Vulnerability Summary for the Week of January 29, 2018

Released
Feb 05, 2018
Document ID
SB18-036

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wondercms -- wondercmsIn WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.2018-01-266.5CVE-2017-14521
MISC

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
7-zip -- 7-zip_and_p7zipInsufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.2018-01-31not yet calculatedCVE-2018-5996
MISC
7-zip -- 7-zip_and_p7zipHeap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.2018-01-30not yet calculatedCVE-2017-17969
MISC
apache -- cordovaAfter the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip2018-02-01not yet calculatedCVE-2017-3160
MISC
apache -- poiApache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).2018-01-29not yet calculatedCVE-2017-12626
BID
MLIST
apache -- tomcatAs part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.2018-01-31not yet calculatedCVE-2017-15706
MLIST
apache -- tomcat_native_connectorWhen parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.2018-01-31not yet calculatedCVE-2017-15698
MLIST
apport -- apportApport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.2018-02-02not yet calculatedCVE-2017-14179
CONFIRM
CONFIRM
apport -- apportApport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.2018-02-02not yet calculatedCVE-2017-14177
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apport -- apportApport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.2018-02-02not yet calculatedCVE-2017-14180
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apsis -- poundApsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.2018-01-29not yet calculatedCVE-2016-10711
CONFIRM
arq -- arqThe standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.2018-01-31not yet calculatedCVE-2017-16945
MISC
MISC
EXPLOIT-DB
arq -- arqThe arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.2018-01-31not yet calculatedCVE-2017-16928
MISC
MISC
EXPLOIT-DB
artifex -- mupdfpdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.2018-02-02not yet calculatedCVE-2018-6544
MISC
MISC
MISC
MISC
asus -- asuswrtPassword are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.2018-01-31not yet calculatedCVE-2017-15656
MISC
FULLDISC
asus -- asuswrtMultiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.2018-01-31not yet calculatedCVE-2017-15655
MISC
FULLDISC
MISC
asus -- asuswrtHighly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.2018-01-31not yet calculatedCVE-2017-15654
MISC
FULLDISC
asus -- asuswrtImproper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.2018-01-31not yet calculatedCVE-2017-15653
MISC
FULLDISC
asus -- multiple_routersASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.2018-01-29not yet calculatedCVE-2017-14698
CONFIRM
MISC
asus -- multiple_routersMultiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.2018-01-29not yet calculatedCVE-2017-14699
CONFIRM
MISC
atlassian -- activity_streamsSeveral rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.2018-01-29not yet calculatedCVE-2017-9513
BID
CONFIRM
atlassian -- bambooThe update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18042
CONFIRM
atlassian -- bambooThe saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18080
CONFIRM
atlassian -- bambooThe viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18041
CONFIRM
atlassian -- bambooThe viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18040
CONFIRM
atlassian -- bambooThe signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.2018-02-02not yet calculatedCVE-2017-18081
CONFIRM
atlassian -- bambooThe plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.2018-02-02not yet calculatedCVE-2017-18082
CONFIRM
atlassian -- bitbucket_serverThe Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18036
CONFIRM
atlassian -- bitbucket_serverThe git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.2018-02-02not yet calculatedCVE-2017-18037
CONFIRM
atlassian -- bitbucket_serverThe repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.2018-02-02not yet calculatedCVE-2017-18038
CONFIRM
atlassian -- confluence_serverThe viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.2018-02-02not yet calculatedCVE-2017-18085
CONFIRM
atlassian -- confluence_serverThe editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.2018-02-02not yet calculatedCVE-2017-18083
CONFIRM
atlassian -- confluence_serverThe usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.2018-02-02not yet calculatedCVE-2017-18084
CONFIRM
atlassian -- confluence_server
 
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.2018-02-02not yet calculatedCVE-2017-18086
CONFIRM
atlassian -- crowdThe 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.2018-01-31not yet calculatedCVE-2017-16858
CONFIRM
atlassian -- fisheye_and_crucibleIt was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.2018-01-31not yet calculatedCVE-2017-16861
MISC
MISC
MISC
MISC
atlassian -- fisheye_and_crucibleThe /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.2018-02-02not yet calculatedCVE-2017-18035
CONFIRM
CONFIRM
atlassian -- fisheye_and_crucibleThe source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.2018-02-02not yet calculatedCVE-2017-18034
CONFIRM
CONFIRM
atlassian -- jiraThe IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.2018-02-02not yet calculatedCVE-2017-18039
CONFIRM
bmc -- track-it!BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.2018-01-30not yet calculatedCVE-2016-6599
MISC
FULLDISC
CONFIRM
MISC
bmc -- track-it!BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.2018-01-30not yet calculatedCVE-2016-6598
MISC
FULLDISC
CONFIRM
MISC
brace-expansion -- brace-expansionindex.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.2018-01-27not yet calculatedCVE-2017-18077
MISC
MISC
MISC
MISC
ccn-lite -- ccn-liteA type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient.2018-01-31not yet calculatedCVE-2018-6480
CONFIRM
center_for_internet_security -- cis-cat_pro_dashboardIn Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.2018-01-31not yet calculatedCVE-2017-8916
CONFIRM
cisco -- adaptive_security_applianceA vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618.2018-01-29not yet calculatedCVE-2018-0101
BID
SECTRACK
CONFIRM
cisco -- ios_xrA vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800.2018-01-31not yet calculatedCVE-2018-0136
SECTRACK
CONFIRM
citrix -- netscaler_vpxCitrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.2018-02-01not yet calculatedCVE-2018-6186
MISC
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.2018-01-26not yet calculatedCVE-2017-12378
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.2018-01-26not yet calculatedCVE-2017-12376
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.2018-01-26not yet calculatedCVE-2017-12380
CONFIRM
CONFIRM
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.2018-01-26not yet calculatedCVE-2017-12375
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.2018-01-26not yet calculatedCVE-2017-12379
CONFIRM
CONFIRM
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.2018-01-26not yet calculatedCVE-2017-12374
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.2018-01-26not yet calculatedCVE-2017-12377
CONFIRM
CONFIRM
cloud_foundry_foundation -- cf-releaseIn Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.2018-02-01not yet calculatedCVE-2018-1192
CONFIRM
conceptronic -- cipcamptiwl_devicesAn issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.2018-01-30not yet calculatedCVE-2018-6407
MISC
conceptronic -- cipcamptiwl_devicesAn issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account.2018-01-30not yet calculatedCVE-2018-6408
MISC
data_components -- tsitebuilderSQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.2018-01-29not yet calculatedCVE-2018-6365
MISC
EXPLOIT-DB
debian -- debianzxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.2018-01-30not yet calculatedCVE-2011-2902
MLIST
CONFIRM
CONFIRM
dodocool -- dc38_3-in-1_n300_mini_wireless_range_devicesAn issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc.2018-01-29not yet calculatedCVE-2018-5720
EXPLOIT-DB
dojo -- dojo_toolkitdijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.2018-02-02not yet calculatedCVE-2018-6561
MISC
drupal -- drupalThe Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.2018-02-01not yet calculatedCVE-2014-9503
MLIST
XF
MISC
CONFIRM
drupal -- drupalMultiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.2018-02-01not yet calculatedCVE-2014-9502
MLIST
XF
MISC
CONFIRM
drupal -- drupal
 
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.2018-02-01not yet calculatedCVE-2014-9504
MLIST
XF
MISC
CONFIRM
electrum -- electrumThe Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.2018-01-27not yet calculatedCVE-2018-6353
MISC
MISC
eventum -- eventumEventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.2018-01-31not yet calculatedCVE-2014-1631
CONFIRM
BUGTRAQ
CONFIRM
MISC
eventum -- eventumhtdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.2018-01-31not yet calculatedCVE-2014-1632
CONFIRM
BUGTRAQ
CONFIRM
MISC
evergreen -- evergreenEvergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.2018-02-01not yet calculatedCVE-2015-2204
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
evergreen -- evergreenEvergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.2018-02-01not yet calculatedCVE-2015-2203
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
evergreen -- evergreenThe open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.2018-02-01not yet calculatedCVE-2013-7435
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
ezcode -- event_managerSQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.2018-02-02not yet calculatedCVE-2018-6576
EXPLOIT-DB
ffmpeg -- ffmpegThe filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.2018-01-29not yet calculatedCVE-2018-6392
BID
CONFIRM
CONFIRM
flatpak -- flatpakIn dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.2018-02-02not yet calculatedCVE-2018-6560
CONFIRM
CONFIRM
CONFIRM
flexense -- syncbreeze_enterpriseA buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.2018-02-02not yet calculatedCVE-2018-6537
EXPLOIT-DB
formspree -- formspreetemplates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.2018-01-27not yet calculatedCVE-2018-6354
MISC
fortinet -- fortiosA Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.2018-01-29not yet calculatedCVE-2017-14190
BID
SECTRACK
CONFIRM
freepbx -- freepbxFreePBX 10.13.66-32bit allows post-authentication SQL injection via the order parameter.2018-01-29not yet calculatedCVE-2018-6393
MISC
BID
g_data_totalprotection -- g_data_totalprotectionThe MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.2018-02-01not yet calculatedCVE-2014-3752
MISC
FULLDISC
BUGTRAQ
MISC
gifsicle -- gifsicleA double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.2018-02-02not yet calculatedCVE-2017-18120
MISC
MISC
MISC
MISC
glibc -- glibcA buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.2018-01-31not yet calculatedCVE-2017-1000409
MLIST
EXPLOIT-DB
glibc -- glibcA memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.2018-01-31not yet calculatedCVE-2017-1000408
MLIST
EXPLOIT-DB
glibc -- glibcIn glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.2018-01-31not yet calculatedCVE-2018-1000001
MLIST
BID
SECTRACK
EXPLOIT-DB
MISC
gnu -- binutilsThe elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-01-26not yet calculatedCVE-2018-6323
BID
CONFIRM
gnu -- binutilsIn GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-02-02not yet calculatedCVE-2018-6543
MISC
gnu -- cpioIt was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory.2018-01-29not yet calculatedCVE-2017-7516
CONFIRM
MISC
gnu -- glibcAn integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.2018-02-01not yet calculatedCVE-2018-6485
CONFIRM
CONFIRM
gnu -- glibcThe malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.2018-02-02not yet calculatedCVE-2018-6551
CONFIRM
CONFIRM
hotspot_shield -- hotspot_shieldHotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.2018-01-31not yet calculatedCVE-2018-6460
MISC
huawei -- multple_productsMultiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.2018-01-30not yet calculatedCVE-2014-4705
SECUNIA
CONFIRM
iball -- 300m_devices/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter.2018-01-30not yet calculatedCVE-2018-6355
MISC
iball -- ib-wra150n_devicesiBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.2018-01-29not yet calculatedCVE-2018-6388
MISC
iball -- ib-wra150n_devicesiBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.2018-01-29not yet calculatedCVE-2018-6387
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.2018-01-29not yet calculatedCVE-2017-1783
CONFIRM
BID
SECTRACK
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.2018-01-29not yet calculatedCVE-2017-1779
CONFIRM
BID
SECTRACK
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.2018-01-29not yet calculatedCVE-2017-1784
CONFIRM
SECTRACK
MISC
ibm -- cognos_tm1IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617.2018-01-26not yet calculatedCVE-2017-1506
CONFIRM
SECTRACK
MISC
ibm -- content_navigatorIBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.2018-01-29not yet calculatedCVE-2018-1364
CONFIRM
BID
MISC
ibm -- datapower_gatewaysIBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.2018-01-31not yet calculatedCVE-2017-1773
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.2018-01-26not yet calculatedCVE-2017-1545
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.2018-01-26not yet calculatedCVE-2017-1540
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 131769.2018-01-26not yet calculatedCVE-2017-1567
CONFIRM
BID
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.2018-01-26not yet calculatedCVE-2017-1563
CONFIRM
BID
MISC
ibm -- doors_web_accessIBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.2018-01-26not yet calculatedCVE-2017-1532
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.2018-01-26not yet calculatedCVE-2017-1515
CONFIRM
BID
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.2018-01-26not yet calculatedCVE-2017-1516
CONFIRM
BID
MISC
ibm -- jazz_foundationIBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.2018-01-26not yet calculatedCVE-2017-1653
CONFIRM
BID
SECTRACK
SECTRACK
SECTRACK
MISC
ibm -- remote_controlIBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.2018-01-31not yet calculatedCVE-2017-1233
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.2018-01-26not yet calculatedCVE-2016-2983
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.2018-01-26not yet calculatedCVE-2017-1204
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experience
 
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.2018-01-26not yet calculatedCVE-2017-1279
CONFIRM
MISC
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.2018-01-30not yet calculatedCVE-2017-1731
CONFIRM
MISC
icinga -- icingaAn issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.2018-02-02not yet calculatedCVE-2018-6536
MISC
imagemagick -- imagemagickIn the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.2018-01-30not yet calculatedCVE-2018-6405
CONFIRM
imm2 -- imm2An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.2018-01-26not yet calculatedCVE-2017-3768
CONFIRM
intel -- graphics_driverPointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.2018-02-02not yet calculatedCVE-2017-5727
CONFIRM
iolo -- system_shieldIn Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.2018-01-31not yet calculatedCVE-2018-5701
MISC
EXPLOIT-DB
MISC
ipswitch -- moveitIpswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.2018-02-02not yet calculatedCVE-2018-6545
MISC
japan_total_system -- groupsessionOpen redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2018-01-26not yet calculatedCVE-2017-2166
JVN
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.2018-01-29not yet calculatedCVE-2017-1000355
BID
CONFIRM
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.2018-01-29not yet calculatedCVE-2017-1000353
BID
CONFIRM
EXPLOIT-DB
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.2018-01-29not yet calculatedCVE-2017-1000354
BID
CONFIRM
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.2018-01-29not yet calculatedCVE-2017-1000356
BID
CONFIRM
joomla! -- joomla!SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.2018-01-30not yet calculatedCVE-2018-6395
EXPLOIT-DB
joomla! -- joomla!CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.2018-01-29not yet calculatedCVE-2018-6007
MISC
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.2018-02-02not yet calculatedCVE-2018-6581
EXPLOIT-DB
joomla! -- joomla!In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.2018-01-30not yet calculatedCVE-2018-6379
SECTRACK
CONFIRM
joomla! -- joomla!In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox2018-01-30not yet calculatedCVE-2018-6377
SECTRACK
CONFIRM
joomla! -- joomla!In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.2018-01-30not yet calculatedCVE-2018-6376
SECTRACK
CONFIRM
joomla! -- joomla!SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.2018-01-30not yet calculatedCVE-2018-6398
EXPLOIT-DB
joomla! -- joomla!In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.2018-01-30not yet calculatedCVE-2018-6380
SECTRACK
CONFIRM
joomla! -- joomla!SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.2018-02-02not yet calculatedCVE-2018-6578
EXPLOIT-DB
joomla! -- joomla!Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.2018-02-02not yet calculatedCVE-2018-6580
EXPLOIT-DB
joomla! -- joomla!Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.2018-01-29not yet calculatedCVE-2018-6008
MISC
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.2018-02-02not yet calculatedCVE-2018-6579
EXPLOIT-DB
joomla! -- joomla!Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.2018-01-30not yet calculatedCVE-2018-6397
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.2018-02-02not yet calculatedCVE-2018-6577
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.2018-02-02not yet calculatedCVE-2018-6575
EXPLOIT-DB
kingsoft -- wps_officeThe WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.2018-01-29not yet calculatedCVE-2018-6390
MISC

kkcal -- epg_search_result_viewer

Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0508
CONFIRM
JVN
kkcal -- epg_search_result_viewerCross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0509
CONFIRM
JVN
kkcal -- epg_search_result_viewerBuffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0510
CONFIRM
JVN
libming -- libmingThe printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.2018-01-27not yet calculatedCVE-2018-6358
CONFIRM
libming -- libmingThe decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-27not yet calculatedCVE-2018-6359
BID
CONFIRM
libwebm -- libwebmA use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.2018-02-02not yet calculatedCVE-2018-6548
MISC
MISC
libwebm -- libwebmThe function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.2018-01-30not yet calculatedCVE-2018-6406
MISC
MISC
linux -- linux_kernelThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.2018-01-26not yet calculatedCVE-2018-5750
CONFIRM
linux -- linux_kernelThe open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.2018-02-01not yet calculatedCVE-2014-3519
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kerneldrivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.2018-01-29not yet calculatedCVE-2017-18079
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16913
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelIn the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.2018-01-31not yet calculatedCVE-2018-6412
MISC
linux -- linux_kernelThe "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16914
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelThe vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.2018-01-31not yet calculatedCVE-2017-16911
BID
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelThe "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16912
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mantisbt -- mantisbtview_all_bug_page.php in MantisBT 2.10.0 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.2018-02-02not yet calculatedCVE-2018-6526
MISC
mantisbt -- mantisbtMantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address,2018-01-30not yet calculatedCVE-2018-6382
MISC
MISC
micro_focus -- fortify_audit_workbench_and_software_security_centerXML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.2018-02-02not yet calculatedCVE-2018-6486
CONFIRM
miekg-dns -- miekg-dnsA denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.2018-01-29not yet calculatedCVE-2017-15133
CONFIRM
CONFIRM
monstra -- monstra_cmsMonstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.2018-02-02not yet calculatedCVE-2018-6550
CONFIRM
CONFIRM
monstra -- monstra_cmsMonstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.2018-01-29not yet calculatedCVE-2018-6383
MISC
mpv -- mpvmpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.2018-01-27not yet calculatedCVE-2018-6360
MISC
MISC
netis -- wf2419_devicesA cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.2018-01-29not yet calculatedCVE-2018-6391
MISC
MISC
EXPLOIT-DB
netwave -- ip_camera_devicesAn issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI.2018-01-31not yet calculatedCVE-2018-6479
MISC
nibbleblog -- nibbleblogNibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.2018-02-01not yet calculatedCVE-2018-6470
MISC
nootka -- nootkaNootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2018-01-26not yet calculatedCVE-2018-0506
JVN
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.2018-02-01not yet calculatedCVE-2018-6525
MISC
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.2018-02-01not yet calculatedCVE-2018-6524
MISC
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.2018-02-01not yet calculatedCVE-2018-6523
MISC
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.2018-02-01not yet calculatedCVE-2018-6522
MISC
nsclient++ -- nsclient++Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.2018-01-31not yet calculatedCVE-2018-6384
CONFIRM
ntt-cert -- flet's_virus_clear_easy_setup_&_application_toolUntrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-01-26not yet calculatedCVE-2018-0507
JVN
omniauth -- omniauthIn strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.2018-01-26not yet calculatedCVE-2017-18076
CONFIRM
CONFIRM
CONFIRM
opendaylight -- opendaylightOpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout.2018-01-31not yet calculatedCVE-2017-1000411
MLIST
BID
packetfence -- packetfencehtml/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.2018-02-01not yet calculatedCVE-2011-4069
CONFIRM
CONFIRM
packetfence -- packetfenceThe check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.2018-02-01not yet calculatedCVE-2011-4068
CONFIRM
CONFIRM
perfex_crm -- perfex_crmIn Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.2018-01-26not yet calculatedCVE-2017-17976
MISC
EXPLOIT-DB
phoenix_contact -- mguardAn Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.2018-01-30not yet calculatedCVE-2018-5441
MISC
phpscriptsmall.com -- multilanguage_real_estate_mlm_scriptSQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.2018-01-29not yet calculatedCVE-2018-6364
MISC
EXPLOIT-DB
pictuscode -- taskrabbit_clone_scriptSQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.2018-01-29not yet calculatedCVE-2018-6363
MISC
EXPLOIT-DB
podofo -- podofoIn PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.2018-01-27not yet calculatedCVE-2018-6352
MISC
ptex -- ptexAn exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.2018-01-29not yet calculatedCVE-2018-3835
MISC
pulse_secure -- desktop_linuxThe GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.2018-01-31not yet calculatedCVE-2018-6374
CONFIRM
puppet -- puppet_enterpriseVersions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.2018-02-01not yet calculatedCVE-2017-2293
CONFIRM
puppet -- puppet_enterprisePuppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.2018-02-01not yet calculatedCVE-2017-2297
CONFIRM
puppet -- puppet_enterpriseIn Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.2018-02-01not yet calculatedCVE-2017-2296
CONFIRM
qemu -- qemuInteger overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).2018-01-31not yet calculatedCVE-2017-18043
MLIST
BID
CONFIRM
simditor -- simditorSimditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.2018-01-31not yet calculatedCVE-2018-6464
MISC
simplesamlphp -- simplesamlphpThe consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.2018-02-02not yet calculatedCVE-2017-18121
CONFIRM
simplesamlphp -- simplesamlphpA signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.2018-02-02not yet calculatedCVE-2017-18122
CONFIRM
simplesamlphp -- simplesamlphpThe SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.2018-02-01not yet calculatedCVE-2018-6519
CONFIRM
simplesamlphp -- simplesamlphpThe sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.2018-02-01not yet calculatedCVE-2018-6521
CONFIRM
simplesamlphp -- simplesamlphpSimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.2018-02-01not yet calculatedCVE-2018-6520
CONFIRM
snapd -- snapdIn snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.2018-02-02not yet calculatedCVE-2017-14178
CONFIRM
CONFIRM
CONFIRM
sophos -- puremessage_for_unixCross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-26not yet calculatedCVE-2016-6217
CONFIRM
sugarcrm -- sugarcrmXML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.2018-02-01not yet calculatedCVE-2014-3244
FULLDISC
BID
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080.2018-01-31not yet calculatedCVE-2018-6473
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c.2018-01-31not yet calculatedCVE-2018-6472
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.2018-01-31not yet calculatedCVE-2018-6476
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148.2018-01-31not yet calculatedCVE-2018-6474
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.2018-01-31not yet calculatedCVE-2018-6475
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078.2018-01-31not yet calculatedCVE-2018-6471
MISC
systemd -- systemdsystemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.2018-01-29not yet calculatedCVE-2017-18078
MISC
EXPLOIT-DB
tracker -- pdf-xchange_viewer_and_viewer_ax_sdkTracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.2018-01-31not yet calculatedCVE-2018-6462
CONFIRM
vastal_i-tech -- buddy_zone_facebook_cloneSQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.2018-01-29not yet calculatedCVE-2018-6367
MISC
EXPLOIT-DB
vmware -- airwatch_consoleVMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.2018-01-29not yet calculatedCVE-2017-4951
BID
SECTRACK
CONFIRM
vmware -- realize_automationVMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.2018-01-29not yet calculatedCVE-2017-4947
BID
SECTRACK
SECTRACK
CONFIRM
wondercms -- wondercmsIn WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript.2018-01-26not yet calculatedCVE-2017-14522
MISC
wondercms -- wondercmsWonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages.2018-01-26not yet calculatedCVE-2017-14523
MISC
wordpress -- wordpressadmin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.2018-01-30not yet calculatedCVE-2018-6195
MISC
FULLDISC
CONFIRM
MISC
wordpress -- wordpressThe PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.2018-01-31not yet calculatedCVE-2018-6465
MISC
MISC
MISC
MISC
wordpress -- wordpressCross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0511
JVN
CONFIRM
wordpress -- wordpressA cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.2018-01-30not yet calculatedCVE-2018-6194
MISC
FULLDISC
CONFIRM
MISC
wordpress -- wordpressAn issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.2018-01-26not yet calculatedCVE-2018-6015
MISC
CONFIRM
EXPLOIT-DB
wordpress -- wordpressThe acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.2018-01-27not yet calculatedCVE-2018-6357
MISC
MISC
zabbix -- zabbixXML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.2018-02-01not yet calculatedCVE-2014-3005
FEDORA
FEDORA
FULLDISC
BID
CONFIRM
CONFIRM
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-01not yet calculatedCVE-2018-6484
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.2018-01-29not yet calculatedCVE-2018-6381
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.2018-02-02not yet calculatedCVE-2018-6542
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6540
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6541
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.