본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-015)] 2018년 1월 8일까지 발표된 보안 취약점

by manga0713 2018. 1. 16.

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-015)] 2018년 1월 8일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. 2018-01-05 7.5 CVE-2017-16716
BID(link is external)
MISC
advantech -- webaccess A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. 2018-01-05 7.5 CVE-2017-16724
BID(link is external)
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess A Path Traversal issue was discovered in WebAccess versions prior to 8.3. An attacker has access to files within the directory structure of the target device. 2018-01-05 5.0 CVE-2017-16720
BID(link is external)
MISC
advantech -- webaccess An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. 2018-01-05 5.0 CVE-2017-16728
BID(link is external)
MISC
advantech -- webaccess An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. 2018-01-05 5.0 CVE-2017-16753
BID(link is external)
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- flash
 
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. 2018-01-09 not yet calculated CVE-2018-4871
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
CONFIRM(link is external)
advantech -- webaccess
 
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. 2018-01-11 not yet calculated CVE-2017-16736
MISC
advantech -- webaccess
 
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address. 2018-01-11 not yet calculated CVE-2017-16732
MISC
apache -- activemq
 
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. 2018-01-10 not yet calculated CVE-2016-6810
CONFIRM
BID(link is external)
SECTRACK(link is external)
MLIST
apache -- geode
 
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. 2018-01-09 not yet calculated CVE-2017-9796
MLIST
apache -- geode
 
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution. 2018-01-09 not yet calculated CVE-2017-9795
BID(link is external)
MLIST
apache -- geode
 
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. 2018-01-09 not yet calculated CVE-2017-12622
MLIST
apache -- sling
 
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader 2018-01-08 not yet calculated CVE-2012-3353
CONFIRM
MLIST
apache -- sling
 
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0. 2018-01-10 not yet calculated CVE-2017-15717
MLIST
artifex_software -- mupdf
 
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. 2018-01-13 not yet calculated CVE-2018-5686
MISC(link is external)
aruba_networks -- clearpass_policy_manager
 
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. 2018-01-08 not yet calculated CVE-2014-2071
CONFIRM(link is external)
asternic.org -- flash_operator_panel
 
The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter. 2018-01-13 not yet calculated CVE-2018-5694
MISC(link is external)
atlassian -- jira
 
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. 2018-01-12 not yet calculated CVE-2017-16864
CONFIRM(link is external)
atlassian -- jira
 
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. 2018-01-12 not yet calculated CVE-2017-16862
CONFIRM(link is external)
atlassian -- jira
 
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. 2018-01-12 not yet calculated CVE-2017-14594
CONFIRM(link is external)
avantfax -- avantfax
 
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. 2018-01-10 not yet calculated CVE-2017-18024
MISC(link is external)
aztech -- adsl_devices
 
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. 2018-01-12 not yet calculated CVE-2014-6435
MISC(link is external)
BID(link is external)
aztech -- adsl_devices
 
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. 2018-01-12 not yet calculated CVE-2014-6436
MISC(link is external)
BUGTRAQ(link is external)
BID(link is external)
aztech -- adsl_devices
 
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. 2018-01-12 not yet calculated CVE-2014-6437
MISC(link is external)
BUGTRAQ(link is external)
BID(link is external)
barcodewiz -- barcode
 
Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property. 2018-01-09 not yet calculated CVE-2018-5221
MISC
MISC(link is external)
cisco -- unified communications_manager
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264. 2018-01-11 not yet calculated CVE-2018-0118
BID(link is external)
CONFIRM(link is external)
cobham -- sea_tel_116_build_222429_satellite_devices
 
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. 2018-01-07 not yet calculated CVE-2018-5071
MISC(link is external)
cobham -- sea_tel_121_build_222701_devices
 
Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. 2018-01-07 not yet calculated CVE-2018-5267
MISC(link is external)
cobham -- sea_tel_121_build_222701_devices
 
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1. 2018-01-07 not yet calculated CVE-2018-5266
MISC(link is external)
communigate -- communigate_pro
 
The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements. 2018-01-08 not yet calculated CVE-2018-3815
MISC(link is external)
comsenz_technology -- discuz!_discuzx
 
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. 2018-01-12 not yet calculated CVE-2018-5377
MISC(link is external)
comsenz_technology -- discuz!_discuzx
 
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. 2018-01-12 not yet calculated CVE-2018-5375
MISC(link is external)
comsenz_technology -- discuz!_discuzx
 
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. 2018-01-12 not yet calculated CVE-2018-5376
MISC(link is external)
comsenz_technology -- discuz!_discuzx
 
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. 2018-01-10 not yet calculated CVE-2018-5331
MISC(link is external)
comsenz_technology -- discuz!_discuzx
 
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. 2018-01-08 not yet calculated CVE-2018-5259
MISC(link is external)
MISC(link is external)
condor5 -- muviko
 
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php. 2018-01-12 not yet calculated CVE-2017-17970
MISC(link is external)
EXPLOIT-DB(link is external)
cups -- cups
 
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. 2018-01-12 not yet calculated CVE-2014-8166
MLIST(link is external)
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
d-link -- dsl-2640u_devices
 
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. 2018-01-12 not yet calculated CVE-2018-5371
MISC(link is external)
dotclear -- dotclear
 
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. 2018-01-13 not yet calculated CVE-2018-5689
CONFIRM
CONFIRM
dotclear -- dotclear
 
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). 2018-01-13 not yet calculated CVE-2018-5690
CONFIRM
CONFIRM
dragonbyte_technologies -- vbulletin

 
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php. 2018-01-11 not yet calculated CVE-2012-6668
SECUNIA(link is external)
CONFIRM(link is external)
BID(link is external)
XF(link is external)
dragonbyte_technologies -- vbulletin
 
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. 2018-01-11 not yet calculated CVE-2012-6667
SECUNIA(link is external)
EXPLOIT-DB(link is external)
BID(link is external)
dragonbyte_technologies -- vbulletin

 
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php. 2018-01-11 not yet calculated CVE-2012-6670
SECUNIA(link is external)
CONFIRM(link is external)
BID(link is external)
XF(link is external)
dragonbyte_technologies -- vbulletin
 
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. 2018-01-11 not yet calculated CVE-2012-6682
SECUNIA(link is external)
CONFIRM(link is external)
BID(link is external)
XF(link is external)
dragonbyte_technologies -- vbulletin
 
Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters. 2018-01-11 not yet calculated CVE-2012-6671
SECUNIA(link is external)
SECUNIA(link is external)
CONFIRM(link is external)
BID(link is external)
emc -- avamar_server
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. 2018-01-05 not yet calculated CVE-2017-15549
CONFIRM
BID(link is external)
SECTRACK(link is external)
emc -- avamar_server
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. 2018-01-05 not yet calculated CVE-2017-15550
CONFIRM
BID(link is external)
SECTRACK(link is external)
emc -- avamar_server
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. 2018-01-05 not yet calculated CVE-2017-15548
CONFIRM
BID(link is external)
SECTRACK(link is external)
etherpad -- etherpad
 
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID. 2018-01-12 not yet calculated CVE-2015-2298
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
family_connections -- family_connections_cms
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php. 2018-01-11 not yet calculated CVE-2012-0699
EXPLOIT-DB(link is external)
fasterxml_jackson-databind -- fasterxml_jackson-databind
 
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. 2018-01-10 not yet calculated CVE-2017-17485
BUGTRAQ(link is external)
CONFIRM(link is external)
MISC(link is external)
ffmpeg -- ffmpeg
 
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. 2018-01-09 not yet calculated CVE-2015-1208
CONFIRM
CONFIRM
CONFIRM(link is external)
fiberhome -- lm53q1_vh519r05c01s38_devices
 
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal. 2018-01-12 not yet calculated CVE-2017-16886
FULLDISC
EXPLOIT-DB(link is external)
fiberhome -- lm53q1_vh519r05c01s38_devices
 
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password. 2018-01-12 not yet calculated CVE-2017-16887
FULLDISC
EXPLOIT-DB(link is external)
fiberhome -- lm53q1_vh519r05c01s38_devices
 
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc. 2018-01-12 not yet calculated CVE-2017-16885
FULLDISC
EXPLOIT-DB(link is external)
finecms -- finecms
 
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. 2018-01-09 not yet calculated CVE-2017-1000429
MISC(link is external)
flatcore-cms -- flatcore-cms
 
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. 2018-01-09 not yet calculated CVE-2017-1000428
CONFIRM(link is external)
flexense -- disk_pulse_enterprise
 
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. 2018-01-10 not yet calculated CVE-2017-15663
MISC(link is external)
EXPLOIT-DB(link is external)
flexense -- diskboss_enterprise
 
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. 2018-01-10 not yet calculated CVE-2017-15665
MISC(link is external)
EXPLOIT-DB(link is external)
flexense -- diskboss
 
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account. 2018-01-12 not yet calculated CVE-2018-5262
MISC(link is external)
EXPLOIT-DB(link is external)
flexense -- sync_breeze_enterprise
 
In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121. 2018-01-10 not yet calculated CVE-2017-15664
MISC(link is external)
EXPLOIT-DB(link is external)
flexense -- vx_search_enterprise
 
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. 2018-01-10 not yet calculated CVE-2017-15662
MISC(link is external)
EXPLOIT-DB(link is external)
freeipa -- freeipa
 
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. 2018-01-10 not yet calculated CVE-2017-12169
BID(link is external)
CONFIRM(link is external)
general_motors_shanghai -- onstar_sos_ios
 
An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password. 2018-01-09 not yet calculated CVE-2017-12695
BID(link is external)
MISC
general_motors_shanghai -- onstar_sos_ios
 
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory. 2018-01-09 not yet calculated CVE-2017-9663
BID(link is external)
MISC
general_motors_shanghai -- onstar_sos_ios
 
A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server. 2018-01-09 not yet calculated CVE-2017-12697
BID(link is external)
MISC
gespage -- gespage
 
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp. 2018-01-08 not yet calculated CVE-2017-7997
FULLDISC
MISC(link is external)
EXPLOIT-DB(link is external)
gespage -- gespage
 
Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp. 2018-01-08 not yet calculated CVE-2017-7998
FULLDISC
MISC(link is external)
gnome/gcab -- gnome/gcab
 
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. 2018-01-11 not yet calculated CVE-2018-5345
MISC(link is external)
google -- android In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345. 2018-01-12 not yet calculated CVE-2017-13210
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501. 2018-01-12 not yet calculated CVE-2017-13213
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786. 2018-01-12 not yet calculated CVE-2017-13188
CONFIRM(link is external)
CONFIRM(link is external)
google -- android In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067. 2018-01-12 not yet calculated CVE-2017-13196
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319. 2018-01-12 not yet calculated CVE-2017-13193
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900. 2018-01-12 not yet calculated CVE-2017-13214
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907. 2018-01-12 not yet calculated CVE-2017-13209
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
google -- android
 
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. 2018-01-12 not yet calculated CVE-2017-13215
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576. 2018-01-12 not yet calculated CVE-2017-13222
CONFIRM(link is external)
google -- android
 
In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158. 2018-01-12 not yet calculated CVE-2017-13211
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985. 2018-01-12 not yet calculated CVE-2017-13212
CONFIRM(link is external)
google -- android
 
In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440. 2018-01-12 not yet calculated CVE-2017-13208
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634. 2018-01-12 not yet calculated CVE-2017-13203
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679. 2018-01-12 not yet calculated CVE-2017-13199
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237. 2018-01-12 not yet calculated CVE-2017-13204
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117. 2018-01-12 not yet calculated CVE-2017-13198
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. 2018-01-10 not yet calculated CVE-2017-14869
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048. 2018-01-12 not yet calculated CVE-2017-13206
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583. 2018-01-12 not yet calculated CVE-2017-13205
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938. 2018-01-12 not yet calculated CVE-2017-13221
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426. 2018-01-12 not yet calculated CVE-2017-13207
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856. 2018-01-12 not yet calculated CVE-2017-13202
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs. 2018-01-10 not yet calculated CVE-2017-9712
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition. 2018-01-10 not yet calculated CVE-2017-15849
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers. 2018-01-10 not yet calculated CVE-2017-9705
CONFIRM(link is external)
google -- android
 
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. 2018-01-12 not yet calculated CVE-2014-7952
MISC(link is external)
FULLDISC
MISC(link is external)
BUGTRAQ(link is external)
BID(link is external)
MISC(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation. 2018-01-10 not yet calculated CVE-2017-15845
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. 2018-01-10 not yet calculated CVE-2017-15847
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. 2018-01-10 not yet calculated CVE-2017-15850
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist. 2018-01-10 not yet calculated CVE-2017-15848
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption. 2018-01-10 not yet calculated CVE-2017-9689
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver. 2018-01-10 not yet calculated CVE-2017-14879
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur. 2018-01-10 not yet calculated CVE-2017-14873
CONFIRM(link is external)
google -- android
 
In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973. 2018-01-12 not yet calculated CVE-2017-13197
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865. 2018-01-12 not yet calculated CVE-2017-13219
CONFIRM(link is external)
google -- android
 
Access to CNTVCT_EL0 could be used for side channel attacks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68266545. 2018-01-12 not yet calculated CVE-2017-13218
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077. 2018-01-12 not yet calculated CVE-2017-13217
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. 2018-01-12 not yet calculated CVE-2017-13200
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768. 2018-01-12 not yet calculated CVE-2017-13201
CONFIRM(link is external)
google -- android
 
In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789. 2018-01-12 not yet calculated CVE-2017-13225
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184. 2018-01-12 not yet calculated CVE-2017-13226
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296. 2018-01-10 not yet calculated CVE-2017-11080
CONFIRM(link is external)
google -- android
 
In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097. 2018-01-12 not yet calculated CVE-2017-13216
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
google -- android
 
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053. 2018-01-12 not yet calculated CVE-2017-13220
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied. 2018-01-10 not yet calculated CVE-2017-11081
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size. 2018-01-10 not yet calculated CVE-2017-11003
CONFIRM(link is external)
google -- android
 
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964. 2018-01-12 not yet calculated CVE-2017-13176
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed. 2018-01-10 not yet calculated CVE-2017-11066
CONFIRM(link is external)
google -- android
 
In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281. 2018-01-12 not yet calculated CVE-2017-13178
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size. 2018-01-10 not yet calculated CVE-2017-11079
CONFIRM(link is external)
google -- android
 
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413. 2018-01-12 not yet calculated CVE-2017-13177
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow. 2018-01-10 not yet calculated CVE-2017-11069
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869. 2018-01-12 not yet calculated CVE-2017-0869
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857. 2018-01-12 not yet calculated CVE-2017-0855
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked. 2018-01-10 not yet calculated CVE-2017-14870
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810. 2018-01-12 not yet calculated CVE-2017-0846
CONFIRM(link is external)
google -- android
 
In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193. 2018-01-12 not yet calculated CVE-2017-13179
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821. 2018-01-12 not yet calculated CVE-2017-13195
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716. 2018-01-12 not yet calculated CVE-2017-13186
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202. 2018-01-12 not yet calculated CVE-2017-13192
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175. 2018-01-12 not yet calculated CVE-2017-13187
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072. 2018-01-12 not yet calculated CVE-2017-13189
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324. 2018-01-12 not yet calculated CVE-2017-13184
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873. 2018-01-12 not yet calculated CVE-2017-13190
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022. 2018-01-12 not yet calculated CVE-2017-13182
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232. 2018-01-12 not yet calculated CVE-2017-13181
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471. 2018-01-12 not yet calculated CVE-2017-13185
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127. 2018-01-12 not yet calculated CVE-2017-13183
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349. 2018-01-12 not yet calculated CVE-2017-13180
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android
 
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. 2018-01-12 not yet calculated CVE-2017-13194
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403. 2018-01-12 not yet calculated CVE-2017-13191
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- chrome
 
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. 2018-01-09 not yet calculated CVE-2015-1290
CONFIRM(link is external)
CONFIRM(link is external)
SUSE
MISC(link is external)
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick
 
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. 2018-01-13 not yet calculated CVE-2018-5685
MISC
MISC(link is external)
hibernate -- validator
 
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). 2018-01-10 not yet calculated CVE-2017-7536
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
hitron -- hitron_devices
 
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field. 2018-01-07 not yet calculated CVE-2014-10069
MISC(link is external)
MISC(link is external)
MISC(link is external)
huawei -- campus_switches
 
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. 2018-01-08 not yet calculated CVE-2014-5394
CONFIRM(link is external)
BID(link is external)
XF(link is external)
ibm -- curam_social_program_management
 
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921. 2018-01-11 not yet calculated CVE-2017-1739
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- curam_social_program_management
 
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922. 2018-01-11 not yet calculated CVE-2017-1740
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- qradar
 
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737. 2018-01-10 not yet calculated CVE-2016-9722
CONFIRM(link is external)
MISC(link is external)
ibm -- qradar
 
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. 2018-01-10 not yet calculated CVE-2017-1623
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. 2018-01-10 not yet calculated CVE-2017-1533
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. 2018-01-11 not yet calculated CVE-2017-1478
CONFIRM(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. 2018-01-10 not yet calculated CVE-2017-1534
CONFIRM(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378. 2018-01-10 not yet calculated CVE-2017-1459
CONFIRM(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- security_identity_manager_virtual_appliance
 
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. 2018-01-12 not yet calculated CVE-2016-0332
CONFIRM(link is external)
XF(link is external)
ibm -- security_identity_manager_virtual_appliance
 
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736. 2018-01-12 not yet calculated CVE-2016-0335
CONFIRM(link is external)
XF(link is external)
ibm -- security_identity_manager_virtual_appliance
 
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. 2018-01-12 not yet calculated CVE-2016-0324
CONFIRM(link is external)
XF(link is external)
ibm -- security_identity_manager_virtual_appliance
 
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. 2018-01-12 not yet calculated CVE-2016-0336
CONFIRM(link is external)
XF(link is external)
ibm -- security_identity_manager_virtual_appliance
 
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643. 2018-01-12 not yet calculated CVE-2016-0327
CONFIRM(link is external)
XF(link is external)
ibm -- tivoli_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638. 2018-01-09 not yet calculated CVE-2017-1671
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540. 2018-01-09 not yet calculated CVE-2017-1666
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. 2018-01-09 not yet calculated CVE-2017-1668
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637. 2018-01-09 not yet calculated CVE-2017-1670
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691. 2018-01-09 not yet calculated CVE-2017-1493
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- websphere_application_server
 
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003. 2018-01-11 not yet calculated CVE-2017-1681
CONFIRM(link is external)
MISC(link is external)
ibm -- websphere_portal
 
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158. 2018-01-11 not yet calculated CVE-2018-1361
SECTRACK(link is external)
MISC(link is external)
CONFIRM(link is external)
ibm -- websphere
 
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. 2018-01-09 not yet calculated CVE-2017-1612
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
icy_phoenix -- icy_phoenix
 
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. 2018-01-13 not yet calculated CVE-2018-5697
MISC(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. 2018-01-12 not yet calculated CVE-2018-5358
CONFIRM(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. 2018-01-12 not yet calculated CVE-2018-5357
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. 2018-01-12 not yet calculated CVE-2017-18029
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. 2018-01-12 not yet calculated CVE-2017-18027
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. 2018-01-05 not yet calculated CVE-2018-5248
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. 2018-01-05 not yet calculated CVE-2017-18022
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. 2018-01-12 not yet calculated CVE-2017-18028
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. 2018-01-05 not yet calculated CVE-2018-5246
BID(link is external)
CONFIRM(link is external)
innotube -- itguard-manager
 
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter. 2018-01-08 not yet calculated CVE-2017-18025
EXPLOIT-DB(link is external)
intel -- driver_and_support_assistance
 
SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition. 2018-01-09 not yet calculated CVE-2018-3610
CONFIRM(link is external)
irssi -- irssi
 
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. 2018-01-06 not yet calculated CVE-2018-5205
CONFIRM
irssi -- irssi
 
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. 2018-01-06 not yet calculated CVE-2018-5206
CONFIRM
irssi -- irssi
 
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. 2018-01-06 not yet calculated CVE-2018-5208
CONFIRM
irssi -- irssi
 
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. 2018-01-06 not yet calculated CVE-2018-5207
CONFIRM
ixsystems -- freenas
 
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. 2018-01-08 not yet calculated CVE-2014-5334
MLIST(link is external)
BID(link is external)
CONFIRM
jolla -- sailfish_os
 
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. 2018-01-12 not yet calculated CVE-2015-3888
MISC(link is external)
joomla! -- joomla!
 
The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. 2018-01-08 not yet calculated CVE-2018-5263
CONFIRM(link is external)
EXPLOIT-DB(link is external)
joomla! -- joomla!
 
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. 2018-01-13 not yet calculated CVE-2018-5696
MISC(link is external)
jungo_connectivity -- windriver
 
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability. 2018-01-11 not yet calculated CVE-2018-5189
EXPLOIT-DB(link is external)
MISC(link is external)
juniper_networks -- junos_os
 
A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10 not yet calculated CVE-2018-0004
CONFIRM(link is external)
juniper_networks -- junos_os
 
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10 not yet calculated CVE-2018-0007
CONFIRM(link is external)
juniper_networks -- junos_os
 
An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10 not yet calculated CVE-2018-0008
CONFIRM(link is external)
juniper_networks -- junos_os
 
QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7. 2018-01-10 not yet calculated CVE-2018-0005
CONFIRM(link is external)
juniper_networks -- junos_os
 
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10 not yet calculated CVE-2018-0002
CONFIRM(link is external)
juniper_networks -- junos_os
 
On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series. 2018-01-10 not yet calculated CVE-2018-0009
BID(link is external)
CONFIRM(link is external)
juniper_networks -- junos_os
 
A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2. 2018-01-10 not yet calculated CVE-2018-0006
CONFIRM(link is external)
juniper_networks -- junos_os
 
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70. 2018-01-10 not yet calculated CVE-2018-0001
CONFIRM(link is external)
juniper_networks -- junos_os
 
A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3R12 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10 not yet calculated CVE-2018-0003
CONFIRM(link is external)
juniper_networks -- junos_space_network_management_platform
 
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system. 2018-01-10 not yet calculated CVE-2018-0013
CONFIRM(link is external)
juniper_networks -- junos_space_security_director
 
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. 2018-01-10 not yet calculated CVE-2018-0012
CONFIRM(link is external)
juniper_networks -- junos_space_security_director
 
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device. 2018-01-10 not yet calculated CVE-2018-0011
CONFIRM(link is external)
juniper_networks -- junos_space_security_director
 
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1. 2018-01-10 not yet calculated CVE-2018-0010
CONFIRM(link is external)
juniper_networks -- screenos
 
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25. 2018-01-10 not yet calculated CVE-2018-0014
CONFIRM(link is external)
kentico -- kentico
 
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. 2018-01-08 not yet calculated CVE-2018-5282
MISC(link is external)
ks_mobile -- cheetah_mobile_armorfly_browser_and_downloader
 
Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. 2018-01-11 not yet calculated CVE-2018-5327
MISC(link is external)
ks_mobile -- cheetah_mobile_cm_browser_app
 
Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. 2018-01-11 not yet calculated CVE-2018-5326
MISC(link is external)
ldaptive -- ldaptive
 
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2018-01-08 not yet calculated CVE-2014-3607
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
lenovo -- lenovo
 
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. 2018-01-10 not yet calculated CVE-2017-3765
CONFIRM(link is external)
lhaplus --lhaplus
 
Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive. 2018-01-12 not yet calculated CVE-2017-2158
CONFIRM(link is external)
JVN(link is external)
libav -- libav
 
In Libav 12.1, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file. 2018-01-13 not yet calculated CVE-2018-5684
MISC
libming -- libming
 
In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. 2018-01-08 not yet calculated CVE-2018-5294
MISC(link is external)
libtiff -- libtiff
 
LibTIFF 4.0.9 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. 2018-01-13 not yet calculated CVE-2018-5360
MISC(link is external)
linuxmagic -- magicspam
 
The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. 2018-01-13 not yet calculated CVE-2018-5693
MISC(link is external)
linux -- linux_kernel
 
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. 2018-01-12 not yet calculated CVE-2018-5344
MISC
MISC(link is external)
linux -- linux_kernel
 
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. 2018-01-11 not yet calculated CVE-2018-5333
CONFIRM
CONFIRM(link is external)
linux -- linux_kernel
 
In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). 2018-01-11 not yet calculated CVE-2018-5332
CONFIRM
CONFIRM(link is external)
linux -- linux_kernel
 
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. 2018-01-09 not yet calculated CVE-2017-15129
MISC
MISC
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC
lrzip -- lrzip
 
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. 2018-01-12 not yet calculated CVE-2018-5650
MISC(link is external)
magento -- magento
 
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. 2018-01-08 not yet calculated CVE-2018-5301
CONFIRM(link is external)
malwarebytes -- malwarebytes_premium In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. 2018-01-08 not yet calculated CVE-2018-5274
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. 2018-01-08 not yet calculated CVE-2018-5275
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. 2018-01-08 not yet calculated CVE-2018-5270
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. 2018-01-08 not yet calculated CVE-2018-5278
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. 2018-01-08 not yet calculated CVE-2018-5273
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. 2018-01-08 not yet calculated CVE-2018-5277
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. 2018-01-08 not yet calculated CVE-2018-5272
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. 2018-01-08 not yet calculated CVE-2018-5279
BID(link is external)
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. 2018-01-08 not yet calculated CVE-2018-5276
MISC(link is external)
malwarebytes -- malwarebytes_premium
 
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. 2018-01-08 not yet calculated CVE-2018-5271
BID(link is external)
MISC(link is external)
matrixssl -- matrixssl
 
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. 2018-01-09 not yet calculated CVE-2017-1000415
MISC
MISC(link is external)
microsoft -- .net_framework_and_.net_core Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 and .NET Core 1.0 and 2.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability". 2018-01-09 not yet calculated CVE-2018-0786
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- .net_framework_and_.net_core
 
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. 2018-01-09 not yet calculated CVE-2018-0764
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- asp.net_core
 
ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". 2018-01-09 not yet calculated CVE-2018-0785
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- asp.net_core
 
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. 2018-01-09 not yet calculated CVE-2018-0784
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- chakracore
 
Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass". 2018-01-09 not yet calculated CVE-2018-0818
BID(link is external)
CONFIRM(link is external)
microsoft -- office_2016_for_mac
 
Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac." 2018-01-09 not yet calculated CVE-2018-0819
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". 2018-01-09 not yet calculated CVE-2018-0795
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability". 2018-01-09 not yet calculated CVE-2018-0812
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. 2018-01-09 not yet calculated CVE-2018-0804
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807 2018-01-09 not yet calculated CVE-2018-0805
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806. 2018-01-09 not yet calculated CVE-2018-0807
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807. 2018-01-09 not yet calculated CVE-2018-0806
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". 2018-01-09 not yet calculated CVE-2018-0796
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794. 2018-01-09 not yet calculated CVE-2018-0792
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. 2018-01-09 not yet calculated CVE-2018-0802
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". 2018-01-09 not yet calculated CVE-2018-0798
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". 2018-01-09 not yet calculated CVE-2018-0797
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792. 2018-01-09 not yet calculated CVE-2018-0794
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office
 
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". 2018-01-09 not yet calculated CVE-2018-0801
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- outlook
 
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. 2018-01-09 not yet calculated CVE-2018-0791
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- outlook
 
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791. 2018-01-09 not yet calculated CVE-2018-0793
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- sharepoint_enterprise_server
 
Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". 2018-01-09 not yet calculated CVE-2018-0799
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- sharepoint_products
 
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. 2018-01-09 not yet calculated CVE-2018-0789
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- sharepoint_products
 
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789. 2018-01-09 not yet calculated CVE-2018-0790
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
milum -- office_tracker
 
Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. 2018-01-10 not yet calculated CVE-2017-18023
MISC(link is external)
mono -- mono
 
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. 2018-01-08 not yet calculated CVE-2015-2319
CONFIRM(link is external)
MLIST(link is external)
BID(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC
DEBIAN
mono -- mono
 
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. 2018-01-08 not yet calculated CVE-2015-2320
CONFIRM(link is external)
MLIST(link is external)
BID(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
mono -- mono
 
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. 2018-01-08 not yet calculated CVE-2015-2318
CONFIRM(link is external)
MLIST(link is external)
BID(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC
DEBIAN
moxa -- moxa
 
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. 2018-01-12 not yet calculated CVE-2017-14030
BID(link is external)
MISC
newsbee_cms -- newsbee_cms
 
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php. 2018-01-13 not yet calculated CVE-2018-5687
MISC(link is external)
newsbee_cms -- newsbee_cms
 
SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands. 2018-01-08 not yet calculated CVE-2017-5971
EXPLOIT-DB(link is external)
novosoft -- handy_password
 
A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action. 2018-01-10 not yet calculated CVE-2017-17946
MISC
MISC(link is external)
numpy -- numpy
 
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. 2018-01-08 not yet calculated CVE-2014-1858
FEDORA
FEDORA
MLIST(link is external)
BID(link is external)
CONFIRM
CONFIRM(link is external)
XF(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
numpy -- numpy
 
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. 2018-01-08 not yet calculated CVE-2014-1859
FEDORA
FEDORA
MLIST(link is external)
BID(link is external)
CONFIRM
CONFIRM(link is external)
XF(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
opencv -- opencv
 
In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. 2018-01-08 not yet calculated CVE-2018-5269
MISC(link is external)
opencv -- opencv
 
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. 2018-01-08 not yet calculated CVE-2018-5268
MISC(link is external)
palo_alto_networks -- pan-os
 
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. 2018-01-10 not yet calculated CVE-2017-16878
SECTRACK(link is external)
CONFIRM(link is external)
palo_alto_networks -- pan-os
 
Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. 2018-01-10 not yet calculated CVE-2017-17841
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
palo_alto_networks -- pan-os
 
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-01-10 not yet calculated CVE-2017-15941
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
parity -- parity_browser
 
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin). 2018-01-11 not yet calculated CVE-2017-18016
MLIST(link is external)
CONFIRM(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
perl -- perl
 
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. 2018-01-08 not yet calculated CVE-2014-5509
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
MISC
phoenix_contact -- fl_switch An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device. 2018-01-12 not yet calculated CVE-2017-16743
MISC
phoenix_contact -- fl_switch
 
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information. 2018-01-12 not yet calculated CVE-2017-16741
MISC
phpmelody -- phpmelody
 
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. 2018-01-09 not yet calculated CVE-2018-5211
EXPLOIT-DB(link is external)
piwigo -- piwigo
 
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. 2018-01-13 not yet calculated CVE-2018-5692
MISC(link is external)
podofo -- podofo
 
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. 2018-01-08 not yet calculated CVE-2018-5296
MISC(link is external)
podofo -- podofo
 
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. 2018-01-09 not yet calculated CVE-2018-5309
MISC(link is external)
podofo -- podofo
 
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. 2018-01-09 not yet calculated CVE-2018-5308
MISC(link is external)
podofo -- podofo
 
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. 2018-01-08 not yet calculated CVE-2018-5295
MISC(link is external)
prestashop -- prestashop
 
PrestaShop 1.7.2.4 allow user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. 2018-01-13 not yet calculated CVE-2018-5682
MISC(link is external)
prestashop -- prestashop
 
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. 2018-01-13 not yet calculated CVE-2018-5681
MISC(link is external)
proctor_and_gamble -- oral-b_app
 
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file. 2018-01-08 not yet calculated CVE-2018-5298
MISC(link is external)
progress_software -- sitefinity
 
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. 2018-01-08 not yet calculated CVE-2017-15883
CONFIRM(link is external)
MISC(link is external)
qemu -- qemu
 
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. 2018-01-12 not yet calculated CVE-2014-3471
GENTOO
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
MLIST
qemu -- qemu
 
VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. 2018-01-09 not yet calculated CVE-2017-15124
CONFIRM(link is external)
red_hat -- cloudforums_management_engine
 
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. 2018-01-11 not yet calculated CVE-2014-0087
CONFIRM(link is external)
MISC(link is external)
red_hat -- enterprise_linux
 
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. 2018-01-09 not yet calculated CVE-2017-15131
CONFIRM(link is external)
red_hat -- jboss_enterprise_application_platform
 
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656. 2018-01-10 not yet calculated CVE-2017-12189
BID(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- openshift_enterprise
 
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. 2018-01-08 not yet calculated CVE-2013-4364
CONFIRM(link is external)
redmine -- redmine
 
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536. 2018-01-10 not yet calculated CVE-2017-18026
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC
MISC
rockwell_automation_allen-bradley -- micrologix_1400_controllers
 
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. 2018-01-09 not yet calculated CVE-2017-16740
BID(link is external)
MISC
ruby -- ruby
 
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-4998
MLIST(link is external)
MLIST(link is external)
MISC
ruby -- ruby
 
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. 2018-01-10 not yet calculated CVE-2014-4995
MLIST(link is external)
MLIST(link is external)
BID(link is external)
MISC
XF(link is external)
ruby -- ruby
 
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. 2018-01-10 not yet calculated CVE-2014-4996
MLIST(link is external)
MLIST(link is external)
BID(link is external)
MISC
XF(link is external)
ruby -- ruby
 
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-4993
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
MISC
MISC
ruby -- ruby
 
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-4997
MLIST(link is external)
MLIST(link is external)
BID(link is external)
MISC
ruby -- ruby
 
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. 2018-01-10 not yet calculated CVE-2014-4994
MLIST(link is external)
MLIST(link is external)
MISC
ruby -- ruby
 
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-4992
MLIST(link is external)
MLIST(link is external)
MISC
ruby -- ruby
 
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. 2018-01-10 not yet calculated CVE-2014-5003
MLIST(link is external)
MLIST(link is external)
MISC
ruby -- ruby
 
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-4991
MLIST(link is external)
MLIST(link is external)
BID(link is external)
MISC
ruby -- ruby
 
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-5000
MLIST(link is external)
MLIST(link is external)
MISC
ruby -- ruby
 
The lynx gem 0.2.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. 2018-01-10 not yet calculated CVE-2014-5002
MLIST(link is external)
MLIST(link is external)
MISC
ruby -- ruby
 
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. 2018-01-10 not yet calculated CVE-2014-5001
MLIST(link is external)
MLIST(link is external)
MISC
ruby -- ruby
 
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-5004
MLIST(link is external)
MLIST(link is external)
BID(link is external)
MISC
ruby -- ruby
 
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. 2018-01-10 not yet calculated CVE-2014-4999
MLIST(link is external)
MLIST(link is external)
MISC
sap -- hana
 
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. 2018-01-09 not yet calculated CVE-2018-2362
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sap -- netweaver_and_basis
 
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. 2018-01-09 not yet calculated CVE-2018-2363
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sap -- solution_manager
 
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. 2018-01-09 not yet calculated CVE-2018-2361
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sap -- startup_service
 
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. 2018-01-09 not yet calculated CVE-2018-2360
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
seagate -- personal_cloud
 
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. 2018-01-11 not yet calculated CVE-2018-5347
MISC(link is external)
shibboleth -- shibboleth
 
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. 2018-01-13 not yet calculated CVE-2018-0486
MISC
MISC(link is external)
skybox_security -- skybox_platform
 
An issue was discovered in Skybox Platform before 7.5.401. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. 2018-01-12 not yet calculated CVE-2015-9249
MISC(link is external)
skybox_security -- skybox_platform
 
An issue was discovered in Skybox Platform before 7.5.401. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. 2018-01-12 not yet calculated CVE-2015-9250
MISC(link is external)
skybox_security -- skybox_platform
 
An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. 2018-01-12 not yet calculated CVE-2015-9247
MISC(link is external)
skybox_security -- skybox_platform
 
An issue was discovered in Skybox Platform before 7.5.401. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. 2018-01-12 not yet calculated CVE-2015-9246
MISC(link is external)
skybox_security -- skybox_platform
 
An issue was discovered in Skybox Platform before 7.5.401. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. 2018-01-12 not yet calculated CVE-2015-9248
MISC(link is external)
sonicwall -- sonicos
 
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. 2018-01-08 not yet calculated CVE-2018-5280
BID(link is external)
MISC(link is external)
sonicwall -- sonicos
 
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. 2018-01-08 not yet calculated CVE-2018-5281
BID(link is external)
MISC(link is external)
sonicwall -- global_management_system
 
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. 2018-01-13 not yet calculated CVE-2018-5691
MISC(link is external)
MISC(link is external)
sophos -- xg_firewall
 
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request. 2018-01-12 not yet calculated CVE-2017-18014
FULLDISC
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
sulu-standard -- sulu-standard
 
Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code. 2018-01-09 not yet calculated CVE-2017-1000465
CONFIRM(link is external)
symantec -- advanced_security_gateway
 
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. 2018-01-09 not yet calculated CVE-2016-10257
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
symantec -- proxysg
 
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. 2018-01-09 not yet calculated CVE-2016-10256
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
symmetricom -- s350i
 
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. 2018-01-08 not yet calculated CVE-2014-5071
MISC(link is external)
symmetricom -- s350i
 
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. 2018-01-11 not yet calculated CVE-2014-5068
MISC(link is external)
symmetricom -- s350i
 
Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. 2018-01-08 not yet calculated CVE-2014-5069
MISC(link is external)
symmetricom -- s350i
 
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. 2018-01-11 not yet calculated CVE-2014-5070
MISC(link is external)
teamspeak -- client Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags. 2018-01-08 not yet calculated CVE-2014-7222
MISC(link is external)
MISC(link is external)
MISC(link is external)
BID(link is external)
XF(link is external)
teamspeak -- client
 
TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings. 2018-01-08 not yet calculated CVE-2014-7221
MISC(link is external)
MISC(link is external)
BID(link is external)
XF(link is external)
MISC(link is external)
tp-link -- multiple_devices TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file. 2018-01-11 not yet calculated CVE-2017-15636
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. 2018-01-11 not yet calculated CVE-2017-15613
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15614
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15631
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15630
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file. 2018-01-11 not yet calculated CVE-2017-15635
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file. 2018-01-11 not yet calculated CVE-2017-15632
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15627
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file. 2018-01-11 not yet calculated CVE-2017-15628
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file. 2018-01-11 not yet calculated CVE-2017-15634
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file. 2018-01-11 not yet calculated CVE-2017-15633
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file. 2018-01-11 not yet calculated CVE-2017-15637
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15629
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15625
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file. 2018-01-11 not yet calculated CVE-2017-15616
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file. 2018-01-11 not yet calculated CVE-2017-15620
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15618
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file. 2018-01-11 not yet calculated CVE-2017-15617
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15619
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file. 2018-01-11 not yet calculated CVE-2017-15626
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file. 2018-01-11 not yet calculated CVE-2017-15624
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15615
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file. 2018-01-11 not yet calculated CVE-2017-15622
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file. 2018-01-11 not yet calculated CVE-2017-15623
BUGTRAQ(link is external)
MISC(link is external)
tp-link -- multiple_devices
 
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file. 2018-01-11 not yet calculated CVE-2017-15621
BUGTRAQ(link is external)
MISC(link is external)
undertow -- undertow
 
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. 2018-01-10 not yet calculated CVE-2017-7559
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
vmware -- v4_desktop_agents
 
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. 2018-01-05 not yet calculated CVE-2017-4946
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
vmware -- workstation_and_fusion
 
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. 2018-01-11 not yet calculated CVE-2017-4949
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
vmware -- workstation_and_fusion
 
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. 2018-01-11 not yet calculated CVE-2017-4950
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
vmware -- workstation
 
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. 2018-01-05 not yet calculated CVE-2017-4948
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
vmware -- workstation
 
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. 2018-01-05 not yet calculated CVE-2017-4945
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
websitebaker -- websitebaker
 
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. 2018-01-10 not yet calculated CVE-2017-16514
MISC(link is external)
wecon_technology -- levi_studio_hmi_editor
 
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user. 2018-01-12 not yet calculated CVE-2017-16737
BID(link is external)
MISC
wecon_technology -- levi_studio_hmi_editor
 
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. 2018-01-12 not yet calculated CVE-2017-16739
BID(link is external)
MISC
whale -- whale
 
The Installer in Whale allows DLL hijacking. 2018-01-07 not yet calculated CVE-2017-15913
CONFIRM(link is external)
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. 2018-01-11 not yet calculated CVE-2018-5335
BID(link is external)
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. 2018-01-11 not yet calculated CVE-2018-5334
BID(link is external)
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. 2018-01-11 not yet calculated CVE-2018-5336
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wizardmac -- wizardmac
 
libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string. 2018-01-13 not yet calculated CVE-2018-5698
CONFIRM(link is external)
wordpress -- wordpress An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter. 2018-01-12 not yet calculated CVE-2018-5653
MISC(link is external)
wordpress -- wordpress The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php. 2018-01-12 not yet calculated CVE-2018-5364
MISC(link is external)
MISC(link is external)
wordpress -- wordpress An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter. 2018-01-12 not yet calculated CVE-2018-5652
MISC(link is external)
wordpress -- wordpress The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php. 2018-01-12 not yet calculated CVE-2018-5367
MISC(link is external)
MISC(link is external)
wordpress -- wordpress An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter. 2018-01-12 not yet calculated CVE-2018-5655
MISC(link is external)
wordpress -- wordpress An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter. 2018-01-12 not yet calculated CVE-2018-5668
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter. 2018-01-12 not yet calculated CVE-2018-5664
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter. 2018-01-12 not yet calculated CVE-2018-5663
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php. 2018-01-12 not yet calculated CVE-2018-5658
MISC(link is external)
wordpress -- wordpress
 
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. 2018-01-12 not yet calculated CVE-2016-10706
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter. 2018-01-12 not yet calculated CVE-2018-5659
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter. 2018-01-12 not yet calculated CVE-2018-5665
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter. 2018-01-12 not yet calculated CVE-2018-5660
MISC(link is external)
wordpress -- wordpress
 
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. 2018-01-13 not yet calculated CVE-2018-5695
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter. 2018-01-12 not yet calculated CVE-2018-5661
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter. 2018-01-12 not yet calculated CVE-2018-5672
MISC(link is external)
wordpress -- wordpress
 
The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. 2018-01-08 not yet calculated CVE-2018-5283
MISC(link is external)
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. 2018-01-08 not yet calculated CVE-2018-5288
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter. 2018-01-12 not yet calculated CVE-2018-5670
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php. 2018-01-12 not yet calculated CVE-2018-5673
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter. 2018-01-12 not yet calculated CVE-2018-5667
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php. 2018-01-12 not yet calculated CVE-2018-5669
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title parameter. 2018-01-12 not yet calculated CVE-2018-5662
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter. 2018-01-12 not yet calculated CVE-2018-5657
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter. 2018-01-12 not yet calculated CVE-2018-5666
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter. 2018-01-12 not yet calculated CVE-2018-5654
MISC(link is external)
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. 2018-01-08 not yet calculated CVE-2018-5289
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. 2018-01-08 not yet calculated CVE-2018-5290
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter. 2018-01-12 not yet calculated CVE-2018-5671
MISC(link is external)
wordpress -- wordpress
 
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. 2018-01-12 not yet calculated CVE-2016-10705
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. 2018-01-09 not yet calculated CVE-2018-5311
MISC(link is external)
MISC
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. 2018-01-08 not yet calculated CVE-2018-5286
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php. 2018-01-12 not yet calculated CVE-2018-5656
MISC(link is external)
wordpress -- wordpress
 
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php. 2018-01-12 not yet calculated CVE-2018-5362
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. 2018-01-08 not yet calculated CVE-2018-5287
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. 2018-01-09 not yet calculated CVE-2018-5312
MISC(link is external)
MISC
wordpress -- wordpress
 
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. 2018-01-12 not yet calculated CVE-2018-5315
MISC(link is external)
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. 2018-01-09 not yet calculated CVE-2018-5310
MISC(link is external)
MISC
MISC
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. 2018-01-08 not yet calculated CVE-2018-5293
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php. 2018-01-12 not yet calculated CVE-2018-5363
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php. 2018-01-12 not yet calculated CVE-2018-5365
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. 2018-01-08 not yet calculated CVE-2018-5292
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. 2018-01-08 not yet calculated CVE-2018-5291
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php. 2018-01-12 not yet calculated CVE-2018-5366
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. 2018-01-08 not yet calculated CVE-2018-5285
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. 2018-01-08 not yet calculated CVE-2018-5284
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. 2018-01-09 not yet calculated CVE-2018-5316
MISC(link is external)
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter. 2018-01-12 not yet calculated CVE-2018-5651
MISC(link is external)
wordpress -- wordpress
 
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). 2018-01-12 not yet calculated CVE-2018-5374
MISC(link is external)
wordpress -- wordpress
 
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). 2018-01-12 not yet calculated CVE-2018-5373
MISC(link is external)
wordpress -- wordpress
 
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter. 2018-01-12 not yet calculated CVE-2018-5369
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php. 2018-01-12 not yet calculated CVE-2018-5368
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). 2018-01-12 not yet calculated CVE-2018-5372
MISC(link is external)
wordpress -- wordpress
 
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php. 2018-01-12 not yet calculated CVE-2018-5361
MISC(link is external)
MISC(link is external)
xen -- xen
 
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. 2018-01-05 not yet calculated CVE-2018-5244
BID(link is external)
CONFIRM
xplico -- xplico
 
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature. 2018-01-05 not yet calculated CVE-2017-16666
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
CONFIRM
yawcam -- yawcam
 
Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a "GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts." request. 2018-01-10 not yet calculated CVE-2017-17662
MISC(link is external)
CONFIRM(link is external)
yodobashi_camera -- yodobashi_app_for_android
 
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-01-12 not yet calculated CVE-2015-2981
JVN(link is external)
JVNDB(link is external)
BID(link is external)
 wordpress -- wordpress
 
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. 2018-01-08 not yet calculated CVE-2014-4972
MISC(link is external)
MISC