*** 출처: [US-CERT: Bulletin(SB18-127)] 2018년 4월 30일까지 발표된 보안 취약점
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 389_directory_server -- 389_directory_server |
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. | 2018-05-04 | not yet calculated | CVE-2011-0704 CONFIRM CONFIRM |
| 389_directory_server -- 389_directory_server |
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. | 2018-04-30 | not yet calculated | CVE-2017-2591 BID CONFIRM CONFIRM |
| 7-zip -- 7-zip |
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 2018-05-02 | not yet calculated | CVE-2018-10115 SECTRACK MISC CONFIRM |
| abcm2ps -- abcm2ps |
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-05-04 | not yet calculated | CVE-2018-10753 MISC MISC |
| activision -- infinity_ward_call_of_duty_modern_warfare |
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets. | 2018-05-03 | not yet calculated | CVE-2018-10718 MISC MISC |
| ansible -- ansible_tower |
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system. | 2018-05-02 | not yet calculated | CVE-2018-1101 MISC CONFIRM CONFIRM |
| ansible -- ansible_tower |
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 2018-05-02 | not yet calculated | CVE-2018-1104 MISC CONFIRM CONFIRM |
| ansible -- ansible |
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | 2018-05-04 | not yet calculated | CVE-2013-2233 MLIST MLIST CONFIRM CONFIRM CONFIRM |
| apache -- ambari |
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request, and those Ambari Servers that are protected behind a firewall, or in a restricted network zone are at less risk of being affected by this issue. | 2018-05-03 | not yet calculated | CVE-2018-8003 CONFIRM |
| axublog -- axublog |
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. | 2018-05-04 | not yet calculated | CVE-2018-10740 MISC |
| bigtree -- bigtree |
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | 2018-04-30 | not yet calculated | CVE-2018-10574 CONFIRM CONFIRM |
| bigtree -- bigtree |
BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | 2018-04-30 | not yet calculated | CVE-2018-10364 CONFIRM MISC MISC |
| blackboard -- learn |
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | 2018-04-30 | not yet calculated | CVE-2017-18262 FULLDISC SECTRACK MISC |
| blktrace -- blktrace |
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. | 2018-05-03 | not yet calculated | CVE-2018-10689 MISC MISC MISC |
| blog_master_pro -- blog_master_pro |
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 2018-05-01 | not yet calculated | CVE-2018-10255 MISC EXPLOIT-DB |
| boston_scientific -- zoom_latitude_prm_model_3120 |
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | 2018-05-01 | not yet calculated | CVE-2017-14014 BID MISC |
| boston_scientific -- zoom_latitude_prm_model_3120 |
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | 2018-05-01 | not yet calculated | CVE-2017-14012 BID MISC |
| ca_technologies -- ca_spectrum |
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | 2018-05-01 | not yet calculated | CVE-2018-6589 CONFIRM |
| cisco -- 5500_and_8500_series_wireless_lan_controller |
A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information. Cisco Bug IDs: CSCvg89442. | 2018-05-02 | not yet calculated | CVE-2018-0245 SECTRACK CONFIRM |
| cisco -- aironet_access_points |
A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point. A successful exploit could allow the attacker to cause the NSS core process on the affected access point to crash, which would cause the access point to reload and result in a DoS condition. This vulnerability affects Cisco Aironet 1810, 1830, and 1850 Series Access Points that are running Cisco Mobility Express Software Release 8.4.100.0, 8.5.103.0, or 8.5.105.0 and are configured as a master, subordinate, or standalone access point. Cisco Bug IDs: CSCvf73890. | 2018-05-02 | not yet calculated | CVE-2018-0234 BID SECTRACK CONFIRM |
| cisco -- aironet_access_points |
A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116. | 2018-05-02 | not yet calculated | CVE-2018-0249 SECTRACK CONFIRM |
| cisco -- aironet_access_points |
A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point. The vulnerability exists because the Cisco Mobility Express controller of the affected software configures the default SSH user account for an access point to be the first SSH user account that was created for the Mobility Express controller, if an administrator added user accounts directly to the controller instead of using the default configuration or the SSH username creation wizard. Although the user account has read-only privileges for the Mobility Express controller, the account could have administrative privileges for an associated access point. An attacker who has valid user credentials for an affected controller could exploit this vulnerability by using the default SSH user account to authenticate to an affected access point via SSH. A successful exploit could allow the attacker to log in to the affected access point with administrative privileges and perform arbitrary administrative actions. This vulnerability affects the following Cisco products: Aironet 1800 Series Access Points that are running Cisco Mobility Express Software Releases 8.2.121.0 through 8.5.105.0, Aironet 2800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0, Aironet 3800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0. Cisco Bug IDs: CSCva68116. | 2018-05-02 | not yet calculated | CVE-2018-0226 SECTRACK CONFIRM |
| cisco -- aironet_access_points |
A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756. | 2018-05-02 | not yet calculated | CVE-2018-0250 SECTRACK CONFIRM |
| cisco -- firepower_system_software |
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327. | 2018-05-02 | not yet calculated | CVE-2018-0283 CONFIRM |
| cisco -- firepower_system_software |
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311. | 2018-05-02 | not yet calculated | CVE-2018-0278 CONFIRM |
| cisco -- firepower_system_software |
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808. | 2018-05-02 | not yet calculated | CVE-2018-0281 CONFIRM |
| cisco -- ios_xr_software |
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792. | 2018-05-02 | not yet calculated | CVE-2018-0286 BID SECTRACK CONFIRM |
| cisco -- meeting_server |
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469. | 2018-05-02 | not yet calculated | CVE-2018-0262 BID SECTRACK CONFIRM |
| cisco -- multiple_products |
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. | 2018-05-02 | not yet calculated | CVE-2018-0258 BID CONFIRM MISC |
| cisco -- prime_service_catalog |
A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568. | 2018-05-02 | not yet calculated | CVE-2018-0285 BID SECTRACK CONFIRM |
| cisco -- secure_access_control_system |
A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037. | 2018-05-02 | not yet calculated | CVE-2018-0253 BID CONFIRM |
| cisco -- webex_network_recording_player_for_advanced_recording_format |
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457. | 2018-05-02 | not yet calculated | CVE-2018-0264 BID CONFIRM |
| cisco -- webex_network_recording_player_for_advanced_recording_format |
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvh70213, CSCvh70222, CSCvh70228. | 2018-05-02 | not yet calculated | CVE-2018-0287 SECTRACK CONFIRM |
| cisco -- webex_recording_format_player |
A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142. | 2018-05-02 | not yet calculated | CVE-2018-0288 SECTRACK CONFIRM |
| cisco -- wireless_lan_controller_and_aironet_access_points |
A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789. | 2018-05-02 | not yet calculated | CVE-2018-0247 SECTRACK SECTRACK CONFIRM |
| cisco -- wireless_lan_controller |
A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11 management frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects only Cisco Wireless LAN Controllers that are running Cisco Mobility Express Release 8.5.103.0. Cisco Bug IDs: CSCvg07024. | 2018-05-02 | not yet calculated | CVE-2018-0235 BID CONFIRM |
| cisco – wireless_lan_controller |
A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222. | 2018-05-02 | not yet calculated | CVE-2018-0252 SECTRACK CONFIRM |
| cloud_foundry -- garden-runc |
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell. | 2018-04-30 | not yet calculated | CVE-2018-1277 CONFIRM |
| cockpit -- cockpit_cms |
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4. | 2018-05-02 | not yet calculated | CVE-2018-9302 FULLDISC EXPLOIT-DB |
| codes-lab -- shopy_point_of_sale | A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 2018-05-01 | not yet calculated | CVE-2018-10258 MISC EXPLOIT-DB |
| combodo -- itop |
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | 2018-05-02 | not yet calculated | CVE-2018-10642 MISC |
| csp -- mysql_user_manager |
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. | 2018-05-05 | not yet calculated | CVE-2018-10757 MISC MISC |
| cyberghost -- cyberghost |
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method accepts a "connectionParams" argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | 2018-05-02 | not yet calculated | CVE-2018-10646 MISC |
| cylance -- cylanceprotect |
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses. | 2018-05-03 | not yet calculated | CVE-2018-10722 MISC |
| d-link -- dcs-5009_devices |
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | 2018-05-01 | not yet calculated | CVE-2017-17020 CONFIRM MISC |
| d-link -- dir-601_a1_devices |
D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. | 2018-05-03 | not yet calculated | CVE-2018-10641 MISC MISC MISC |
| d-link -- dsl-3782_eu_devices |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 2018-05-04 | not yet calculated | CVE-2018-10750 MISC |
| d-link -- dsl-3782_eu_devices |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 2018-05-04 | not yet calculated | CVE-2018-10746 MISC |
| d-link -- dsl-3782_eu_devices |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 2018-05-04 | not yet calculated | CVE-2018-10749 MISC |
| d-link -- dsl-3782_eu_devices |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 2018-05-04 | not yet calculated | CVE-2018-10747 MISC |
| d-link -- dsl-3782_eu_devices |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 2018-05-03 | not yet calculated | CVE-2018-10713 MISC |
| d-link -- dsl-3782_eu_devices |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | 2018-05-04 | not yet calculated | CVE-2018-10748 MISC |
| dasan -- gpon_home_routers |
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device. | 2018-05-03 | not yet calculated | CVE-2018-10561 EXPLOIT-DB MISC |
| dasan -- gpon_home_routers |
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. | 2018-05-03 | not yet calculated | CVE-2018-10562 EXPLOIT-DB MISC |
| datenstrom -- datenstrom_yellow |
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | 2018-05-05 | not yet calculated | CVE-2018-10758 MISC |
| dell_emc -- multiple_products |
In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service. | 2018-04-30 | not yet calculated | CVE-2018-1183 FULLDISC BID |
| delta_electronics -- pmsoft |
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. | 2018-04-30 | not yet calculated | CVE-2018-8839 BID MISC |
| delta_electronics -- wplsoft | WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. | 2018-05-04 | not yet calculated | CVE-2018-7509 BID MISC |
| delta_electronics -- wplsoft |
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | 2018-05-04 | not yet calculated | CVE-2018-7507 BID MISC |
| delta_electronics -- wplsoft |
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | 2018-05-04 | not yet calculated | CVE-2018-7494 BID MISC |
| directus -- directus |
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. | 2018-05-05 | not yet calculated | CVE-2018-10723 MISC |
| ethereum -- aurora_idex_membership |
The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables. | 2018-05-03 | not yet calculated | CVE-2018-10666 MISC |
| ethereum -- useless_ethereum_token |
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue. | 2018-04-28 | not yet calculated | CVE-2018-10468 MISC MISC |
| etherpad_lite -- etherpad_lite |
Etherpad Lite before 1.6.4 is exploitable for admin access. | 2018-04-29 | not yet calculated | CVE-2018-9845 MISC MISC |
| f5 -- big-ip |
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. | 2018-05-02 | not yet calculated | CVE-2018-5516 SECTRACK SECTRACK CONFIRM |
| f5 -- big-ip |
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended. | 2018-05-02 | not yet calculated | CVE-2018-5519 SECTRACK CONFIRM |
| f5 -- big-ip |
On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. | 2018-05-02 | not yet calculated | CVE-2018-5512 SECTRACK CONFIRM |
| f5 -- big-ip |
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required. | 2018-05-02 | not yet calculated | CVE-2018-5518 SECTRACK CONFIRM |
| f5 -- big-ip |
On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. | 2018-05-02 | not yet calculated | CVE-2018-5515 SECTRACK CONFIRM |
| f5 -- big-ip |
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. | 2018-05-02 | not yet calculated | CVE-2018-5520 SECTRACK CONFIRM |
| f5 -- big-ip |
On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. | 2018-05-02 | not yet calculated | CVE-2018-5514 SECTRACK CONFIRM |
| f5 -- big-ip |
On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. | 2018-05-02 | not yet calculated | CVE-2018-5517 SECTRACK CONFIRM |
| fedora -- fedora |
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | 2018-05-01 | not yet calculated | CVE-2013-0159 CONFIRM CONFIRM |
| flexense -- diskboss_enterprise |
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. | 2018-05-02 | not yet calculated | CVE-2018-10294 MISC FULLDISC |
| flexense -- diskpulse_enterprise |
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | 2018-05-02 | not yet calculated | CVE-2018-10564 MISC FULLDISC |
| flexense -- disksavvy_enterprise |
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | 2018-05-02 | not yet calculated | CVE-2018-10565 MISC FULLDISC |
| flexense -- disksorter_enterprise |
XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | 2018-05-02 | not yet calculated | CVE-2018-10568 MISC FULLDISC |
| flexense -- dupscout_enterprise |
XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | 2018-05-02 | not yet calculated | CVE-2018-10566 MISC FULLDISC |
| flexense -- syncbreeze |
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | 2018-05-02 | not yet calculated | CVE-2018-10563 MISC FULLDISC |
| flexense -- vx_search_enterprise |
XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | 2018-05-02 | not yet calculated | CVE-2018-10567 MISC FULLDISC |
| frog_cms -- frog_cms |
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | 2018-04-30 | not yet calculated | CVE-2018-10570 MISC |
| gnu -- binutils |
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. | 2018-04-29 | not yet calculated | CVE-2018-10535 BID MISC |
| gnu -- binutils |
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. | 2018-04-29 | not yet calculated | CVE-2018-10534 BID MISC |
| gofer -- gofer |
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | 2018-05-04 | not yet calculated | CVE-2012-5628 CONFIRM |
| golden_frog -- vyprvpn |
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client. | 2018-05-02 | not yet calculated | CVE-2018-10645 MISC |
| google -- android |
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application. | 2018-05-02 | not yet calculated | CVE-2013-6272 MISC FULLDISC BID MISC XF |
| gpu -- gpu |
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | 2018-05-04 | not yet calculated | CVE-2018-10229 BID CERT-VN MISC |
| hrsale -- hrsale_the_ultimate_hrm |
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 2018-05-01 | not yet calculated | CVE-2018-10257 MISC EXPLOIT-DB |
| hrsale -- hrsale_the_ultimate_hrm |
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | 2018-05-01 | not yet calculated | CVE-2018-10260 MISC EXPLOIT-DB |
| hrsale -- hrsale_the_ultimate_hrm |
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query. | 2018-05-01 | not yet calculated | CVE-2018-10256 MISC EXPLOIT-DB |
| hrsale -- hrsale_the_ultimate_hrm |
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | 2018-05-01 | not yet calculated | CVE-2018-10259 MISC EXPLOIT-DB |
| huawei -- alp-al00b_smart_phones |
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely. | 2018-04-30 | not yet calculated | CVE-2018-7901 CONFIRM |
| huawei -- mobile_broadband_products |
Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability. | 2018-04-30 | not yet calculated | CVE-2017-17318 CONFIRM |
| huawei -- multiple_products |
Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal. | 2018-04-30 | not yet calculated | CVE-2017-17314 CONFIRM |
| ibm -- api_connect |
IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226. | 2018-04-30 | not yet calculated | CVE-2018-1430 CONFIRM BID XF |
| ibm -- api_connect |
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399. | 2018-05-02 | not yet calculated | CVE-2018-1468 CONFIRM XF |
| ibm -- api_connect |
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213. | 2018-04-30 | not yet calculated | CVE-2018-1389 CONFIRM BID XF |
| ibm -- content_manager_enterprise_edition_resource_manager |
IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338. | 2018-05-01 | not yet calculated | CVE-2018-1502 CONFIRM SECTRACK XF |
| ibm -- endpoint_manager_for_remote_control_and_tivoli_remote_control |
IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309. | 2018-04-27 | not yet calculated | CVE-2013-5461 XF CONFIRM CONFIRM |
| ibm -- security_guardium |
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. | 2018-05-02 | not yet calculated | CVE-2017-1255 CONFIRM XF |
| ibm -- security_guardium |
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. | 2018-05-02 | not yet calculated | CVE-2017-1601 CONFIRM XF |
| ibm -- sterling_connect:direct_for_openvms |
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138. | 2018-05-01 | not yet calculated | CVE-2013-4035 XF CONFIRM |
| ibm -- tivoli_application_dependency_discovery_manager |
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | 2018-05-01 | not yet calculated | CVE-2013-4040 XF CONFIRM |
| ibm -- websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. | 2018-05-04 | not yet calculated | CVE-2017-1743 CONFIRM XF |
| ibm -- worklight _and _mobile_foundation |
IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128. | 2018-04-27 | not yet calculated | CVE-2013-5391 CONFIRM XF |
| ilias -- ilias |
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | 2018-05-02 | not yet calculated | CVE-2018-10665 MISC MISC MISC |
| imagely -- nextgen_gallery |
Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45. | 2018-04-30 | not yet calculated | CVE-2018-1000172 MISC MISC |
| ipswitch -- whatsup_gold |
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. | 2018-05-01 | not yet calculated | CVE-2018-8938 CONFIRM |
| ipswitch -- whatsup_gold |
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. | 2018-05-01 | not yet calculated | CVE-2018-8939 CONFIRM |
| jasper -- jasper |
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack. | 2018-05-04 | not yet calculated | CVE-2018-9154 MISC |
| jfrog -- artifactory |
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | 2018-05-01 | not yet calculated | CVE-2016-10036 MISC EXPLOIT-DB CONFIRM |
| katello -- katello |
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | 2018-05-01 | not yet calculated | CVE-2013-4201 CONFIRM |
| lantech -- ids_2102_ethernet_device_server |
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2018-05-04 | not yet calculated | CVE-2018-8865 MISC |
| lantech -- ids_2102_ethernet_device_server |
In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2018-05-04 | not yet calculated | CVE-2018-8869 MISC |
| lenovo -- lenovo_system_update |
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. | 2018-05-04 | not yet calculated | CVE-2018-9063 CONFIRM |
| lenovo -- system_x |
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. | 2018-05-04 | not yet calculated | CVE-2017-3775 CONFIRM |
| libgxps -- libgxps |
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. | 2018-05-04 | not yet calculated | CVE-2018-10733 MISC |
| libreoffice_and_apache_openoffice_writer -- libreoffice_and_apache_openoffice_writer |
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | 2018-05-01 | not yet calculated | CVE-2018-10583 MISC CONFIRM EXPLOIT-DB |
| linux -- linux_kernel |
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | 2018-05-02 | not yet calculated | CVE-2018-10675 MISC MISC MISC |
| long_range_zip -- long_range_zip |
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-05-02 | not yet calculated | CVE-2018-10685 MISC |
| magnicomp -- sysinfo |
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system. | 2018-04-30 | not yet calculated | CVE-2018-9310 CONFIRM |
| manageiq -- enterprise_virtualization_manager |
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 2018-05-01 | not yet calculated | CVE-2013-0185 CONFIRM |
| matrix -- synapse |
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. | 2018-05-02 | not yet calculated | CVE-2018-10657 CONFIRM CONFIRM |
| medtronic -- 2090_carelink_programmers |
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network. | 2018-05-04 | not yet calculated | CVE-2018-5446 MISC |
| medtronic -- 2090_carelink_programmers |
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system. | 2018-05-04 | not yet calculated | CVE-2018-5448 MISC |
| meross -- mss110_devices |
Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. | 2018-05-02 | not yet calculated | CVE-2018-10544 MISC |
| meross -- mss110_devices |
Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password. | 2018-05-02 | not yet calculated | CVE-2018-6401 MISC |
| microsoft-- windows | A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute. | 2018-05-02 | not yet calculated | CVE-2018-8115 BID CONFIRM |
| milestone -- xprotect_video_management_software |
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution. | 2018-04-30 | not yet calculated | CVE-2018-7891 CONFIRM |
| miniupnp -- miniupnp_ngiflib |
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file. | 2018-05-02 | not yet calculated | CVE-2018-10677 CONFIRM CONFIRM |
| miniupnp -- ngiflib |
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677. | 2018-05-03 | not yet calculated | CVE-2018-10717 CONFIRM CONFIRM |
| multiple_vendors -- dvr_devices |
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. | 2018-05-02 | not yet calculated | CVE-2018-10676 MISC |
| mybb -- mybb |
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized. | 2018-05-01 | not yet calculated | CVE-2018-10365 EXPLOIT-DB |
| nagios -- nagios |
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | 2018-04-29 | not yet calculated | CVE-2018-10554 MISC |
| nagios -- nagios |
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | 2018-04-29 | not yet calculated | CVE-2018-10553 MISC |
| norton -- core_router |
The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software. | 2018-04-30 | not yet calculated | CVE-2018-5234 BID EXPLOIT-DB CONFIRM |
| nvidia -- tegra_mobile_processors |
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code. | 2018-05-01 | not yet calculated | CVE-2018-6242 CONFIRM |
| octopus -- deploy |
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment. | 2018-05-01 | not yet calculated | CVE-2018-10581 CONFIRM |
| octopus -- deploy |
In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | 2018-04-30 | not yet calculated | CVE-2018-10550 CONFIRM |
| openemr -- openemr |
Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | 2018-04-30 | not yet calculated | CVE-2018-10571 MISC MISC MISC MISC |
| openemr -- openemr |
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter. | 2018-04-30 | not yet calculated | CVE-2018-10573 MISC MISC MISC MISC |
| openemr -- openemr |
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters. | 2018-04-30 | not yet calculated | CVE-2018-10572 MISC MISC MISC MISC |
| openvpn -- openvpn |
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. | 2018-05-01 | not yet calculated | CVE-2018-9336 SLACKWARE CONFIRM CONFIRM CONFIRM MISC |
| partclone -- partclone |
partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | 2018-05-02 | not yet calculated | CVE-2016-10722 MISC MISC |
| partclone -- partclone |
partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | 2018-05-02 | not yet calculated | CVE-2016-10721 MISC |
| philips -- brilliance_ct_scanners |
Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system. | 2018-05-04 | not yet calculated | CVE-2018-8857 MISC CONFIRM |
| philips -- brilliance_ct_scanners |
Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system. | 2018-05-04 | not yet calculated | CVE-2018-8861 MISC CONFIRM |
| philips -- brilliance_ct_scanners |
Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system. | 2018-05-04 | not yet calculated | CVE-2018-8853 MISC CONFIRM |
| philips -- intellivue_mx40_patient_worn_monitor | Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point. | 2018-04-30 | not yet calculated | CVE-2017-9658 BID MISC CONFIRM |
| philips -- intellivue_mx40_patient_worn_monitor |
Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point. | 2018-04-30 | not yet calculated | CVE-2017-9657 BID MISC CONFIRM |
| php -- php |
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | 2018-04-29 | not yet calculated | CVE-2018-10547 CONFIRM CONFIRM SECTRACK CONFIRM |
| php -- php |
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. | 2018-04-29 | not yet calculated | CVE-2018-10545 CONFIRM CONFIRM BID CONFIRM |
| php -- php |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | 2018-04-29 | not yet calculated | CVE-2018-10546 CONFIRM CONFIRM BID SECTRACK CONFIRM |
| php -- php |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. | 2018-04-29 | not yet calculated | CVE-2018-10548 CONFIRM CONFIRM BID SECTRACK CONFIRM |
| php -- php |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. | 2018-04-29 | not yet calculated | CVE-2018-10549 CONFIRM CONFIRM BID SECTRACK CONFIRM CONFIRM |
| phpmyadmin -- phpmyadmin |
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument. | 2018-05-01 | not yet calculated | CVE-2017-18264 CONFIRM |
| qnap -- qts |
Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | 2018-04-30 | not yet calculated | CVE-2018-0711 SECTRACK CONFIRM |
| red_hat -- cloudforms_management_engine |
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | 2018-05-01 | not yet calculated | CVE-2013-2049 CONFIRM |
| red_hat -- openshift_enterprise |
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. | 2018-04-30 | not yet calculated | CVE-2018-1102 REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT CONFIRM |
| red_hat_linux -- automatic_bug_reporting_tool |
Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. | 2018-05-01 | not yet calculated | CVE-2013-4209 CONFIRM |
| safervpn -- safervpn |
SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | 2018-05-02 | not yet calculated | CVE-2018-10647 MISC |
| schneider_electric -- triconex_tricon_mp_model_3008_firmware |
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory. | 2018-05-04 | not yet calculated | CVE-2018-8872 BID MISC CONFIRM |
| schneider_electric -- triconex_tricon_mp_model_3008_firmware |
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states. | 2018-05-04 | not yet calculated | CVE-2018-7522 BID MISC CONFIRM |
| sentinel -- hasp_srm_and_hasp_and_ldk | The License Manager service of HASP SRM, Sentinel HASP, and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability. | 2018-05-02 | not yet calculated | CVE-2018-8900 MISC |
| shanghai -- 2345_security_guard |
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is not properly considered. | 2018-05-04 | not yet calculated | CVE-2018-10739 MISC |
| shanghai -- 2345_security_guard |
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly considered. | 2018-05-03 | not yet calculated | CVE-2018-10716 MISC |
| sierra_wireless -- airlink_gx400_and_gx440_and_es440_and_ls300_routers |
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system. | 2018-05-04 | not yet calculated | CVE-2017-15043 CONFIRM |
| sierra_wireless -- airlink_gx400_and_gx440_and_es440_and_ls300_routers |
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 2018-05-04 | not yet calculated | CVE-2018-10251 CONFIRM |
| siveillance -- vms_video_for_android_and_vms_video_for_ios |
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | 2018-05-03 | not yet calculated | CVE-2018-4849 CONFIRM |
| t&w -- wifi_repeater_be126_devices |
Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. | 2018-05-01 | not yet calculated | CVE-2018-9232 MISC |
| tibco_software -- datasynapse_gridserver_manager |
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. | 2018-05-01 | not yet calculated | CVE-2017-5535 CONFIRM |
| tibco_software -- datasynapse_gridserver_manager |
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. | 2018-05-01 | not yet calculated | CVE-2017-5536 CONFIRM |
| tinfo/parse_entry.c -- tinfo/parse_entry.c |
In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. | 2018-05-04 | not yet calculated | CVE-2018-10754 MISC MISC MISC |
| tp-link -- eap_controller_and_omada_controller |
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. | 2018-05-03 | not yet calculated | CVE-2018-10168 MISC |
| tp-link -- eap_controller_and_omada_controller |
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows. | 2018-05-03 | not yet calculated | CVE-2018-10167 MISC |
| tp-link -- eap_controller_and_omada_controller |
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | 2018-05-03 | not yet calculated | CVE-2018-10164 MISC |
| tp-link -- eap_controller_and_omada_controller |
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. | 2018-05-03 | not yet calculated | CVE-2018-10165 MISC |
| tp-link -- eap_controller_and_omada_controller |
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows. | 2018-05-03 | not yet calculated | CVE-2018-10166 MISC |
| tp-shop -- tp-shop |
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter. | 2018-05-02 | not yet calculated | CVE-2018-9919 FULLDISC |
| vmware -- xenon |
VMware Xenon 1.x prior to 1.5.7, 1.5.4, 1.3.7, and 1.1.0 contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure. | 2018-05-02 | not yet calculated | CVE-2017-4952 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| watchguard -- ap100_and_ap102_and_ap200_devices | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. | 2018-05-02 | not yet calculated | CVE-2018-10577 FULLDISC |
| watchguard -- ap100_and_ap102_and_ap200_devices |
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). | 2018-04-30 | not yet calculated | CVE-2018-10576 FULLDISC CONFIRM CONFIRM |
| watchguard -- ap100_and_ap102_and_ap200_devices |
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. | 2018-04-30 | not yet calculated | CVE-2018-10575 FULLDISC CONFIRM CONFIRM |
| watchguard -- ap100_and_ap102_and_ap200_devices |
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. | 2018-05-02 | not yet calculated | CVE-2018-10578 FULLDISC |
| wavpack -- wavpack |
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. | 2018-04-29 | not yet calculated | CVE-2018-10536 MISC MISC MISC MISC UBUNTU |
| wavpack -- wavpack |
An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | 2018-04-29 | not yet calculated | CVE-2018-10538 MISC MISC UBUNTU |
| wavpack -- wavpack |
An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | 2018-04-29 | not yet calculated | CVE-2018-10540 MISC MISC UBUNTU |
| wavpack -- wavpack |
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | 2018-04-29 | not yet calculated | CVE-2018-10539 MISC MISC UBUNTU |
| wavpack -- wavpack |
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. | 2018-04-29 | not yet calculated | CVE-2018-10537 MISC MISC MISC MISC UBUNTU |
| wordpress -- wordpress |
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | 2018-05-04 | not yet calculated | CVE-2018-10752 MISC |
| wordpress -- wordpress |
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title. | 2018-05-01 | not yet calculated | CVE-2018-10371 MISC MISC MISC EXPLOIT-DB |
| wordpress -- wordpress |
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 2018-04-27 | not yet calculated | CVE-2018-10504 MISC EXPLOIT-DB |
| xen -- xen |
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | 2018-04-27 | not yet calculated | CVE-2018-10471 BID CONFIRM |
'IT 와 Social 이야기' 카테고리의 다른 글
| [kotra] 중국 자율주행차 시장 현황 (0) | 2018.05.08 |
|---|---|
| [한국은행] 2017년 모바일 금융서비스 이용행태 조사 결과 및 시사점 (0) | 2018.05.08 |
| [nars 국회입법조사처] 챗봇(chatbot)의 현황과 향후 과제 - 정준화 (0) | 2018.05.07 |
| [KCIS 한국신용정보원] 신용정보 표본DB 제공 서비스의 의의 - 김호영 조사역 (0) | 2018.05.04 |
| [iitp] 더욱 안전한 사회를 만드는 인공지능 기술 (0) | 2018.05.03 |
