CVE-2018-1000115
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
EXPLOIT-DB(link is external)
metinfo -- metinfo
 
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. 2018-03-07 not yet calculated CVE-2018-7721
MISC(link is external)
mingw-w64 -- mingw-w64
 
Mingw-w64 version 5.0.3 and earlier contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network. 2018-03-06 not yet calculated CVE-2018-1000101
MISC(link is external)
MISC(link is external)
MISC(link is external)
mit -- kerberos
 
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. 2018-03-06 not yet calculated CVE-2018-5729
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
FEDORA
FEDORA
mit -- kerberos
 
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. 2018-03-06 not yet calculated CVE-2018-5730
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
FEDORA
FEDORA
moxa -- oncell
 
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable. 2018-03-05 not yet calculated CVE-2018-5453
MISC
moxa -- oncell
 
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. 2018-03-05 not yet calculated CVE-2018-5455
MISC
moxa -- oncell
 
A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack. 2018-03-05 not yet calculated CVE-2018-5449
MISC
myshenin -- aws-lambda-multipart-parser_npm_package
 
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. 2018-03-04 not yet calculated CVE-2018-7560
MISC(link is external)
net-snmp -- net-snmp
 
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. 2018-03-07 not yet calculated CVE-2018-1000116
CONFIRM(link is external)
netapp -- snapcenter
 
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation. 2018-03-06 not yet calculated CVE-2017-15519
CONFIRM(link is external)
netiq -- privileged_account_manager
 
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. 2018-03-05 not yet calculated CVE-2017-7437
CONFIRM(link is external)
CONFIRM(link is external)
netiq -- sentinel
 
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. 2018-03-07 not yet calculated CVE-2018-7675
CONFIRM(link is external)
node.js -- node.js
 
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. 2018-03-04 not yet calculated CVE-2017-18214
CONFIRM(link is external)
CONFIRM(link is external)
node.js -- node.js
 
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. 2018-03-03 not yet calculated CVE-2018-7651
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
ntp -- ntp
 
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. 2018-03-08 not yet calculated CVE-2018-7183
CONFIRM
CONFIRM
FREEBSD
ntp -- ntp
 
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. 2018-03-06 not yet calculated CVE-2018-7184
MISC(link is external)
CONFIRM
BUGTRAQ(link is external)
BID(link is external)
FREEBSD
ntp -- ntp
 
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. 2018-03-06 not yet calculated CVE-2018-7170
MISC(link is external)
CONFIRM
BUGTRAQ(link is external)
BID(link is external)
MISC(link is external)
FREEBSD
ntp -- ntp
 
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. 2018-03-06 not yet calculated CVE-2018-7182
MISC(link is external)
CONFIRM
BUGTRAQ(link is external)
BID(link is external)
FREEBSD
ntp -- ntp
 
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. 2018-03-06 not yet calculated CVE-2018-7185
MISC(link is external)
CONFIRM
BUGTRAQ(link is external)
BID(link is external)
FREEBSD
nvidia -- driver
 
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980. 2018-03-06 not yet calculated CVE-2017-6280
CONFIRM(link is external)
nvidia -- security_engine
 
NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high. 2018-03-06 not yet calculated CVE-2017-6283
CONFIRM(link is external)
nvidia -- security_engine
 
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. 2018-03-06 not yet calculated CVE-2017-6284
CONFIRM(link is external)
nvidia -- tegra_kernel_driver
 
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high. 2018-03-06 not yet calculated CVE-2017-6282
CONFIRM(link is external)
nvidia -- trustzone_software
 
NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. 2018-03-06 not yet calculated CVE-2017-6296
CONFIRM(link is external)
nvidia -- trustzone_software
 
NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high. 2018-03-06 not yet calculated CVE-2017-6295
CONFIRM(link is external)
opencv -- opencv
 
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. 2018-03-05 not yet calculated CVE-2018-7712
MISC(link is external)
opencv -- opencv
 
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. 2018-03-05 not yet calculated CVE-2018-7713
MISC(link is external)
opencv -- opencv
 
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. 2018-03-05 not yet calculated CVE-2018-7714
MISC(link is external)
ovirt -- ovirt
 
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. 2018-03-06 not yet calculated CVE-2018-1062
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM
pam -- pam
 
PAM exposure enabling unauthenticated access to remote host 2018-03-06 not yet calculated CVE-2018-1343
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
papenmeier -- wifi_baby_monitor
 
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257. 2018-03-04 not yet calculated CVE-2018-7661
MISC(link is external)
EXPLOIT-DB(link is external)
phpscriptsmall.com -- hot_scripts_clone:script_classified
 
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878. 2018-03-06 not yet calculated CVE-2018-7650
MISC(link is external)
piwigo -- piwigo
 
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible. 2018-03-06 not yet calculated CVE-2018-7722
MISC(link is external)
piwigo -- piwigo
 
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible. 2018-03-06 not yet calculated CVE-2018-7724
MISC(link is external)
piwigo -- piwigo
 
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible. 2018-03-06 not yet calculated CVE-2018-7723
MISC(link is external)
podofo -- podofo
 
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. 2018-03-09 not yet calculated CVE-2018-8002
MISC(link is external)
podofo -- podofo
 
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file. 2018-03-09 not yet calculated CVE-2018-8000
MISC(link is external)
podofo -- podofo
 
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. 2018-03-09 not yet calculated CVE-2018-8001
MISC(link is external)
polycom -- qdx_6000_devices
 
CSRF exists on Polycom QDX 6000 devices. 2018-03-07 not yet calculated CVE-2018-7565
CONFIRM(link is external)
polycom -- qdx_6000_devices
 
Stored XSS exists on Polycom QDX 6000 devices. 2018-03-07 not yet calculated CVE-2018-7564
CONFIRM(link is external)
postgresql -- postgresql
 
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. 2018-03-02 not yet calculated CVE-2018-1058
BID(link is external)
CONFIRM(link is external)
CONFIRM
privatevpn_for_macos -- privatevpn_for_macos
 
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the path string from the corresponding XPC message. This string is supposed to point to PrivateVPN's internal openvpn binary. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the path string pointing at a binary that he or she controls. This results in the execution of arbitrary code as the root user. 2018-03-05 not yet calculated CVE-2018-7715
MISC(link is external)
privatevpn_for_macos -- privatevpn_for_macos
 
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the config string from the corresponding XPC message. This string is supposed to point to an internal OpenVPN configuration file. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the config string pointing at an OpenVPN configuration file that he or she controls. In the configuration file, an attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the root user. 2018-03-05 not yet calculated CVE-2018-7716
MISC(link is external)
projectsend -- projectsend
 
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php. 2018-03-06 not yet calculated CVE-2017-9786
CONFIRM(link is external)
projectsend -- projectsend
 
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated. 2018-03-06 not yet calculated CVE-2017-9783
CONFIRM(link is external)
CONFIRM(link is external)
python -- software_foundation_cpython
 
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. 2018-03-07 not yet calculated CVE-2018-1000117
CONFIRM
CONFIRM(link is external)
qnap -- nas
 
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections. 2018-03-08 not yet calculated CVE-2017-7641
CONFIRM(link is external)
qnap -- nas
 
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS. 2018-03-08 not yet calculated CVE-2017-7638
CONFIRM(link is external)
qnap -- nas
 
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges. 2018-03-08 not yet calculated CVE-2017-7640
CONFIRM(link is external)
qnap -- nas
 
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page. 2018-03-08 not yet calculated CVE-2017-7634
CONFIRM(link is external)
qnap -- qfinder_pro
 
QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device. 2018-03-05 not yet calculated CVE-2017-7633
CONFIRM(link is external)
rapid_scada -- rapid_scada
 
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. 2018-03-08 not yet calculated CVE-2018-5313
MISC(link is external)
FULLDISC
red_hat -- jboss_enterprise_application_platform
 
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. 2018-03-09 not yet calculated CVE-2016-9585
BID(link is external)
CONFIRM(link is external)
red_hat -- openshift_enterprise
 
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. 2018-03-09 not yet calculated CVE-2018-1069
CONFIRM(link is external)
samsung -- display_solutions_app_for_android
 
Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. 2018-03-06 not yet calculated CVE-2018-6019
MISC(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'. 2018-03-09 not yet calculated CVE-2018-7231
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. 2018-03-09 not yet calculated CVE-2018-7230
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate. 2018-03-09 not yet calculated CVE-2018-7234
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. 2018-03-09 not yet calculated CVE-2018-7229
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file' 2018-03-09 not yet calculated CVE-2018-7237
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. 2018-03-09 not yet calculated CVE-2018-7236
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. 2018-03-09 not yet calculated CVE-2018-7227
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'. 2018-03-09 not yet calculated CVE-2018-7233
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code. 2018-03-09 not yet calculated CVE-2018-7238
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file' 2018-03-09 not yet calculated CVE-2018-7235
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. 2018-03-09 not yet calculated CVE-2018-7239
BID(link is external)
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges. 2018-03-09 not yet calculated CVE-2018-7228
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional
 
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'. 2018-03-09 not yet calculated CVE-2018-7232
CONFIRM(link is external)
segger -- embos/ip_ftp_server
 
SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. 2018-03-03 not yet calculated CVE-2018-7449
EXPLOIT-DB(link is external)
segment.cpp-- segment.cpp In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. 2018-03-09 not yet calculated CVE-2018-7999
MISC(link is external)
MISC(link is external)
siemens -- multiple_products
 
A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77), SIPROTEC Compact 7SJ66 (All versions < V4.30), Other SIPROTEC Compact relays (All versions), Other SIPROTEC 4 relays (All versions). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. 2018-03-08 not yet calculated CVE-2018-4839
CONFIRM(link is external)
siemens -- multiple_products
 
A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords. 2018-03-08 not yet calculated CVE-2018-4840
CONFIRM(link is external)
siemens -- multiple_products
 
A vulnerability has been identified in Siemens EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. 2018-03-08 not yet calculated CVE-2018-4838
CONFIRM(link is external)
simple_desktop_dispay_manager -- simple_desktop_dispay_manager
 
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). 2018-03-08 not yet calculated CVE-2014-7272
FEDORA
FEDORA
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
simple_desktop_dispay_manager -- simple_desktop_dispay_manager
 
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. 2018-03-08 not yet calculated CVE-2014-7271
FEDORA
FEDORA
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
XF(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
simplesamlphp -- simplesamlphp
 
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue. 2018-03-05 not yet calculated CVE-2018-7644
CONFIRM
simplesamlphp -- simplesamlphp
 
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value. 2018-03-05 not yet calculated CVE-2018-7711
CONFIRM(link is external)
CONFIRM
sinatra -- rack-protection
 
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0. 2018-03-07 not yet calculated CVE-2018-1000119
CONFIRM(link is external)
CONFIRM(link is external)
so -- wifi_hotspot_web_interface
 
Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. 2018-03-07 not yet calculated CVE-2018-7473
MISC(link is external)
softing -- softing_fg-100_Pb
 
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. 2018-03-09 not yet calculated CVE-2014-6617
MISC(link is external)
BUGTRAQ(link is external)
BID(link is external)
XF(link is external)
MISC(link is external)
testlink -- testlink
 
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. 2018-03-05 not yet calculated CVE-2018-7668
MISC(link is external)
thycotic -- secret_server
 
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. 2018-03-09 not yet calculated CVE-2014-4861
CONFIRM(link is external)
tiki -- tiki
 
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. 2018-03-09 not yet calculated CVE-2018-7290
MLIST(link is external)
CONFIRM(link is external)
tor -- tor
 
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list. 2018-03-05 not yet calculated CVE-2018-0491
CONFIRM
CONFIRM
CONFIRM
tor -- tor
 
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. 2018-03-05 not yet calculated CVE-2018-0490
CONFIRM
CONFIRM
util-linux -- util-linux
 
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. 2018-03-06 not yet calculated CVE-2018-7738
MISC
MISC(link is external)
MISC(link is external)
voten.co -- voten.co
 
An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript. 2018-03-05 not yet calculated CVE-2018-7663
MISC(link is external)
MISC(link is external)
weblog -- expert_web_server_enterprise
 
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991. 2018-03-09 not yet calculated CVE-2018-7582
MISC
MISC(link is external)
weblog -- expert_web_server_enterprise
 
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin. 2018-03-09 not yet calculated CVE-2018-7581
MISC
MISC(link is external)
western_bridge -- cobub_razor
 
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin. 2018-03-07 not yet calculated CVE-2018-7746
MISC(link is external)
western_bridge -- cobub_razor
 
A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. 2018-03-07 not yet calculated CVE-2018-7720
MISC(link is external)
western_bridge -- cobub_razor
 
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation. 2018-03-07 not yet calculated CVE-2018-7745
MISC(link is external)
winshot -- winshot
 
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-03-09 not yet calculated CVE-2018-0544
MISC(link is external)
JVN(link is external)
wordpress -- wordpress
 
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-09 not yet calculated CVE-2018-0546
JVN(link is external)
CONFIRM
CONFIRM
wordpress -- wordpress
 
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-09 not yet calculated CVE-2018-0547
JVN(link is external)
CONFIRM
CONFIRM
wordpress -- wordpress
 
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. 2018-03-07 not yet calculated CVE-2018-7204
CONFIRM
CONFIRM
MISC(link is external)
wowza_media_systems -- wowza_streaming_engine
 
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request. 2018-03-05 not yet calculated CVE-2017-16922
CONFIRM(link is external)
xv -- xv
 
xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. 2018-03-05 not yet calculated CVE-2017-18215
MISC(link is external)
MISC(link is external)
MISC
yxtcmf -- yxtcmf
 
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html. 2018-03-06 not yet calculated CVE-2018-7732
MISC(link is external)
yxtcmf -- yxtcmf
 
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html. 2018-03-06 not yet calculated CVE-2018-7733
MISC(link is external)
z-blogphp -- z-blogphp
 
In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. 2018-03-06 not yet calculated CVE-2018-7736
MISC(link is external)
z-blogphp -- z-blogphp
 
In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. 2018-03-06 not yet calculated CVE-2018-7737
MISC(link is external)
zoho -- manageengine_applications_manager
 
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager 13.5. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection. 2018-03-08 not yet calculated CVE-2018-7890
MISC(link is external)
MISC(link is external)
zonemaster -- web_gui
 
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. 2018-03-03 not yet calculated CVE-2018-7652
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
zsh -- zsh
 
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. 2018-03-09 not yet calculated CVE-2018-1071
CONFIRM(link is external)
zziplib -- zziplib
 
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. 2018-03-06 not yet calculated CVE-2018-7727
MISC(link is external)
zziplib -- zziplib
 
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. 2018-03-06 not yet calculated CVE-2018-7725
MISC(link is external)
zziplib -- zziplib
 
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. 2018-03-06 not yet calculated CVE-2018-7726
MISC