본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-085)] 2018년 3월 19일까지 발표된 보안 취약점

by manga0713 2018. 3. 27.

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-085)] 2018년 3월 19일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. 2018-03-20 not yet calculated CVE-2018-8873
MISC(link is external)
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018. 2018-03-18 not yet calculated CVE-2018-8765
MISC(link is external)
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044. 2018-03-22 not yet calculated CVE-2018-8896
MISC(link is external)
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054. 2018-03-20 not yet calculated CVE-2018-8874
MISC(link is external)
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c. 2018-03-20 not yet calculated CVE-2018-8875
MISC(link is external)
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. 2018-03-22 not yet calculated CVE-2018-8895
MISC(link is external)
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108. 2018-03-22 not yet calculated CVE-2018-8894
MISC(link is external)
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098. 2018-03-20 not yet calculated CVE-2018-8876
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. 2018-03-24 not yet calculated CVE-2018-8998
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. 2018-03-24 not yet calculated CVE-2018-8999
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. 2018-03-24 not yet calculated CVE-2018-9000
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. 2018-03-24 not yet calculated CVE-2018-9005
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. 2018-03-24 not yet calculated CVE-2018-9006
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. 2018-03-24 not yet calculated CVE-2018-9007
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. 2018-03-24 not yet calculated CVE-2018-9001
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. 2018-03-24 not yet calculated CVE-2018-9004
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. 2018-03-24 not yet calculated CVE-2018-9002
MISC(link is external)
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. 2018-03-24 not yet calculated CVE-2018-9003
MISC(link is external)
ajaxdiscussion.php -- ajaxdiscussion.php
 
I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. 2018-03-23 not yet calculated CVE-2018-1000141
MISC(link is external)
alkacon -- opencms
 
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. 2018-03-20 not yet calculated CVE-2018-8811
MISC(link is external)
alkacon -- opencms
 
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. 2018-03-20 not yet calculated CVE-2018-8815
MISC(link is external)
amd -- epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips
 
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. 2018-03-22 not yet calculated CVE-2018-8936
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
amd -- epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips
 
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. 2018-03-22 not yet calculated CVE-2018-8930
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
amd -- epyc_server_processor_chips
 
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. 2018-03-22 not yet calculated CVE-2018-8933
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
amd -- ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. 2018-03-22 not yet calculated CVE-2018-8931
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
amd -- ryzen_and_ryzen_pro_processor_chips
 
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. 2018-03-22 not yet calculated CVE-2018-8932
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
amd -- ryzen_and_ryzen_pro_processor_chips
 
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. 2018-03-22 not yet calculated CVE-2018-8935
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
amd -- ryzen_and_ryzen_pro_processor_chips
 
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. 2018-03-22 not yet calculated CVE-2018-8934
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
apache -- apache_commons_components
 
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package. 2018-03-16 not yet calculated CVE-2018-1324
BID(link is external)
SECTRACK(link is external)
MLIST
apache -- commons-email
 
If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String). 2018-03-20 not yet calculated CVE-2018-1294
MLIST
apache -- syncope
 
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can recover sensitive security values using the fiql and orderby parameters. 2018-03-20 not yet calculated CVE-2018-1322
MISC
apache -- syncope
 
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution. 2018-03-20 not yet calculated CVE-2018-1321
MISC

atlassian -- bitbucket_server


 
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. 2018-03-22 not yet calculated CVE-2018-5225
BID(link is external)
CONFIRM(link is external)
atlassian -- fisheye_and_crucible
 
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. 2018-03-22 not yet calculated CVE-2017-18094
CONFIRM(link is external)
CONFIRM(link is external)
authentikat-jwt -- authentikat-jwt
 
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests. 2018-03-17 not yet calculated CVE-2017-18239
MISC(link is external)
MISC(link is external)
MISC(link is external)
beckhoff -- twincat
 
Kernal drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. 2018-03-23 not yet calculated CVE-2018-7502
BID(link is external)
MISC(link is external)
MISC
bmc_remedy -- action_request_system
 
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. 2018-03-24 not yet calculated CVE-2015-9257
CONFIRM(link is external)
bose -- soundtouch_devices
 
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora. 2018-03-24 not yet calculated CVE-2017-17749
MISC(link is external)
bose -- soundtouch_devices
 
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify. 2018-03-24 not yet calculated CVE-2017-17750
MISC(link is external)
bose -- soundtouch_devices
 
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol. 2018-03-24 not yet calculated CVE-2017-17751
MISC(link is external)
bylancer -- bookme_control_panel
 
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser. 2018-03-17 not yet calculated CVE-2018-8737
MISC(link is external)
cloud_controller -- cloud_controller
 
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication. 2018-03-19 not yet calculated CVE-2018-1195
CONFIRM
cloud_foundry_foundation -- garden
 
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet. 2018-03-19 not yet calculated CVE-2015-5350
CONFIRM(link is external)
cloud_foundry_foundation -- gorouter
 
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service. 2018-03-19 not yet calculated CVE-2018-1221
CONFIRM
cloud_foundry_foundation -- windows_stemcells
 
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials. 2018-03-19 not yet calculated CVE-2018-1197
CONFIRM
core_ftp_server -- core_ftp_server
 
Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry. 2018-03-20 not yet calculated CVE-2014-1215
BUGTRAQ(link is external)
MISC(link is external)
covercms -- covercms
 
CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. 2018-03-23 not yet calculated CVE-2018-8957
MISC(link is external)
MISC(link is external)
MISC(link is external)
creditwest_bank -- cms_project
 
Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. 2018-03-24 not yet calculated CVE-2018-8972
MISC(link is external)
dell -- storage_manager
 
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. 2018-03-16 not yet calculated CVE-2017-14384
CONFIRM(link is external)
BID(link is external)
dell_emc -- idrac
 
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. 2018-03-23 not yet calculated CVE-2018-1211
MISC(link is external)
dell_emc -- idrac
 
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. 2018-03-23 not yet calculated CVE-2018-1207
MISC(link is external)
MISC(link is external)
dell_emc -- networker
 
In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems. 2018-03-19 not yet calculated CVE-2018-1218
FULLDISC
SECTRACK(link is external)
dsmall -- dsmall
 
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. 2018-03-22 not yet calculated CVE-2018-8906
MISC(link is external)
dtisqlinstaller.exe -- dtisqlinstaller.exe
 
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa. 2018-03-19 not yet calculated CVE-2018-5551
MISC(link is external)
dtisqlinstaller.exe -- dtisqlinstaller.exe
 
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper". 2018-03-19 not yet calculated CVE-2018-5552
MISC(link is external)
eaton -- elcsoft
 
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. 2018-03-20 not yet calculated CVE-2018-7511
CONFIRM(link is external)
BID(link is external)
MISC
electron -- electron
 
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4. 2018-03-23 not yet calculated CVE-2018-1000136
MISC
elfutils -- elfutils
 
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. 2018-03-18 not yet calculated CVE-2018-8769
CONFIRM
emc -- data_protection_advisor
 
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges). 2018-03-16 not yet calculated CVE-2017-8013
FULLDISC
BID(link is external)
SECTRACK(link is external)
enhavo -- enhavo
 
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. 2018-03-20 not yet calculated CVE-2018-8832
MISC(link is external)
exiv2 -- exiv2
 
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. 2018-03-24 not yet calculated CVE-2018-8977
MISC(link is external)
exiv2 -- exiv2
 
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. 2018-03-24 not yet calculated CVE-2018-8976
MISC(link is external)
f5 -- big-ip
 
In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1. 2018-03-22 not yet calculated CVE-2018-5504
SECTRACK(link is external)
CONFIRM(link is external)
f5 -- big-ip
 
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. 2018-03-22 not yet calculated CVE-2018-5502
SECTRACK(link is external)
CONFIRM(link is external)
f5 -- big-ip
 
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack. 2018-03-19 not yet calculated CVE-2014-4024
XF(link is external)
CONFIRM(link is external)
f5 -- big-ip
 
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. 2018-03-22 not yet calculated CVE-2018-5509
SECTRACK(link is external)
CONFIRM(link is external)
f5 -- big-ip
 
On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. 2018-03-22 not yet calculated CVE-2018-5505
SECTRACK(link is external)
CONFIRM(link is external)
f5 -- big-ip
 
On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. 2018-03-22 not yet calculated CVE-2018-5503
SECTRACK(link is external)
CONFIRM(link is external)
flafla -- arsenol
 
Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0534
JVN(link is external)
flafla -- arsenol
 
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi. 2018-03-22 not yet calculated CVE-2018-0536
JVN(link is external)
fortinet -- fortiweb
 
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 and above under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. A fix is scheduled in upcoming FortiWeb v6.1.0. 2018-03-20 not yet calculated CVE-2017-14191
BID(link is external)
CONFIRM(link is external)
frog_cms -- frog_cms
 
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. 2018-03-22 not yet calculated CVE-2014-4912
EXPLOIT-DB(link is external)
functions.php -- functions.php
 
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. 2018-03-23 not yet calculated CVE-2018-1000138
MISC(link is external)
MISC(link is external)
general_electric -- centricity_pacs_ra1000_devices
 
GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14008
BID(link is external)
MISC
general_electric -- gemnet_license_server
 
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14004
MISC
general_electric -- infinia_and_infinia_with_hawkeye_4_medical_imaging_systems
 
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14002
BID(link is external)
MISC
general_electric -- xeleris_medical_imaging_systems
 
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14006
MISC
gentoo -- collectd
 
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped). 2018-03-18 not yet calculated CVE-2017-18240
BID(link is external)
CONFIRM
GENTOO
geutebruck -- ip_cameras Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. 2018-03-22 not yet calculated CVE-2018-7532
BID(link is external)
MISC
geutebruck -- ip_cameras
 
A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. 2018-03-22 not yet calculated CVE-2018-7516
BID(link is external)
MISC
geutebruck -- ip_cameras
 
A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. 2018-03-22 not yet calculated CVE-2018-7524
BID(link is external)
MISC
geutebruck -- ip_cameras
 
An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. 2018-03-22 not yet calculated CVE-2018-7520
BID(link is external)
MISC
geutebruck -- ip_cameras
 
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. 2018-03-22 not yet calculated CVE-2018-7528
BID(link is external)
MISC
geutebruck -- ip_cameras
 
A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. 2018-03-22 not yet calculated CVE-2018-7512
BID(link is external)
MISC
gitlab -- community_and_enterprise_editions
 
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. 2018-03-21 not yet calculated CVE-2018-3710
CONFIRM(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
DEBIAN
gitlab -- community_and_enterprise_editions
 
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. 2018-03-21 not yet calculated CVE-2017-0914
CONFIRM(link is external)
MISC(link is external)
gitlab -- community_and_enterprise_editions
 
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. 2018-03-22 not yet calculated CVE-2017-0920
CONFIRM(link is external)
MISC(link is external)
gitlab -- community_edition
 
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting. 2018-03-21 not yet calculated CVE-2017-0924
CONFIRM(link is external)
MISC(link is external)
gitlab -- community_edition
 
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. 2018-03-21 not yet calculated CVE-2017-0915
CONFIRM(link is external)
MISC(link is external)
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. 2018-03-21 not yet calculated CVE-2017-0917
CONFIRM(link is external)
MISC(link is external)
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. 2018-03-21 not yet calculated CVE-2017-0926
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. 2018-03-21 not yet calculated CVE-2017-0918
CONFIRM(link is external)
MISC(link is external)
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. 2018-03-21 not yet calculated CVE-2017-0927
CONFIRM(link is external)
CONFIRM(link is external)
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. 2018-03-21 not yet calculated CVE-2017-0916
CONFIRM(link is external)
MISC(link is external)
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting. 2018-03-21 not yet calculated CVE-2017-0923
CONFIRM(link is external)
MISC(link is external)
gitlab -- enterprise_edition
 
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. 2018-03-21 not yet calculated CVE-2017-0925
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
gitlab -- enterprise_edition
 
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. 2018-03-21 not yet calculated CVE-2017-0922
CONFIRM(link is external)
MISC(link is external)
gitlab -- gitlab
 
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. 2018-03-24 not yet calculated CVE-2018-8971
MISC(link is external)
gnome -- networkmanager
 
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. 2018-03-20 not yet calculated CVE-2018-1000135
BID(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
gnu -- binutils
 
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. 2018-03-22 not yet calculated CVE-2018-8945
MISC
wire.com -- wire_application_for_android
 
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. 2018-03-22 not yet calculated CVE-2018-8909
MISC(link is external)
grav_cms -- grav_cms
 
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. 2018-03-19 not yet calculated CVE-2018-5233
MLIST(link is external)
MISC(link is external)
gundam_cult_qqq -- qqq_systems
 
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi. 2018-03-22 not yet calculated CVE-2018-0537
JVN(link is external)
gundam_cult_qqq -- qqq_systems
 
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0538
JVN(link is external)
gundam_cult_qqq -- qqq_systems
 
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0539
JVN(link is external)
heimdal_security -- heimdal_pro_and_heimdal_free_and_heimdal_corp
 
A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. 2018-03-22 not yet calculated CVE-2018-5349
MISC(link is external)
heimdal_security -- heimdal_pro
 
An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerablity is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. 2018-03-22 not yet calculated CVE-2018-5731
MISC(link is external)
hisayuki_nomura -- tiny_ftp_daemon
 
Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0541
JVN(link is external)
huawei -- fusionsphere_openstack
 
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. 2018-03-20 not yet calculated CVE-2017-8187
CONFIRM(link is external)
huawei -- hg532
 
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. 2018-03-20 not yet calculated CVE-2017-17215
CONFIRM(link is external)
BID(link is external)
huawei -- iptv_stb
 
Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free. 2018-03-20 not yet calculated CVE-2017-8176
MISC(link is external)
CONFIRM(link is external)
huawei -- mate_9_pro_smartphones
 
Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. 2018-03-20 not yet calculated CVE-2017-17320
CONFIRM(link is external)
huawei -- multiple_devices
 
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. 2018-03-23 not yet calculated CVE-2017-15326
CONFIRM(link is external)
huawei -- multiple_smartphones
 
Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal. 2018-03-20 not yet calculated CVE-2017-17306
CONFIRM(link is external)
huawei -- p9_smartphones
 
Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure. 2018-03-20 not yet calculated CVE-2017-17319
CONFIRM(link is external)
huawei -- smartphones_with_vns-l21autc555b141_software
 
Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal. 2018-03-20 not yet calculated CVE-2017-17307
CONFIRM(link is external)
ibm -- data_server_driver_for_jdbc_and_sqlj
 
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999. 2018-03-22 not yet calculated CVE-2017-1677
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043. 2018-03-22 not yet calculated CVE-2018-1448
CONFIRM(link is external)
MISC(link is external)
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853. 2018-03-22 not yet calculated CVE-2017-1571
CONFIRM(link is external)
MISC(link is external)
ibm -- gskit
 
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072. 2018-03-22 not yet calculated CVE-2018-1427
CONFIRM(link is external)
MISC(link is external)
ibm -- gskit
 
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073. 2018-03-22 not yet calculated CVE-2018-1428
CONFIRM(link is external)
MISC(link is external)
ibm -- gskit
 
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071. 2018-03-22 not yet calculated CVE-2018-1426
CONFIRM(link is external)
MISC(link is external)
ibm -- ibm_connections
 
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354. 2018-03-20 not yet calculated CVE-2015-7458
CONFIRM(link is external)
XF(link is external)
ibm -- ibm_connections
 
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355. 2018-03-20 not yet calculated CVE-2015-7459
CONFIRM(link is external)
XF(link is external)
ibm -- ibm_connections
 
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356. 2018-03-20 not yet calculated CVE-2015-7460
CONFIRM(link is external)
XF(link is external)
ibm -- ibm_connections
 
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. 2018-03-20 not yet calculated CVE-2015-7461
CONFIRM(link is external)
XF(link is external)
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379. 2018-03-23 not yet calculated CVE-2017-1655
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006. 2018-03-23 not yet calculated CVE-2017-1762
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127. 2018-03-23 not yet calculated CVE-2017-1629
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970. 2018-03-23 not yet calculated CVE-2017-1524
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- ibm_jazz_foundation
 
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221. 2018-03-20 not yet calculated CVE-2015-7449
CONFIRM(link is external)
XF(link is external)
ibm -- mq_appliance
 
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. 2018-03-23 not yet calculated CVE-2018-1429
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- predictive_solutions_foundation
 
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619. 2018-03-22 not yet calculated CVE-2016-9711
CONFIRM(link is external)
MISC(link is external)
ibm -- rational_collaborative_lifecycle_management
 
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625. 2018-03-23 not yet calculated CVE-2017-1602
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- tivoli_monitoring_v6
 
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. 2018-03-22 not yet calculated CVE-2017-1789
CONFIRM(link is external)
MISC(link is external)
ibm -- websphere_application_server_9
 
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. 2018-03-22 not yet calculated CVE-2017-1788
CONFIRM(link is external)
MISC(link is external)
identityserver -- identityserver4
 
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. 2018-03-22 not yet calculated CVE-2018-8899
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. 2018-03-20 not yet calculated CVE-2018-8804
CONFIRM(link is external)
imagemagick -- imagemagick
 
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. 2018-03-23 not yet calculated CVE-2018-8960
MISC(link is external)
intel -- sgx_sdk
 
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information. 2018-03-20 not yet calculated CVE-2018-3626
BID(link is external)
CONFIRM(link is external)
intel -- software_guard_extensions_platform_software_component
 
An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator. 2018-03-20 not yet calculated CVE-2017-5736
BID(link is external)
CONFIRM(link is external)
invision_power_board -- invision_power_board
 
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. 2018-03-20 not yet calculated CVE-2014-4928
MISC(link is external)
jboss -- enterprise_application_platform_and_application_server The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed. 2018-03-19 not yet calculated CVE-2014-3626
CONFIRM(link is external)
joyent_smartos -- joyent_smartos
 
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106. 2018-03-19 not yet calculated CVE-2018-1171
CONFIRM(link is external)
MISC(link is external)
joyplus-cms -- joyplus-cms
 
joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. 2018-03-18 not yet calculated CVE-2018-8767
MISC(link is external)
joyplus-cms -- joyplus-cms
 
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. 2018-03-18 not yet calculated CVE-2018-8766
MISC(link is external)
jungo_connectivity -- driverwizard_windriver
 
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file. 2018-03-20 not yet calculated CVE-2018-8821
MISC(link is external)
jupyter_notebook -- jupyter_notebook
 
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. 2018-03-18 not yet calculated CVE-2018-8768
CONFIRM(link is external)
k_okada -- vix
 
Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-03-22 not yet calculated CVE-2018-0540
JVN(link is external)
kagaminokuni -- php_2chbbs
 
Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0535
JVN(link is external)
kamailio -- kamailio
 
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c. 2018-03-20 not yet calculated CVE-2018-8828
MISC(link is external)
MISC(link is external)
DEBIAN
kentico -- kentico
 
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. 2018-03-23 not yet calculated CVE-2017-17736
MISC(link is external)
kentico -- kentico
 
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. 2018-03-19 not yet calculated CVE-2018-6842
MISC(link is external)
kentico -- kentico
 
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. 2018-03-19 not yet calculated CVE-2018-6843
MISC(link is external)
libav -- libav
 
The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file. 2018-03-22 not yet calculated CVE-2017-18242
MISC
libav -- libav
 
The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file. 2018-03-23 not yet calculated CVE-2017-18245
MISC
libav -- libav
 
The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file. 2018-03-23 not yet calculated CVE-2017-18247
MISC
libav -- libav
 
The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply. 2018-03-22 not yet calculated CVE-2017-18244
MISC
libav -- libav
 
The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file. 2018-03-23 not yet calculated CVE-2017-18246
MISC
libav -- libav
 
The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file. 2018-03-22 not yet calculated CVE-2017-18243
MISC
libevt -- libevt
 
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. 2018-03-17 not yet calculated CVE-2018-8754
MISC(link is external)
libming -- libming
 
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. 2018-03-24 not yet calculated CVE-2018-9009
MISC(link is external)
libming -- libming
 
In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8961
MISC(link is external)
libming -- libming
 
In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8962
MISC(link is external)
libming -- libming
 
In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8964
MISC(link is external)
libming -- libming
 
In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-20 not yet calculated CVE-2018-8807
MISC(link is external)
libming -- libming
 
In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8963
MISC(link is external)
libming -- libming
 
In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file. 2018-03-20 not yet calculated CVE-2018-8806
MISC(link is external)
libressl -- libressl
 
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. 2018-03-24 not yet calculated CVE-2018-8970
MISC(link is external)
MISC
MISC(link is external)
libtiff -- libtiff
 
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. 2018-03-22 not yet calculated CVE-2018-8905
MISC
MISC(link is external)
linux -- linux_kernel
 
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. 2018-03-16 not yet calculated CVE-2018-1068
BID(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
MLIST(link is external)
MLIST(link is external)
linux -- linux_kernel
 
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. 2018-03-21 not yet calculated CVE-2017-18241
MISC
MISC(link is external)
linux -- linux_kernel
 
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. 2018-03-20 not yet calculated CVE-2018-8822
BID(link is external)
CONFIRM
lunarnight -- laboratory_webproxy
 
Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0542
JVN(link is external)
malwarebytes -- anti-malware_consumer_version
 
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. 2018-03-21 not yet calculated CVE-2016-10717
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
maradns -- maradns
 
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error. 2018-03-20 not yet calculated CVE-2014-2031
CONFIRM
MLIST(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
XF(link is external)
maradns -- maradns
 
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation. 2018-03-20 not yet calculated CVE-2014-2032
CONFIRM
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
XF(link is external)
meco -- usb_memory_stick_with_fingerprint_mecoziolsamde601_devices
 
An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint. 2018-03-22 not yet calculated CVE-2017-16242
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
micro_focus -- netiq_edirectory
 
Addresses denial of service attack to eDirectory versions prior to 9.1. 2018-03-21 not yet calculated CVE-2018-1346
BID(link is external)
CONFIRM(link is external)
micro_focus -- netiq_imanager
 
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. 2018-03-21 not yet calculated CVE-2018-1347
BID(link is external)
CONFIRM(link is external)
micro_focus -- netiq_imanager
 
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. 2018-03-21 not yet calculated CVE-2018-1345
CONFIRM(link is external)
micro_focus -- netiq_imanager
 
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 2018-03-21 not yet calculated CVE-2018-1344
CONFIRM(link is external)
mikrotik -- routeros_smb
 
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. 2018-03-19 not yet calculated CVE-2018-7445
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
misp -- misp
 
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. 2018-03-23 not yet calculated CVE-2018-8948
CONFIRM(link is external)
misp -- misp
 
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute. 2018-03-23 not yet calculated CVE-2018-8949
CONFIRM(link is external)
ncr -- s1_dispenser_controller
 
Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. 2018-03-20 not yet calculated CVE-2017-17668
CONFIRM(link is external)
ncr -- s2_dispenser_controller
 
Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. 2018-03-20 not yet calculated CVE-2018-5717
CONFIRM(link is external)
nessus -- nessus
 
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. 2018-03-20 not yet calculated CVE-2018-1141
SECTRACK(link is external)
CONFIRM(link is external)
netpbm -- netpbm
 
The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask. 2018-03-24 not yet calculated CVE-2018-8975
MISC(link is external)
netwide_assembler -- netwide_assembler
 
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. 2018-03-20 not yet calculated CVE-2018-8883
MISC(link is external)
netwide_assembler -- netwide_assembler
 
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. 2018-03-20 not yet calculated CVE-2018-8881
MISC(link is external)
netwide_assembler -- netwide_assembler
 
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. 2018-03-20 not yet calculated CVE-2018-8882
MISC(link is external)
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets. 2018-03-21 not yet calculated CVE-2018-7515
BID(link is external)
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. 2018-03-21 not yet calculated CVE-2018-7517
BID(link is external)
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. 2018-03-21 not yet calculated CVE-2018-7519
BID(link is external)
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. 2018-03-21 not yet calculated CVE-2018-7521
BID(link is external)
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. 2018-03-21 not yet calculated CVE-2018-7523
BID(link is external)
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. 2018-03-21 not yet calculated CVE-2018-7525
BID(link is external)
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. 2018-03-21 not yet calculated CVE-2018-7513
BID(link is external)
MISC
open_web_analytics -- open_web_analytics
 
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. 2018-03-20 not yet calculated CVE-2014-1457
CONFIRM(link is external)
BID(link is external)
XF(link is external)
MISC(link is external)
openbuildservice -- openbuildservice
 
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. 2018-03-20 not yet calculated CVE-2011-3178
CONFIRM(link is external)
CONFIRM(link is external)
opencart -- opencart
 
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. 2018-03-20 not yet calculated CVE-2014-3990
MISC(link is external)
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
opendaylight -- opendaylight
 
OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. 2018-03-16 not yet calculated CVE-2018-1078
MISC(link is external)
CONFIRM
openscape_development_service -- openscape_development_service
 
SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2018-03-19 not yet calculated CVE-2014-2652
CONFIRM(link is external)
opmantek -- open-audit_professional
 
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. 2018-03-22 not yet calculated CVE-2018-8903
MISC(link is external)
otcms -- otcms
 
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. 2018-03-24 not yet calculated CVE-2018-8973
MISC(link is external)
owncloud -- owncloud
 
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. 2018-03-20 not yet calculated CVE-2014-1665
MISC(link is external)
BID(link is external)
XF(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
philips -- intellispace_cardiovascular_application
 
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information. 2018-03-20 not yet calculated CVE-2018-5438
BID(link is external)
MISC
CONFIRM(link is external)
phpok -- phpok
 
PHPOK 4.8.338 has an arbitrary file upload vulnerability. 2018-03-22 not yet calculated CVE-2018-8944
MISC
phpshe -- phpshe
 
There is a SQL injection in the PHPSHE 1.6 userbank parameter. 2018-03-22 not yet calculated CVE-2018-8943
MISC
pivotal -- gemfire
 
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. 2018-03-16 not yet calculated CVE-2016-9880
BID(link is external)
CONFIRM(link is external)
pivotal -- pivotal_application_service
 
Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links. 2018-03-16 not yet calculated CVE-2018-1200
BID(link is external)
CONFIRM(link is external)
pivotal -- spring_batch_admin
 
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life. 2018-03-21 not yet calculated CVE-2018-1229
BID(link is external)
CONFIRM(link is external)
pivotal -- spring_batch_admin
 
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. 2018-03-21 not yet calculated CVE-2018-1230
BID(link is external)
CONFIRM(link is external)
pivotal -- spring_boot
 
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. 2018-03-19 not yet calculated CVE-2018-1196
CONFIRM(link is external)
prague -- smart_phones
 
The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution. 2018-03-23 not yet calculated CVE-2017-15325
CONFIRM(link is external)
qos.ch_slf4j -- qos.ch_slf4j
 
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. 2018-03-20 not yet calculated CVE-2018-8088
MISC(link is external)
MISC(link is external)
MISC(link is external)
radare2 -- radare2
 
In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. 2018-03-20 not yet calculated CVE-2018-8808
MISC(link is external)
radare2 -- radare2
 
In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. 2018-03-20 not yet calculated CVE-2018-8809
MISC(link is external)
radare2 -- radare2
 
In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. 2018-03-20 not yet calculated CVE-2018-8810
MISC(link is external)
radosgw -- radosgw
 
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. 2018-03-19 not yet calculated CVE-2018-7262
CONFIRM(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
FEDORA
rsyslog_librelp -- rsyslog_librelp
 
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. 2018-03-23 not yet calculated CVE-2018-1000140
MISC(link is external)
MISC(link is external)
seafile  -- seafile_server_and_server_professional_edition
 
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts. 2018-03-19 not yet calculated CVE-2014-5443
MLIST(link is external)
BID(link is external)
XF(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
securebrain_corporation -- installer_of_phishwall_client_firefox_and_chrome_edition_for_windows
 
Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-03-22 not yet calculated CVE-2018-0552
JVN(link is external)
CONFIRM(link is external)
siemans -- simatic_and_sinumerik_and_profinet_io
 
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions), SIMATIC S7-400 H V6 (All versions), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions), SINUMERIK 840D sl (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. 2018-03-20 not yet calculated CVE-2018-4843
BID(link is external)
CONFIRM(link is external)
siemans -- simatic_wincc_oa_ui_for_android_and__simatic_wincc_oa_ui_for_ios
 
A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. 2018-03-20 not yet calculated CVE-2018-4844
BID(link is external)
CONFIRM(link is external)
sqlite -- sqlite
 
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. 2018-03-16 not yet calculated CVE-2018-8740
BID(link is external)
MISC
MISC(link is external)
MISC
MISC
squirrelmail -- squirrelmail
 
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. 2018-03-17 not yet calculated CVE-2018-8741
MISC(link is external)
SECTRACK(link is external)
MISC(link is external)
MISC(link is external)
MISC
stable.php -- stable.php
 
I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user. 2018-03-23 not yet calculated CVE-2018-1000139
MISC(link is external)
MISC(link is external)
synology -- photo_station
 
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. 2018-03-22 not yet calculated CVE-2017-16771
CONFIRM(link is external)
synology -- photo_station
 
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. 2018-03-22 not yet calculated CVE-2017-16772
CONFIRM(link is external)
tenda -- ac15_router
 
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. 2018-03-20 not yet calculated CVE-2018-5768
MISC(link is external)
tenda -- ac15_router
 
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. 2018-03-20 not yet calculated CVE-2018-5770
MISC(link is external)
truecrypt -- truecrypt
 
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. 2018-03-19 not yet calculated CVE-2014-2884
MLIST(link is external)
MISC
truecrypt -- truecrypt
 
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. 2018-03-19 not yet calculated CVE-2014-2885
MLIST(link is external)
MISC
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. 2018-03-22 not yet calculated CVE-2017-0935
CONFIRM(link is external)
MISC(link is external)
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system. 2018-03-22 not yet calculated CVE-2017-0932
CONFIRM(link is external)
MISC(link is external)
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system. 2018-03-22 not yet calculated CVE-2017-0933
CONFIRM(link is external)
MISC(link is external)
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. 2018-03-22 not yet calculated CVE-2017-0934
CONFIRM(link is external)
MISC(link is external)
ucopia -- wireless_appliance_devices
 
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account. 2018-03-22 not yet calculated CVE-2017-17743
MISC(link is external)
unboundid -- ldap_sdk_for_java
 
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6. 2018-03-16 not yet calculated CVE-2018-1000134
BID(link is external)
CONFIRM(link is external)
users.php -- users.php
 
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. 2018-03-23 not yet calculated CVE-2018-1000137
MISC(link is external)
wampserver -- wampserver
 
Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. 2018-03-19 not yet calculated CVE-2018-8732
MISC(link is external)

western_bridge -- cobub_razor


 
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/. 2018-03-18 not yet calculated CVE-2018-8770
MISC(link is external)
windows_optimization_master -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003. 2018-03-24 not yet calculated CVE-2018-8994
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007. 2018-03-24 not yet calculated CVE-2018-8996
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004. 2018-03-24 not yet calculated CVE-2018-8997
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010. 2018-03-24 not yet calculated CVE-2018-8990
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002. 2018-03-24 not yet calculated CVE-2018-8995
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009. 2018-03-24 not yet calculated CVE-2018-8991
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001. 2018-03-24 not yet calculated CVE-2018-8993
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005. 2018-03-24 not yet calculated CVE-2018-8992
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006. 2018-03-24 not yet calculated CVE-2018-8989
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008. 2018-03-24 not yet calculated CVE-2018-8988
MISC(link is external)
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000. 2018-03-22 not yet calculated CVE-2018-8904
MISC(link is external)
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. 2018-03-19 not yet calculated CVE-2014-2274
MISC(link is external)
CONFIRM
wordpress -- wordpress
 
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal. 2018-03-19 not yet calculated CVE-2018-7422
MISC
MISC(link is external)
wordpress -- wordpress
 
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php. 2018-03-19 not yet calculated CVE-2014-2674
MISC(link is external)
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php. 2018-03-19 not yet calculated CVE-2014-2550
XF(link is external)
MISC(link is external)
CONFIRM
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php. 2018-03-19 not yet calculated CVE-2014-2675
MISC(link is external)
wordpress -- wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. 2018-03-19 not yet calculated CVE-2014-2297
BUGTRAQ(link is external)
xiuno_bbs -- xiuno_bbs
 
Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. 2018-03-22 not yet calculated CVE-2018-8942
MISC
yii -- yii
 
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input. 2018-03-21 not yet calculated CVE-2018-7269
CONFIRM(link is external)
yii -- yii
 
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. 2018-03-21 not yet calculated CVE-2018-8073
CONFIRM(link is external)
yii -- yii
 
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. 2018-03-21 not yet calculated CVE-2018-8074
CONFIRM(link is external)
yxcms -- yxcms
 
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. 2018-03-20 not yet calculated CVE-2018-8805
MISC(link is external)
yxcms -- yxcms
 
protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. 2018-03-19 not yet calculated CVE-2018-8761
MISC(link is external)
yzmcms -- yzmcms
 
Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request. 2018-03-18 not yet calculated CVE-2018-8756
MISC(link is external)
MISC(link is external)
zarafa -- zarafa_collaboration_platform
 
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. 2018-03-19 not yet calculated CVE-2014-5450
FEDORA
FEDORA
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
XF(link is external)
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. 2018-03-24 not yet calculated CVE-2018-8966
MISC(link is external)
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. 2018-03-24 not yet calculated CVE-2018-8965
MISC(link is external)
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. 2018-03-24 not yet calculated CVE-2018-8967
MISC(link is external)
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. 2018-03-24 not yet calculated CVE-2018-8968
MISC(link is external)
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. 2018-03-24 not yet calculated CVE-2018-8969
MISC