본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-092)] 2018년 3월 26일까지 발표된 보안 취약점

by manga0713 2018. 4. 3.

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-092)] 2018년 3월 26일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- ios_xe A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of the affected software. A successful exploit could allow the attacker to write arbitrary files to the operating system of an affected device. Cisco Bug IDs: CSCvb22645. 2018-03-28 4.0 CVE-2018-0196
CONFIRM(link is external)
imagemagick -- imagemagick An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. 2018-03-26 4.3 CVE-2017-18250
CONFIRM(link is external)
imagemagick -- imagemagick An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. 2018-03-26 4.3 CVE-2017-18251
CONFIRM(link is external)
imagemagick -- imagemagick An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. 2018-03-26 4.3 CVE-2017-18252
CONFIRM(link is external)
imagemagick -- imagemagick An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. 2018-03-26 4.3 CVE-2017-18253
CONFIRM(link is external)
imagemagick -- imagemagick An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. 2018-03-26 4.3 CVE-2017-18254
CONFIRM(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. 2018-03-24 6.1 CVE-2018-8998
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. 2018-03-24 6.1 CVE-2018-8999
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. 2018-03-24 6.1 CVE-2018-9000
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. 2018-03-24 6.1 CVE-2018-9001
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. 2018-03-24 6.1 CVE-2018-9002
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. 2018-03-24 6.1 CVE-2018-9003
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. 2018-03-24 6.1 CVE-2018-9004
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. 2018-03-24 6.1 CVE-2018-9005
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. 2018-03-24 6.1 CVE-2018-9006
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. 2018-03-24 6.1 CVE-2018-9007
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. 2018-03-26 6.1 CVE-2018-9040
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. 2018-03-26 6.1 CVE-2018-9041
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. 2018-03-26 6.1 CVE-2018-9042
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. 2018-03-26 6.1 CVE-2018-9043
MISC(link is external)
iobit -- advanced_systemcare_ultimate In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. 2018-03-26 6.1 CVE-2018-9044
MISC(link is external)
jasper_project -- jasper JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. 2018-03-27 4.3 CVE-2018-9055
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008. 2018-03-24 6.1 CVE-2018-8988
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006. 2018-03-24 6.1 CVE-2018-8989
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010. 2018-03-24 6.1 CVE-2018-8990
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009. 2018-03-24 6.1 CVE-2018-8991
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005. 2018-03-24 6.1 CVE-2018-8992
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001. 2018-03-24 6.1 CVE-2018-8993
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003. 2018-03-24 6.1 CVE-2018-8994
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002. 2018-03-24 6.1 CVE-2018-8995
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007. 2018-03-24 6.1 CVE-2018-8996
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004. 2018-03-24 6.1 CVE-2018-8997
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849. 2018-03-26 6.1 CVE-2018-9045
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282d. 2018-03-26 6.1 CVE-2018-9046
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002841. 2018-03-26 6.1 CVE-2018-9047
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c. 2018-03-26 6.1 CVE-2018-9048
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833. 2018-03-26 6.1 CVE-2018-9049
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100202d. 2018-03-26 6.1 CVE-2018-9050
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002021. 2018-03-26 6.1 CVE-2018-9051
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c. 2018-03-26 6.1 CVE-2018-9052
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc. 2018-03-26 6.1 CVE-2018-9053
MISC(link is external)
windows_optimization_master_project -- windows_optimization_master In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100284c. 2018-03-26 6.1 CVE-2018-9054
MISC(link is external)
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
acrolinx_server -- acrolinx_server
 
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. 2018-03-25 not yet calculated CVE-2018-7719
CONFIRM(link is external)
EXPLOIT-DB(link is external)
apache -- http_server
 
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. 2018-03-26 not yet calculated CVE-2018-1303
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
apache -- http_server
 
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. 2018-03-26 not yet calculated CVE-2018-1302
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
apache -- http_server
 
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. 2018-03-26 not yet calculated CVE-2018-1301
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
apache -- httpd
 
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. 2018-03-26 not yet calculated CVE-2017-15710
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
apache -- httpd
 
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. 2018-03-26 not yet calculated CVE-2018-1283
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
apache -- httpd
 
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. 2018-03-26 not yet calculated CVE-2018-1312
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
apache -- httpd
 
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. 2018-03-26 not yet calculated CVE-2017-15715
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
apache -- struts_rest_plugin
 
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. 2018-03-27 not yet calculated CVE-2018-1327
BID(link is external)
SECTRACK(link is external)
MISC
CONFIRM(link is external)
atlassian -- bamboo
 
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability. 2018-03-29 not yet calculated CVE-2018-5224
CONFIRM(link is external)
CONFIRM(link is external)
atlassian -- fisheye_and_crucible
 
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability. 2018-03-29 not yet calculated CVE-2018-5223
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
avolve_software -- projectdox
 
Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token. 2018-03-27 not yet calculated CVE-2014-5130
MISC(link is external)
BUGTRAQ(link is external)
BID(link is external)
XF(link is external)
avolve_software -- projectdox
 
Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses. 2018-03-27 not yet calculated CVE-2014-5132
MISC(link is external)
BUGTRAQ(link is external)
XF(link is external)
avolve_software -- projectdox
 
Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse. 2018-03-27 not yet calculated CVE-2014-5131
MISC(link is external)
BUGTRAQ(link is external)
BID(link is external)
XF(link is external)
beckhoff -- twincat
 
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. 2018-03-23 not yet calculated CVE-2018-7502
BID(link is external)
MISC(link is external)
MISC
bomgar -- remote_support_portal_javastart.jar_applet
 
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. 2018-03-26 not yet calculated CVE-2017-12815
BUGTRAQ(link is external)
ca_technologies -- ca_api_developer_portal
 
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. 2018-03-29 not yet calculated CVE-2018-6588
SECTRACK(link is external)
CONFIRM(link is external)
ca_technologies -- ca_api_developer_portal
 
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. 2018-03-29 not yet calculated CVE-2018-6587
SECTRACK(link is external)
CONFIRM(link is external)
ca_technologies -- ca_api_developer_portal
 
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. 2018-03-29 not yet calculated CVE-2018-6586
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- catalyst_4500_series_switches_and _catalyst_4500-x_series_switches
 
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729. 2018-03-28 not yet calculated CVE-2018-0155
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- integrated_services_module_for_vpn
 
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267. 2018-03-28 not yet calculated CVE-2018-0154
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe_and_ios_xr
 
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487, CSCvd73664. 2018-03-28 not yet calculated CVE-2018-0167
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe_and_ios_xr
 
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487, CSCvd73664. 2018-03-28 not yet calculated CVE-2018-0175
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730. 2018-03-28 not yet calculated CVE-2018-0172
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
MISC(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655. 2018-03-28 not yet calculated CVE-2018-0189
BID(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. 2018-03-28 not yet calculated CVE-2018-0171
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754. 2018-03-28 not yet calculated CVE-2018-0173
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
MISC(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645. 2018-03-28 not yet calculated CVE-2018-0174
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
MISC(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881. 2018-03-28 not yet calculated CVE-2018-0151
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394. 2018-03-28 not yet calculated CVE-2018-0158
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673. 2018-03-28 not yet calculated CVE-2018-0156
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_and_ios_xe
 
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916. 2018-03-28 not yet calculated CVE-2018-0159
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428. 2018-03-28 not yet calculated CVE-2018-0195
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296. 2018-03-28 not yet calculated CVE-2018-0157
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. 2018-03-28 not yet calculated CVE-2018-0185
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432. 2018-03-28 not yet calculated CVE-2018-0184
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. 2018-03-28 not yet calculated CVE-2018-0186
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied; however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. Cisco Bug IDs: CSCvd75185. 2018-03-28 not yet calculated CVE-2018-0164
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496. 2018-03-28 not yet calculated CVE-2018-0165
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356. 2018-03-28 not yet calculated CVE-2018-0183
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818. 2018-03-28 not yet calculated CVE-2018-0160
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. 2018-03-28 not yet calculated CVE-2018-0182
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769. 2018-03-28 not yet calculated CVE-2018-0152
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875. 2018-03-27 not yet calculated CVE-2017-12319
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370. 2018-03-28 not yet calculated CVE-2018-0169
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327. 2018-03-28 not yet calculated CVE-2018-0170
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714. 2018-03-28 not yet calculated CVE-2018-0177
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370. 2018-03-28 not yet calculated CVE-2018-0176
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. 2018-03-28 not yet calculated CVE-2018-0193
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. 2018-03-28 not yet calculated CVE-2018-0190
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. 2018-03-28 not yet calculated CVE-2018-0188
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. 2018-03-28 not yet calculated CVE-2018-0150
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios
 
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701. 2018-03-28 not yet calculated CVE-2018-0163
CONFIRM(link is external)
cisco -- ios
 
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541. 2018-03-28 not yet calculated CVE-2018-0161
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios
 
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. 2018-03-28 not yet calculated CVE-2018-0179
BID(link is external)
CONFIRM(link is external)
cisco -- ios
 
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. 2018-03-28 not yet calculated CVE-2018-0180
BID(link is external)
CONFIRM(link is external)
cisco -- spark_hybrid_calendar_service
 
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593. 2018-03-27 not yet calculated CVE-2017-12310
CONFIRM(link is external)
cisco -- unified_communications_manager
 
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592. 2018-03-27 not yet calculated CVE-2018-0198
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
clamav -- clamav
 
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400. 2018-03-27 not yet calculated CVE-2018-0202
CONFIRM(link is external)
CONFIRM(link is external)
MLIST
UBUNTU(link is external)
UBUNTU(link is external)
cloud_foundry_foundation -- cloud_foundry_bosh_cli
 
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. 2018-03-27 not yet calculated CVE-2018-1231
CONFIRM
cloud_foundry_foundation -- cloud_foundry_cloud_controller
 
Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. 2018-03-27 not yet calculated CVE-2018-1266
CONFIRM
cloud_foundry_foundation -- cloud_foundry_garden-runc
 
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. 2018-03-29 not yet calculated CVE-2018-1191
CONFIRM
cloud_foundry_foundation -- cloud_foundry_silk_cni_plugin
 
Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies. 2018-03-27 not yet calculated CVE-2018-1267
CONFIRM
cloud_foundry_foundation -- pcf_elastic_runtime
 
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials. 2018-03-29 not yet calculated CVE-2016-6658
CONFIRM(link is external)
contec -- smart_home_devices
 
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. 2018-03-31 not yet calculated CVE-2018-9162
EXPLOIT-DB(link is external)
crea8social -- crea8social
 
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. 2018-03-29 not yet calculated CVE-2018-9121
MISC(link is external)
MISC(link is external)
crea8social -- crea8social
 
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. 2018-03-29 not yet calculated CVE-2018-9123
MISC(link is external)
crea8social -- crea8social
 
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. 2018-03-29 not yet calculated CVE-2018-9120
MISC(link is external)
MISC(link is external)
crea8social -- crea8social
 
In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. 2018-03-29 not yet calculated CVE-2018-9122
MISC(link is external)
MISC(link is external)
cups -- cups
 
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. 2018-03-26 not yet calculated CVE-2017-18248
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
d-link -- dir-601_b1_2.02na_devices
 
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. 2018-03-30 not yet calculated CVE-2018-5708
FULLDISC
d-link -- dir-850l_wireless_ac1200_dual_band_gigabit_cloud_router
 
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. 2018-03-26 not yet calculated CVE-2018-9032
EXPLOIT-DB(link is external)
MISC(link is external)
dedecms -- dedecms
 
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters. 2018-03-30 not yet calculated CVE-2018-9134
MISC(link is external)
dedecms -- dedecms
 
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. 2018-03-27 not yet calculated CVE-2018-7700
MISC(link is external)
dell_emc -- isilon
 
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. 2018-03-26 not yet calculated CVE-2018-1204
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. 2018-03-26 not yet calculated CVE-2018-1186
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. 2018-03-26 not yet calculated CVE-2018-1188
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges. 2018-03-26 not yet calculated CVE-2018-1203
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. 2018-03-26 not yet calculated CVE-2018-1187
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. 2018-03-26 not yet calculated CVE-2018-1201
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. 2018-03-26 not yet calculated CVE-2018-1213
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. 2018-03-26 not yet calculated CVE-2018-1202
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- isilon
 
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. 2018-03-26 not yet calculated CVE-2018-1189
FULLDISC
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
dell_emc -- scaleio
 
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. 2018-03-27 not yet calculated CVE-2018-1238
FULLDISC
dell_emc -- scaleio
 
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. 2018-03-27 not yet calculated CVE-2018-1237
FULLDISC
dell_emc -- scaleio
 
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. 2018-03-27 not yet calculated CVE-2018-1205
FULLDISC
docker -- docker_notary
 
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data. 2018-03-31 not yet calculated CVE-2015-9258
MISC(link is external)
MISC(link is external)
docker -- docker_notary
 
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. 2018-03-31 not yet calculated CVE-2015-9259
MISC(link is external)
MISC(link is external)
drupal -- drupal
 
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. 2018-03-29 not yet calculated CVE-2018-7600
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM
MLIST
MISC(link is external)
MISC(link is external)
DEBIAN
CONFIRM
CONFIRM(link is external)
MISC(link is external)
drupal -- drupal
 
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003. 2018-03-29 not yet calculated CVE-2014-5170
MLIST(link is external)
XF(link is external)
CONFIRM
MISC
dsmall -- dsmall
 
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. 2018-03-25 not yet calculated CVE-2018-9014
MISC(link is external)
dsmall -- dsmall
 
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. 2018-03-25 not yet calculated CVE-2018-9016
MISC(link is external)
dsmall -- dsmall
 
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). 2018-03-25 not yet calculated CVE-2018-9015
MISC(link is external)
dsmall -- dsmall
 
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI. 2018-03-25 not yet calculated CVE-2018-9017
MISC(link is external)
elfinder -- elfinder
 
Studio 42 elFinder before 2.1.36 has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion. 2018-03-28 not yet calculated CVE-2018-9109
CONFIRM(link is external)
CONFIRM(link is external)
elfinder -- elfinder
 
Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109. 2018-03-28 not yet calculated CVE-2018-9110
CONFIRM(link is external)
CONFIRM(link is external)
enhancesoft -- osticket
 
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. 2018-03-27 not yet calculated CVE-2018-7192
MISC(link is external)
enhancesoft -- osticket
 
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. 2018-03-27 not yet calculated CVE-2018-7193
MISC(link is external)
enhancesoft -- osticket
 
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting. 2018-03-27 not yet calculated CVE-2018-7194
MISC(link is external)
enhancesoft -- osticket
 
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. 2018-03-27 not yet calculated CVE-2018-7196
MISC(link is external)
enhancesoft -- osticket
 
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. 2018-03-27 not yet calculated CVE-2018-7195
MISC(link is external)
exiv2 -- exiv2
 
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. 2018-03-30 not yet calculated CVE-2018-9144
MISC(link is external)
MISC(link is external)
exiv2 -- exiv2
 
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp, a different vulnerability than CVE-2017-17724. It could result in denial of service or information disclosure. 2018-03-30 not yet calculated CVE-2018-9146
MISC(link is external)
MISC(link is external)
exiv2 -- exiv2
 
In Exiv2 0.26, there is a reachable assertion abort in the function Exiv2::DataBuf::DataBuf at include/exiv2/types.hpp. 2018-03-30 not yet calculated CVE-2018-9145
MISC(link is external)
firebird_project -- firebird_sql_server
 
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. 2018-03-28 not yet calculated CVE-2017-11509
MISC(link is external)
frog_cms -- frog_cms
 
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. 2018-03-31 not yet calculated CVE-2018-8908
MISC(link is external)
gespage -- gespage
 
Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. 2018-03-30 not yet calculated CVE-2018-9147
MISC(link is external)
gnu -- binutils
 
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. 2018-03-30 not yet calculated CVE-2018-9138
MISC
google -- android
 
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. 2018-03-29 not yet calculated CVE-2015-2002
MISC(link is external)
MISC
google -- android
 
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. 2018-03-29 not yet calculated CVE-2015-2004
MISC(link is external)
MISC
google -- android
 
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. 2018-03-29 not yet calculated CVE-2015-2003
MISC(link is external)
MISC
google -- android
 
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. 2018-03-29 not yet calculated CVE-2015-2020
MISC(link is external)
MISC
google -- android
 
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. 2018-03-29 not yet calculated CVE-2015-2001
MISC(link is external)
MISC
google -- android
 
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. 2018-03-29 not yet calculated CVE-2015-2000
MISC(link is external)
MISC
graphicsmagick -- graphicsmagick
 
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. 2018-03-25 not yet calculated CVE-2018-9018
BID(link is external)
MLIST
MISC(link is external)
hashicorp -- terraform_amazon_web_services_provider
 
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password. 2018-03-27 not yet calculated CVE-2018-9057
MISC(link is external)
hashicorp -- vagrant-vmware-fusion
 
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. 2018-03-29 not yet calculated CVE-2017-16839
MISC(link is external)
hashicorp -- vagrant-vmware-fusion
 
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. 2018-03-29 not yet calculated CVE-2017-16512
MISC(link is external)
hashicorp -- vagrant-vmware-fusion
 
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. 2018-03-29 not yet calculated CVE-2017-16873
MISC(link is external)
hoek -- hoek
 
hoek node module before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. 2018-03-30 not yet calculated CVE-2018-3728
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
ibm -- bigfix_remote_control
 
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200. 2018-03-27 not yet calculated CVE-2015-4954
CONFIRM(link is external)
XF(link is external)
ibm -- bigfix_remote_control
 
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197. 2018-03-29 not yet calculated CVE-2015-4953
AIXAPAR(link is external)
XF(link is external)
CONFIRM(link is external)
ibm -- business_process_manager
 
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152. 2018-03-30 not yet calculated CVE-2017-1767
CONFIRM(link is external)
MISC(link is external)
ibm -- business_process_manager
 
Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151. 2018-03-30 not yet calculated CVE-2017-1766
CONFIRM(link is external)
MISC(link is external)
ibm -- business_process_manager
 
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. 2018-03-30 not yet calculated CVE-2018-1384
CONFIRM(link is external)
MISC(link is external)
ibm -- business_process_manager
 
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150. 2018-03-30 not yet calculated CVE-2017-1765
CONFIRM(link is external)
MISC(link is external)
ibm -- business_process_manager
 
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. 2018-03-30 not yet calculated CVE-2017-1756
CONFIRM(link is external)
MISC(link is external)
ibm -- capacity_management_analytics
 
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863. 2018-03-26 not yet calculated CVE-2015-7434
CONFIRM(link is external)
XF(link is external)
ibm -- capacity_management_analytics
 
IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861. 2018-03-26 not yet calculated CVE-2015-7432
CONFIRM(link is external)
XF(link is external)
ibm -- capacity_management_analytics
 
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862. 2018-03-26 not yet calculated CVE-2015-7433
CONFIRM(link is external)
XF(link is external)
ibm -- curam_social_program_management
 
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106. 2018-03-26 not yet calculated CVE-2015-7401
CONFIRM(link is external)
XF(link is external)
ibm -- endpoint_manager_for_remote_control
 
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196. 2018-03-29 not yet calculated CVE-2015-4952
CONFIRM(link is external)
ibm -- financial_transaction_manager_for_check_services_for_multi-platform
 
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. 2018-03-30 not yet calculated CVE-2018-1390
CONFIRM(link is external)
MISC(link is external)
ibm -- infosphere_master_data_management
 
IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780. 2018-03-26 not yet calculated CVE-2015-7424
CONFIRM(link is external)
XF(link is external)
ibm -- infosphere_master_data_management
 
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771. 2018-03-26 not yet calculated CVE-2015-7423
CONFIRM(link is external)
XF(link is external)
ibm -- multiple_products
 
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. 2018-03-27 not yet calculated CVE-2015-5016
CONFIRM(link is external)
XF(link is external)
ibm -- qradar_siem
 
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921. 2018-03-29 not yet calculated CVE-2015-2009
CONFIRM(link is external)
ibm -- rational_clearcase
 
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715. 2018-03-26 not yet calculated CVE-2015-5039
CONFIRM(link is external)
XF(link is external)
ibm -- rational_license_key_server
 
The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938. 2018-03-26 not yet calculated CVE-2015-5045
CONFIRM(link is external)
XF(link is external)
ibm -- security_privileged_identity_manager
 
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427. 2018-03-30 not yet calculated CVE-2017-1705
CONFIRM(link is external)
MISC(link is external)
ibm -- tealeaf_customer_experience
 
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896. 2018-03-27 not yet calculated CVE-2015-4987
CONFIRM(link is external)
XF(link is external)
ibm -- websphere_mq
 
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520. 2018-03-30 not yet calculated CVE-2017-1747
CONFIRM(link is external)
MISC(link is external)
ibos -- ibos
 
IBOS 4.4.3 has XSS via a company full name. 2018-03-30 not yet calculated CVE-2018-9130
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. 2018-03-23 not yet calculated CVE-2018-8960
BID(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. 2018-03-30 not yet calculated CVE-2018-9133
MISC(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. 2018-03-30 not yet calculated CVE-2018-9135
CONFIRM(link is external)
intelbras -- telefone_ip_tip200/200_lite_devices
 
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. 2018-03-25 not yet calculated CVE-2018-9010
EXPLOIT-DB(link is external)
jenkins -- jenkins
 
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. 2018-03-27 not yet calculated CVE-2018-8718
MLIST(link is external)
CONFIRM(link is external)
joomla! -- joomla!
 
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. 2018-03-28 not yet calculated CVE-2018-9106
MISC(link is external)
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. 2018-03-28 not yet calculated CVE-2018-9107
MISC
MISC
MISC(link is external)
EXPLOIT-DB(link is external)
jungo -- driverwizard_windriver
 
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821. 2018-03-30 not yet calculated CVE-2018-9136
MISC(link is external)
kaseya -- virtual_system_administrator_agent
 
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges. 2018-03-26 not yet calculated CVE-2017-12410
BUGTRAQ(link is external)
kibana -- kibana
 
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. 2018-03-30 not yet calculated CVE-2018-3819
CONFIRM(link is external)
kibana -- kibana
 
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. 2018-03-30 not yet calculated CVE-2018-3818
BID(link is external)
CONFIRM(link is external)
kibana -- kibana
 
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. 2018-03-30 not yet calculated CVE-2018-3821
CONFIRM(link is external)
kibana -- kibana
 
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. 2018-03-30 not yet calculated CVE-2018-3820
CONFIRM(link is external)
kingsoft -- internet_security_9+_kernel_driver_kwatch3.sys
 
A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030. 2018-03-30 not yet calculated CVE-2018-9151
MISC
knot_dns -- knot_dns
 
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. 2018-03-27 not yet calculated CVE-2014-0486
BID(link is external)
XF(link is external)
CONFIRM(link is external)
laravel_log_viewer -- laravel_log_viewer
 
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request. 2018-03-25 not yet calculated CVE-2018-8947
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
libming -- libming
 
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-30 not yet calculated CVE-2018-9132
MISC(link is external)
librelp -- librelp_rsyslog
 
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. 2018-03-23 not yet calculated CVE-2018-1000140
MISC(link is external)
MISC(link is external)
UBUNTU(link is external)
DEBIAN
libvirt -- libvirt
 
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. 2018-03-28 not yet calculated CVE-2018-1064
CONFIRM(link is external)
CONFIRM
MLIST
DEBIAN
linux -- linux_kernel
 
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. 2018-03-27 not yet calculated CVE-2018-1091
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
linux -- linux_kernel
 
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. 2018-03-30 not yet calculated CVE-2018-7566
SUSE
MLIST
CONFIRM(link is external)
CONFIRM
linux -- linux_kernel
 
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. 2018-03-31 not yet calculated CVE-2017-18255
MISC
MISC(link is external)
linux -- linux_kernel
 
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. 2018-03-26 not yet calculated CVE-2017-18249
MISC
MISC(link is external)
logstash -- logstash
 
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. 2018-03-30 not yet calculated CVE-2018-3817
CONFIRM(link is external)
lrzip -- lrzip
 
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. 2018-03-27 not yet calculated CVE-2018-9058
MISC(link is external)
minicms -- minicms
 
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. 2018-03-27 not yet calculated CVE-2018-9092
MISC(link is external)
EXPLOIT-DB(link is external)
multiple_vendors -- multiple_products
 
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. 2018-03-27 not yet calculated CVE-2018-9056
MISC(link is external)
MISC(link is external)
mysql_for_pcf_tiles -- mysql_for_pcf_tiles
 
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. 2018-03-29 not yet calculated CVE-2016-0898
BID(link is external)
CONFIRM(link is external)
netiq -- identity_manager_driver
 
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. 2018-03-26 not yet calculated CVE-2018-1348
BID(link is external)
CONFIRM(link is external)
netiq -- identity_manager_driver
 
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. 2018-03-26 not yet calculated CVE-2018-1349
BID(link is external)
CONFIRM(link is external)
netiq -- identity_manager_driver
 
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. 2018-03-28 not yet calculated CVE-2018-7676
CONFIRM(link is external)
netiq -- identity_manager_driver
 
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. 2018-03-28 not yet calculated CVE-2018-7674
CONFIRM(link is external)
netiq -- identity_manager_driver
 
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. 2018-03-26 not yet calculated CVE-2018-1350
BID(link is external)
CONFIRM(link is external)
netiq -- identity_manager_driver
 
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. 2018-03-26 not yet calculated CVE-2018-7673
BID(link is external)
CONFIRM(link is external)
nextcloud -- nextcloud_server
 
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user. 2018-03-28 not yet calculated CVE-2017-0936
MISC(link is external)
CONFIRM(link is external)
nordvpn -- nordvpn
 
NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code execution in the context of the privileged helper tool. 2018-03-27 not yet calculated CVE-2018-9105
MISC(link is external)
nvidia -- tegra_kernel
 
NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. 2018-03-26 not yet calculated CVE-2017-6278
CONFIRM(link is external)
octopus -- deploy
 
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments. 2018-03-26 not yet calculated CVE-2018-9039
CONFIRM(link is external)
CONFIRM(link is external)
oneplus -- multiple_devices
 
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader. 2018-03-29 not yet calculated CVE-2017-5947
MISC(link is external)
open-audit_professional -- open-audit_professional
 
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. 2018-03-25 not yet calculated CVE-2018-8979
MISC(link is external)
EXPLOIT-DB(link is external)
open-audit_professional -- open-audit_professional
 
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. 2018-03-25 not yet calculated CVE-2018-8978
MISC(link is external)
open-audit_professional -- open-audit_professional
 
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. 2018-03-26 not yet calculated CVE-2018-8937
MISC(link is external)
openssl_project -- openssl
 
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). 2018-03-27 not yet calculated CVE-2018-0733
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM
openssl_project -- openssl
 
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). 2018-03-27 not yet calculated CVE-2018-0739
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM
MLIST
CONFIRM(link is external)
UBUNTU(link is external)
DEBIAN
DEBIAN
CONFIRM
opera -- opera In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. 2018-03-28 not yet calculated CVE-2018-6608
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
owncloud_server -- owncloud_server
 
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. 2018-03-26 not yet calculated CVE-2014-2048
XF(link is external)
CONFIRM
philips -- alice_6_system
 
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. 2018-03-28 not yet calculated CVE-2018-7498
BID(link is external)
MISC
philips -- alice_6_system
 
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code. 2018-03-28 not yet calculated CVE-2018-5451
BID(link is external)
MISC
philips -- intellispace_portal Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code 2018-03-26 not yet calculated CVE-2018-5468
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. 2018-03-26 not yet calculated CVE-2018-5470
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime. 2018-03-26 not yet calculated CVE-2018-5454
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. 2018-03-26 not yet calculated CVE-2018-5464
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. 2018-03-26 not yet calculated CVE-2018-5462
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. 2018-03-26 not yet calculated CVE-2018-5474
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. 2018-03-26 not yet calculated CVE-2018-5458
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. 2018-03-26 not yet calculated CVE-2018-5472
BID(link is external)
MISC
CONFIRM(link is external)
philips -- intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. 2018-03-26 not yet calculated CVE-2018-5466
BID(link is external)
MISC
CONFIRM(link is external)
prestashop -- prestashop
 
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter. 2018-03-27 not yet calculated CVE-2018-8823
MISC(link is external)
prisma_industriale -- checkweigher_prismaweb
 
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js. 2018-03-31 not yet calculated CVE-2018-9161
EXPLOIT-DB(link is external)
MISC(link is external)
qcacld -- qcacld
 
While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur. 2018-03-30 not yet calculated CVE-2017-9694
BID(link is external)
MISC
MISC
qnap_systems -- qts
 
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi. 2018-03-27 not yet calculated CVE-2017-7630
CONFIRM(link is external)
qnap_systems -- qts
 
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. 2018-03-27 not yet calculated CVE-2017-7631
CONFIRM(link is external)
qnap_systems -- qts
 
Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. 2018-03-27 not yet calculated CVE-2017-7632
CONFIRM(link is external)
qualcomm -- android
 
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. 2018-03-30 not yet calculated CVE-2017-9681
BID(link is external)
CONFIRM(link is external)
qualcomm -- android
 
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition. 2018-03-30 not yet calculated CVE-2017-14915
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
qualcomm -- android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly. 2018-03-30 not yet calculated CVE-2017-14912
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
qualcomm -- android
 
Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures. 2018-03-30 not yet calculated CVE-2017-15826
CONFIRM(link is external)
MISC
qualcomm -- android
 
In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access. 2018-03-30 not yet calculated CVE-2017-14892
CONFIRM(link is external)
MISC
qualcomm -- android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs. 2018-03-30 not yet calculated CVE-2017-14906
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
qualcomm -- android
 
While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs. 2018-03-30 not yet calculated CVE-2017-15859
CONFIRM(link is external)
MISC
qualcomm -- android
 
The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-05, the size of a stack-allocated buffer can be set to a value which exceeds the size of the stack. 2018-03-30 not yet calculated CVE-2017-9723
CONFIRM(link is external)
MISC
qualcomm -- android
 
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver. 2018-03-30 not yet calculated CVE-2017-17769
CONFIRM(link is external)
qualcomm -- android
 
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer. 2018-03-30 not yet calculated CVE-2017-14883
CONFIRM(link is external)
MISC
qualcomm -- android
 
Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver. 2018-03-30 not yet calculated CVE-2017-15852
CONFIRM(link is external)
qualcomm -- android
 
In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow. 2018-03-30 not yet calculated CVE-2017-17766
CONFIRM(link is external)
MISC
qualcomm -- android
 
In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur. 2018-03-30 not yet calculated CVE-2017-17771
CONFIRM(link is external)
MISC
qualcomm -- android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated. 2018-03-30 not yet calculated CVE-2017-14913
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
qualcomm -- android
 
In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted pointer dereference may potentially occur. 2018-03-30 not yet calculated CVE-2017-15846
CONFIRM(link is external)
MISC
qualcomm -- android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config. 2018-03-30 not yet calculated CVE-2017-14911
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
qualcomm -- android
 
When an atomic commit is issued on a writeback panel with a NULL output_layer parameter in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-03, a NULL pointer dereference may potentially occur. 2018-03-30 not yet calculated CVE-2017-9692
BID(link is external)
MISC
MISC
MISC
qualcomm -- android
 
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. 2018-03-30 not yet calculated CVE-2017-9691
BID(link is external)
MISC
qualcomm -- android
 
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur. 2018-03-30 not yet calculated CVE-2017-14881
CONFIRM(link is external)
MISC
qualcomm -- android
 
libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver. 2018-03-30 not yet calculated CVE-2017-11087
CONFIRM(link is external)
qualcomm -- android
 
In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable. 2018-03-30 not yet calculated CVE-2017-14891
CONFIRM(link is external)
MISC
qualcomm -- android
 
In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists. 2018-03-30 not yet calculated CVE-2017-14875
CONFIRM(link is external)
MISC
qualcomm -- android
 
The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability). 2018-03-30 not yet calculated CVE-2017-9693
BID(link is external)
MISC
MISC
qualcomm -- android
 
In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow. 2018-03-30 not yet calculated CVE-2017-15823
CONFIRM(link is external)
MISC
qualcomm -- android
 
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur. 2018-03-30 not yet calculated CVE-2017-14877
CONFIRM(link is external)
MISC
qualcomm -- android
 
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write. 2018-03-30 not yet calculated CVE-2017-14876
CONFIRM(link is external)
MISC
qualcomm -- android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected. 2018-03-30 not yet calculated CVE-2017-11010
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
quickappscms -- quickappscms
 
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. 2018-03-28 not yet calculated CVE-2018-9108
MISC(link is external)
review_board -- review_board
 
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. 2018-03-29 not yet calculated CVE-2014-5028
MLIST(link is external)
CONFIRM(link is external)
XF(link is external)
CONFIRM
CONFIRM
CONFIRM
roland_gruber_softwareentwicklung -- ldap_account_manager
 
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. 2018-03-27 not yet calculated CVE-2018-8764
MISC(link is external)
FULLDISC
roland_gruber_softwareentwicklung -- ldap_account_manager
 
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. 2018-03-27 not yet calculated CVE-2018-8763
MISC(link is external)
FULLDISC
rsa -- authentication_agent
 
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. 2018-03-30 not yet calculated CVE-2018-1234
FULLDISC
SECTRACK(link is external)
rsa -- authentication_agent
 
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. 2018-03-30 not yet calculated CVE-2018-1233
FULLDISC
SECTRACK(link is external)
rsa -- authentication_agent
 
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. 2018-03-30 not yet calculated CVE-2018-1232
FULLDISC
SECTRACK(link is external)
ruby -- ruby
 
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. 2018-03-30 not yet calculated CVE-2018-3740
CONFIRM(link is external)
CONFIRM(link is external)
ruby -- ruby
 
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. 2018-03-30 not yet calculated CVE-2018-3741
CONFIRM(link is external)
ruby -- ruby
 
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. 2018-03-27 not yet calculated CVE-2018-8048
MLIST(link is external)
CONFIRM(link is external)
samsung -- mobile_devices
 
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. 2018-03-30 not yet calculated CVE-2018-9142
CONFIRM(link is external)
samsung -- mobile_devices
 
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. 2018-03-30 not yet calculated CVE-2018-9141
CONFIRM(link is external)
samsung -- mobile_devices
 
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. 2018-03-30 not yet calculated CVE-2018-9143
CONFIRM(link is external)
samsung -- mobile_devices
 
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. 2018-03-30 not yet calculated CVE-2018-9139
CONFIRM(link is external)
samsung -- mobile_devices
 
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. 2018-03-30 not yet calculated CVE-2018-9140
CONFIRM(link is external)
screen-resolution-extra -- screen-resolution-extra
 
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. 2018-03-28 not yet calculated CVE-2018-8885
UBUNTU(link is external)
sickrage -- sickrage
 
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. 2018-03-31 not yet calculated CVE-2018-9160
MISC(link is external)
MISC(link is external)
siemens -- tim_1531_irc
 
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. 2018-03-29 not yet calculated CVE-2018-4841
CONFIRM(link is external)
softros -- network_time_system
 
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes. 2018-03-26 not yet calculated CVE-2018-7658
MISC(link is external)
EXPLOIT-DB(link is external)
spark -- spark
 
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark. 2018-03-31 not yet calculated CVE-2018-9159
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
square_9 -- globalforms
 
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials. 2018-03-28 not yet calculated CVE-2018-8820
FULLDISC
swisscom -- myswisscomassistant
 
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process. 2018-03-27 not yet calculated CVE-2018-6765
MISC(link is external)
swisscom -- tvmediahelper
 
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. 2018-03-27 not yet calculated CVE-2018-6766
MISC(link is external)
symantec -- norton_app_lock
 
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. 2018-03-26 not yet calculated CVE-2017-15534
BID(link is external)
CONFIRM(link is external)
tenable -- appliance
 
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins. 2018-03-28 not yet calculated CVE-2018-1142
CONFIRM(link is external)
thermald -- thermald
 
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. 2018-03-26 not yet calculated CVE-2014-2312
MLIST(link is external)
MLIST(link is external)
tnlsoftsolutions -- sentry_vision_devices
 
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. 2018-03-29 not yet calculated CVE-2018-9031
MISC(link is external)
MISC(link is external)
tpshop -- tpshop
 
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter. 2018-03-30 not yet calculated CVE-2017-16614
FULLDISC
twonky -- twonky_server
 
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all. 2018-03-30 not yet calculated CVE-2018-7171
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
twonky -- twonky_server
 
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. 2018-03-30 not yet calculated CVE-2018-7203
MISC(link is external)
EXPLOIT-DB(link is external)
unisys -- clearpath_mcp_os_systems
 
SQL injection vulnerability in the management interface in ePortal Manager in Unisys ClearPath MCP OS systems with 17.0 CLEARPATHEPORTAL before 17.0a.31 and 18.0 CLEARPATHEPORTAL before 059.1a.13; and ClearPath OS 2200 systems with 16.0 EPORTAL-2200 before 2.2.81 and 17.0 EPORTAL-2200 before 2.3.82 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. 2018-03-26 not yet calculated CVE-2018-8802
CONFIRM(link is external)
wampserver -- wampserver
 
Wampserver before 3.1.3 has CSRF in add_vhost.php. 2018-03-25 not yet calculated CVE-2018-8817
MISC(link is external)
wanscam -- hw0021_network_camera
 
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. 2018-03-28 not yet calculated CVE-2017-11510
MISC(link is external)
western_digital -- wd_my_cloud
 
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud. 2018-03-30 not yet calculated CVE-2018-9148
EXPLOIT-DB(link is external)
wiremock -- wiremock
 
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. 2018-03-29 not yet calculated CVE-2018-9116
CONFIRM(link is external)
wiremock -- wiremock
 
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. 2018-03-29 not yet calculated CVE-2018-9117
CONFIRM(link is external)
wordpress -- wordpress
 
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. 2018-03-25 not yet calculated CVE-2018-9020
MISC(link is external)
MISC
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. 2018-03-29 not yet calculated CVE-2014-6604
MISC(link is external)
CONFIRM
wordpress -- wordpress
 
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter. 2018-03-26 not yet calculated CVE-2018-7543
CONFIRM(link is external)
EXPLOIT-DB(link is external)
x-pack_security -- x-pack_security
 
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw. 2018-03-30 not yet calculated CVE-2018-3822
CONFIRM(link is external)
z-blogphp -- z-blogphp
 
Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code. 2018-03-31 not yet calculated CVE-2018-8893
MISC
zikula_application_framework -- zikula_application_framework
 
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. 2018-03-26 not yet calculated CVE-2014-2293
MISC(link is external)
XF(link is external)
XF(link is external)
MISC(link is external)
zimbra -- zimbra_collaboration_suite
 
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. 2018-03-27 not yet calculated CVE-2018-6882
FULLDISC
BUGTRAQ(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
zoho -- manageengine_servicedesk_plus
 
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. 2018-03-30 not yet calculated CVE-2018-5799
FULLDISC
CONFIRM(link is external)
zsh -- zsh
 
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. 2018-03-28 not yet calculated CVE-2018-1083
CONFIRM(link is external)
MLIST
CONFIRM(link is external)
UBUNTU