Vulnerability Summary for the Week of January 29, 2018
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wondercms -- wondercms | In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | 2018-01-26 | 6.5 | CVE-2017-14521 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
7-zip -- 7-zip_and_p7zip | Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 2018-01-31 | not yet calculated | CVE-2018-5996 MISC |
7-zip -- 7-zip_and_p7zip | Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. | 2018-01-30 | not yet calculated | CVE-2017-17969 MISC |
apache -- cordova | After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip | 2018-02-01 | not yet calculated | CVE-2017-3160 MISC |
apache -- poi | Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). | 2018-01-29 | not yet calculated | CVE-2017-12626 BID MLIST |
apache -- tomcat | As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. | 2018-01-31 | not yet calculated | CVE-2017-15706 MLIST |
apache -- tomcat_native_connector | When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. | 2018-01-31 | not yet calculated | CVE-2017-15698 MLIST |
apport -- apport | Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | 2018-02-02 | not yet calculated | CVE-2017-14179 CONFIRM CONFIRM |
apport -- apport | Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. | 2018-02-02 | not yet calculated | CVE-2017-14177 CONFIRM CONFIRM CONFIRM UBUNTU |
apport -- apport | Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | 2018-02-02 | not yet calculated | CVE-2017-14180 CONFIRM CONFIRM CONFIRM UBUNTU |
apsis -- pound | Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. | 2018-01-29 | not yet calculated | CVE-2016-10711 CONFIRM |
arq -- arq | The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | 2018-01-31 | not yet calculated | CVE-2017-16945 MISC MISC EXPLOIT-DB |
arq -- arq | The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | 2018-01-31 | not yet calculated | CVE-2017-16928 MISC MISC EXPLOIT-DB |
artifex -- mupdf | pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | 2018-02-02 | not yet calculated | CVE-2018-6544 MISC MISC MISC MISC |
asus -- asuswrt | Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | 2018-01-31 | not yet calculated | CVE-2017-15656 MISC FULLDISC |
asus -- asuswrt | Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. | 2018-01-31 | not yet calculated | CVE-2017-15655 MISC FULLDISC MISC |
asus -- asuswrt | Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | 2018-01-31 | not yet calculated | CVE-2017-15654 MISC FULLDISC |
asus -- asuswrt | Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | 2018-01-31 | not yet calculated | CVE-2017-15653 MISC FULLDISC |
asus -- multiple_routers | ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | 2018-01-29 | not yet calculated | CVE-2017-14698 CONFIRM MISC |
asus -- multiple_routers | Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. | 2018-01-29 | not yet calculated | CVE-2017-14699 CONFIRM MISC |
atlassian -- activity_streams | Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | 2018-01-29 | not yet calculated | CVE-2017-9513 BID CONFIRM |
atlassian -- bamboo | The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 2018-02-02 | not yet calculated | CVE-2017-18042 CONFIRM |
atlassian -- bamboo | The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 2018-02-02 | not yet calculated | CVE-2017-18080 CONFIRM |
atlassian -- bamboo | The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 2018-02-02 | not yet calculated | CVE-2017-18041 CONFIRM |
atlassian -- bamboo | The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 2018-02-02 | not yet calculated | CVE-2017-18040 CONFIRM |
atlassian -- bamboo | The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | 2018-02-02 | not yet calculated | CVE-2017-18081 CONFIRM |
atlassian -- bamboo | The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | 2018-02-02 | not yet calculated | CVE-2017-18082 CONFIRM |
atlassian -- bitbucket_server | The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | 2018-02-02 | not yet calculated | CVE-2017-18036 CONFIRM |
atlassian -- bitbucket_server | The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag. | 2018-02-02 | not yet calculated | CVE-2017-18037 CONFIRM |
atlassian -- bitbucket_server | The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | 2018-02-02 | not yet calculated | CVE-2017-18038 CONFIRM |
atlassian -- confluence_server | The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | 2018-02-02 | not yet calculated | CVE-2017-18085 CONFIRM |
atlassian -- confluence_server | The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | 2018-02-02 | not yet calculated | CVE-2017-18083 CONFIRM |
atlassian -- confluence_server | The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | 2018-02-02 | not yet calculated | CVE-2017-18084 CONFIRM |
atlassian -- confluence_server | Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | 2018-02-02 | not yet calculated | CVE-2017-18086 CONFIRM |
atlassian -- crowd | The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1. | 2018-01-31 | not yet calculated | CVE-2017-16858 CONFIRM |
atlassian -- fisheye_and_crucible | It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability. | 2018-01-31 | not yet calculated | CVE-2017-16861 MISC MISC MISC MISC |
atlassian -- fisheye_and_crucible | The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. | 2018-02-02 | not yet calculated | CVE-2017-18035 CONFIRM CONFIRM |
atlassian -- fisheye_and_crucible | The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch. | 2018-02-02 | not yet calculated | CVE-2017-18034 CONFIRM CONFIRM |
atlassian -- jira | The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | 2018-02-02 | not yet calculated | CVE-2017-18039 CONFIRM |
bmc -- track-it! | BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments. | 2018-01-30 | not yet calculated | CVE-2016-6599 MISC FULLDISC CONFIRM MISC |
bmc -- track-it! | BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. | 2018-01-30 | not yet calculated | CVE-2016-6598 MISC FULLDISC CONFIRM MISC |
brace-expansion -- brace-expansion | index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters. | 2018-01-27 | not yet calculated | CVE-2017-18077 MISC MISC MISC MISC |
ccn-lite -- ccn-lite | A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient. | 2018-01-31 | not yet calculated | CVE-2018-6480 CONFIRM |
center_for_internet_security -- cis-cat_pro_dashboard | In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access. | 2018-01-31 | not yet calculated | CVE-2017-8916 CONFIRM |
cisco -- adaptive_security_appliance | A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618. | 2018-01-29 | not yet calculated | CVE-2018-0101 BID SECTRACK CONFIRM |
cisco -- ios_xr | A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800. | 2018-01-31 | not yet calculated | CVE-2018-0136 SECTRACK CONFIRM |
citrix -- netscaler_vpx | Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. | 2018-02-01 | not yet calculated | CVE-2018-6186 MISC |
clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device. | 2018-01-26 | not yet calculated | CVE-2017-12378 CONFIRM CONFIRM |
clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code. | 2018-01-26 | not yet calculated | CVE-2017-12376 CONFIRM CONFIRM |
clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition. | 2018-01-26 | not yet calculated | CVE-2017-12380 CONFIRM CONFIRM |
clamav -- clamav | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device. | 2018-01-26 | not yet calculated | CVE-2017-12375 CONFIRM CONFIRM |
clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device. | 2018-01-26 | not yet calculated | CVE-2017-12379 CONFIRM CONFIRM |
clamav -- clamav | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition. | 2018-01-26 | not yet calculated | CVE-2017-12374 CONFIRM CONFIRM |
clamav -- clamav | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device. | 2018-01-26 | not yet calculated | CVE-2017-12377 CONFIRM CONFIRM |
cloud_foundry_foundation -- cf-release | In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user. | 2018-02-01 | not yet calculated | CVE-2018-1192 CONFIRM |
conceptronic -- cipcamptiwl_devices | An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device. | 2018-01-30 | not yet calculated | CVE-2018-6407 MISC |
conceptronic -- cipcamptiwl_devices | An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. | 2018-01-30 | not yet calculated | CVE-2018-6408 MISC |
data_components -- tsitebuilder | SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. | 2018-01-29 | not yet calculated | CVE-2018-6365 MISC EXPLOIT-DB |
debian -- debian | zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. | 2018-01-30 | not yet calculated | CVE-2011-2902 MLIST CONFIRM CONFIRM |
dodocool -- dc38_3-in-1_n300_mini_wireless_range_devices | An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc. | 2018-01-29 | not yet calculated | CVE-2018-5720 EXPLOIT-DB |
dojo -- dojo_toolkit | dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. | 2018-02-02 | not yet calculated | CVE-2018-6561 MISC |
drupal -- drupal | The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks. | 2018-02-01 | not yet calculated | CVE-2014-9503 MLIST XF MISC CONFIRM |
drupal -- drupal | Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | 2018-02-01 | not yet calculated | CVE-2014-9502 MLIST XF MISC CONFIRM |
drupal -- drupal | The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. | 2018-02-01 | not yet calculated | CVE-2014-9504 MLIST XF MISC CONFIRM |
electrum -- electrum | The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022. | 2018-01-27 | not yet calculated | CVE-2018-6353 MISC MISC |
eventum -- eventum | Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | 2018-01-31 | not yet calculated | CVE-2014-1631 CONFIRM BUGTRAQ CONFIRM MISC |
eventum -- eventum | htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | 2018-01-31 | not yet calculated | CVE-2014-1632 CONFIRM BUGTRAQ CONFIRM MISC |
evergreen -- evergreen | Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | 2018-02-01 | not yet calculated | CVE-2015-2204 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST BID CONFIRM |
evergreen -- evergreen | Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | 2018-02-01 | not yet calculated | CVE-2015-2203 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST BID CONFIRM |
evergreen -- evergreen | The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | 2018-02-01 | not yet calculated | CVE-2013-7435 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
ezcode -- event_manager | SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. | 2018-02-02 | not yet calculated | CVE-2018-6576 EXPLOIT-DB |
ffmpeg -- ffmpeg | The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. | 2018-01-29 | not yet calculated | CVE-2018-6392 BID CONFIRM CONFIRM |
flatpak -- flatpak | In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. | 2018-02-02 | not yet calculated | CVE-2018-6560 CONFIRM CONFIRM CONFIRM |
flexense -- syncbreeze_enterprise | A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. | 2018-02-02 | not yet calculated | CVE-2018-6537 EXPLOIT-DB |
formspree -- formspree | templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. | 2018-01-27 | not yet calculated | CVE-2018-6354 MISC |
fortinet -- fortios | A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. | 2018-01-29 | not yet calculated | CVE-2017-14190 BID SECTRACK CONFIRM |
freepbx -- freepbx | FreePBX 10.13.66-32bit allows post-authentication SQL injection via the order parameter. | 2018-01-29 | not yet calculated | CVE-2018-6393 MISC BID |
g_data_totalprotection -- g_data_totalprotection | The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call. | 2018-02-01 | not yet calculated | CVE-2014-3752 MISC FULLDISC BUGTRAQ MISC |
gifsicle -- gifsicle | A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. | 2018-02-02 | not yet calculated | CVE-2017-18120 MISC MISC MISC MISC |
glibc -- glibc | A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. | 2018-01-31 | not yet calculated | CVE-2017-1000409 MLIST EXPLOIT-DB |
glibc -- glibc | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. | 2018-01-31 | not yet calculated | CVE-2017-1000408 MLIST EXPLOIT-DB |
glibc -- glibc | In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | 2018-01-31 | not yet calculated | CVE-2018-1000001 MLIST BID SECTRACK EXPLOIT-DB MISC |
gnu -- binutils | The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-01-26 | not yet calculated | CVE-2018-6323 BID CONFIRM |
gnu -- binutils | In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-02-02 | not yet calculated | CVE-2018-6543 MISC |
gnu -- cpio | It was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory. | 2018-01-29 | not yet calculated | CVE-2017-7516 CONFIRM MISC |
gnu -- glibc | An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | 2018-02-01 | not yet calculated | CVE-2018-6485 CONFIRM CONFIRM |
gnu -- glibc | The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. | 2018-02-02 | not yet calculated | CVE-2018-6551 CONFIRM CONFIRM |
hotspot_shield -- hotspot_shield | Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address. | 2018-01-31 | not yet calculated | CVE-2018-6460 MISC |
huawei -- multple_products | Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | 2018-01-30 | not yet calculated | CVE-2014-4705 SECUNIA CONFIRM |
iball -- 300m_devices | /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. | 2018-01-30 | not yet calculated | CVE-2018-6355 MISC |
iball -- ib-wra150n_devices | iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. | 2018-01-29 | not yet calculated | CVE-2018-6388 MISC |
iball -- ib-wra150n_devices | iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. | 2018-01-29 | not yet calculated | CVE-2018-6387 MISC |
ibm -- cognos_analytics | IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857. | 2018-01-29 | not yet calculated | CVE-2017-1783 CONFIRM BID SECTRACK MISC |
ibm -- cognos_analytics | IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. | 2018-01-29 | not yet calculated | CVE-2017-1779 CONFIRM BID SECTRACK MISC |
ibm -- cognos_analytics | IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858. | 2018-01-29 | not yet calculated | CVE-2017-1784 CONFIRM SECTRACK MISC |
ibm -- cognos_tm1 | IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617. | 2018-01-26 | not yet calculated | CVE-2017-1506 CONFIRM SECTRACK MISC |
ibm -- content_navigator | IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449. | 2018-01-29 | not yet calculated | CVE-2018-1364 CONFIRM BID MISC |
ibm -- datapower_gateways | IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. | 2018-01-31 | not yet calculated | CVE-2017-1773 CONFIRM MISC |
ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914. | 2018-01-26 | not yet calculated | CVE-2017-1545 CONFIRM MISC |
ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808. | 2018-01-26 | not yet calculated | CVE-2017-1540 CONFIRM MISC |
ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 131769. | 2018-01-26 | not yet calculated | CVE-2017-1567 CONFIRM BID MISC |
ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763. | 2018-01-26 | not yet calculated | CVE-2017-1563 CONFIRM BID MISC |
ibm -- doors_web_access | IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. | 2018-01-26 | not yet calculated | CVE-2017-1532 CONFIRM MISC |
ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. | 2018-01-26 | not yet calculated | CVE-2017-1515 CONFIRM BID MISC |
ibm -- doors_web_access | IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826. | 2018-01-26 | not yet calculated | CVE-2017-1516 CONFIRM BID MISC |
ibm -- jazz_foundation | IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268. | 2018-01-26 | not yet calculated | CVE-2017-1653 CONFIRM BID SECTRACK SECTRACK SECTRACK MISC |
ibm -- remote_control | IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912. | 2018-01-31 | not yet calculated | CVE-2017-1233 CONFIRM MISC |
ibm -- tealeaf_customer_experience | IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. | 2018-01-26 | not yet calculated | CVE-2016-2983 CONFIRM CONFIRM MISC |
ibm -- tealeaf_customer_experience | IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740. | 2018-01-26 | not yet calculated | CVE-2017-1204 CONFIRM CONFIRM MISC |
ibm -- tealeaf_customer_experience | IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757. | 2018-01-26 | not yet calculated | CVE-2017-1279 CONFIRM MISC |
ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. | 2018-01-30 | not yet calculated | CVE-2017-1731 CONFIRM MISC |
icinga -- icinga | An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake. | 2018-02-02 | not yet calculated | CVE-2018-6536 MISC |
imagemagick -- imagemagick | In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. | 2018-01-30 | not yet calculated | CVE-2018-6405 CONFIRM |
imm2 -- imm2 | An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease. | 2018-01-26 | not yet calculated | CVE-2017-3768 CONFIRM |
intel -- graphics_driver | Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access. | 2018-02-02 | not yet calculated | CVE-2017-5727 CONFIRM |
iolo -- system_shield | In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003. | 2018-01-31 | not yet calculated | CVE-2018-5701 MISC EXPLOIT-DB MISC |
ipswitch -- moveit | Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks. | 2018-02-02 | not yet calculated | CVE-2018-6545 MISC |
japan_total_system -- groupsession | Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2018-01-26 | not yet calculated | CVE-2017-2166 JVN |
jenkins -- jenkins | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | 2018-01-29 | not yet calculated | CVE-2017-1000355 BID CONFIRM |
jenkins -- jenkins | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. | 2018-01-29 | not yet calculated | CVE-2017-1000353 BID CONFIRM EXPLOIT-DB |
jenkins -- jenkins | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance. | 2018-01-29 | not yet calculated | CVE-2017-1000354 BID CONFIRM |
jenkins -- jenkins | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | 2018-01-29 | not yet calculated | CVE-2017-1000356 BID CONFIRM |
joomla! -- joomla! | SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. | 2018-01-30 | not yet calculated | CVE-2018-6395 EXPLOIT-DB |
joomla! -- joomla! | CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | 2018-01-29 | not yet calculated | CVE-2018-6007 MISC EXPLOIT-DB |
joomla! -- joomla! | SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. | 2018-02-02 | not yet calculated | CVE-2018-6581 EXPLOIT-DB |
joomla! -- joomla! | In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | 2018-01-30 | not yet calculated | CVE-2018-6379 SECTRACK CONFIRM |
joomla! -- joomla! | In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | 2018-01-30 | not yet calculated | CVE-2018-6377 SECTRACK CONFIRM |
joomla! -- joomla! | In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 2018-01-30 | not yet calculated | CVE-2018-6376 SECTRACK CONFIRM |
joomla! -- joomla! | SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. | 2018-01-30 | not yet calculated | CVE-2018-6398 EXPLOIT-DB |
joomla! -- joomla! | In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | 2018-01-30 | not yet calculated | CVE-2018-6380 SECTRACK CONFIRM |
joomla! -- joomla! | SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | 2018-02-02 | not yet calculated | CVE-2018-6578 EXPLOIT-DB |
joomla! -- joomla! | Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. | 2018-02-02 | not yet calculated | CVE-2018-6580 EXPLOIT-DB |
joomla! -- joomla! | Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | 2018-01-29 | not yet calculated | CVE-2018-6008 MISC EXPLOIT-DB |
joomla! -- joomla! | SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. | 2018-02-02 | not yet calculated | CVE-2018-6579 EXPLOIT-DB |
joomla! -- joomla! | Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. | 2018-01-30 | not yet calculated | CVE-2018-6397 EXPLOIT-DB |
joomla! -- joomla! | SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | 2018-02-02 | not yet calculated | CVE-2018-6577 EXPLOIT-DB |
joomla! -- joomla! | SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. | 2018-02-02 | not yet calculated | CVE-2018-6575 EXPLOIT-DB |
kingsoft -- wps_office | The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. | 2018-01-29 | not yet calculated | CVE-2018-6390 MISC |
kkcal -- epg_search_result_viewer | Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 2018-02-01 | not yet calculated | CVE-2018-0508 CONFIRM JVN |
kkcal -- epg_search_result_viewer | Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | 2018-02-01 | not yet calculated | CVE-2018-0509 CONFIRM JVN |
kkcal -- epg_search_result_viewer | Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors. | 2018-02-01 | not yet calculated | CVE-2018-0510 CONFIRM JVN |
libming -- libming | The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. | 2018-01-27 | not yet calculated | CVE-2018-6358 CONFIRM |
libming -- libming | The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | 2018-01-27 | not yet calculated | CVE-2018-6359 BID CONFIRM |
libwebm -- libwebm | A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. | 2018-02-02 | not yet calculated | CVE-2018-6548 MISC MISC |
libwebm -- libwebm | The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. | 2018-01-30 | not yet calculated | CVE-2018-6406 MISC MISC |
linux -- linux_kernel | The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | 2018-01-26 | not yet calculated | CVE-2018-5750 CONFIRM |
linux -- linux_kernel | The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | 2018-02-01 | not yet calculated | CVE-2014-3519 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. | 2018-01-29 | not yet calculated | CVE-2017-18079 CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. | 2018-01-31 | not yet calculated | CVE-2017-16913 BID MISC MISC MISC MISC MISC MISC MISC |
linux -- linux_kernel | In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | 2018-01-31 | not yet calculated | CVE-2018-6412 MISC |
linux -- linux_kernel | The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. | 2018-01-31 | not yet calculated | CVE-2017-16914 BID MISC MISC MISC MISC MISC MISC MISC MISC |
linux -- linux_kernel | The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. | 2018-01-31 | not yet calculated | CVE-2017-16911 BID MISC MISC MISC MISC MISC MISC |
linux -- linux_kernel | The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. | 2018-01-31 | not yet calculated | CVE-2017-16912 BID MISC MISC MISC MISC MISC MISC MISC |
mantisbt -- mantisbt | view_all_bug_page.php in MantisBT 2.10.0 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. | 2018-02-02 | not yet calculated | CVE-2018-6526 MISC |
mantisbt -- mantisbt | MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address, | 2018-01-30 | not yet calculated | CVE-2018-6382 MISC MISC |
micro_focus -- fortify_audit_workbench_and_software_security_center | XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection. | 2018-02-02 | not yet calculated | CVE-2018-6486 CONFIRM |
miekg-dns -- miekg-dns | A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections. | 2018-01-29 | not yet calculated | CVE-2017-15133 CONFIRM CONFIRM |
monstra -- monstra_cms | Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | 2018-02-02 | not yet calculated | CVE-2018-6550 CONFIRM CONFIRM |
monstra -- monstra_cms | Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. | 2018-01-29 | not yet calculated | CVE-2018-6383 MISC |
mpv -- mpv | mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. | 2018-01-27 | not yet calculated | CVE-2018-6360 MISC MISC |
netis -- wf2419_devices | A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. | 2018-01-29 | not yet calculated | CVE-2018-6391 MISC MISC EXPLOIT-DB |
netwave -- ip_camera_devices | An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. | 2018-01-31 | not yet calculated | CVE-2018-6479 MISC |
nibbleblog -- nibbleblog | Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. | 2018-02-01 | not yet calculated | CVE-2018-6470 MISC |
nootka -- nootka | Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2018-01-26 | not yet calculated | CVE-2018-0506 JVN |
nprotect -- nprotect_avs | In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458. | 2018-02-01 | not yet calculated | CVE-2018-6525 MISC |
nprotect -- nprotect_avs | In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20. | 2018-02-01 | not yet calculated | CVE-2018-6524 MISC |
nprotect -- nprotect_avs | In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c. | 2018-02-01 | not yet calculated | CVE-2018-6523 MISC |
nprotect -- nprotect_avs | In nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408. | 2018-02-01 | not yet calculated | CVE-2018-6522 MISC |
nsclient++ -- nsclient++ | Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder. | 2018-01-31 | not yet calculated | CVE-2018-6384 CONFIRM |
ntt-cert -- flet's_virus_clear_easy_setup_&_application_tool | Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-01-26 | not yet calculated | CVE-2018-0507 JVN |
omniauth -- omniauth | In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. | 2018-01-26 | not yet calculated | CVE-2017-18076 CONFIRM CONFIRM CONFIRM |
opendaylight -- opendaylight | OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout. | 2018-01-31 | not yet calculated | CVE-2017-1000411 MLIST BID |
packetfence -- packetfence | html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. | 2018-02-01 | not yet calculated | CVE-2011-4069 CONFIRM CONFIRM |
packetfence -- packetfence | The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | 2018-02-01 | not yet calculated | CVE-2011-4068 CONFIRM CONFIRM |
perfex_crm -- perfex_crm | In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | 2018-01-26 | not yet calculated | CVE-2017-17976 MISC EXPLOIT-DB |
phoenix_contact -- mguard | An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. | 2018-01-30 | not yet calculated | CVE-2018-5441 MISC |
phpscriptsmall.com -- multilanguage_real_estate_mlm_script | SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. | 2018-01-29 | not yet calculated | CVE-2018-6364 MISC EXPLOIT-DB |
pictuscode -- taskrabbit_clone_script | SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. | 2018-01-29 | not yet calculated | CVE-2018-6363 MISC EXPLOIT-DB |
podofo -- podofo | In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. | 2018-01-27 | not yet calculated | CVE-2018-6352 MISC |
ptex -- ptex | An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution. | 2018-01-29 | not yet calculated | CVE-2018-3835 MISC |
pulse_secure -- desktop_linux | The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. | 2018-01-31 | not yet calculated | CVE-2018-6374 CONFIRM |
puppet -- puppet_enterprise | Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. | 2018-02-01 | not yet calculated | CVE-2017-2293 CONFIRM |
puppet -- puppet_enterprise | Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens. | 2018-02-01 | not yet calculated | CVE-2017-2297 CONFIRM |
puppet -- puppet_enterprise | In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2. | 2018-02-01 | not yet calculated | CVE-2017-2296 CONFIRM |
qemu -- qemu | Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). | 2018-01-31 | not yet calculated | CVE-2017-18043 MLIST BID CONFIRM |
simditor -- simditor | Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1. | 2018-01-31 | not yet calculated | CVE-2018-6464 MISC |
simplesamlphp -- simplesamlphp | The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. | 2018-02-02 | not yet calculated | CVE-2017-18121 CONFIRM |
simplesamlphp -- simplesamlphp | A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP. | 2018-02-02 | not yet calculated | CVE-2017-18122 CONFIRM |
simplesamlphp -- simplesamlphp | The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | 2018-02-01 | not yet calculated | CVE-2018-6519 CONFIRM |
simplesamlphp -- simplesamlphp | The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. | 2018-02-01 | not yet calculated | CVE-2018-6521 CONFIRM |
simplesamlphp -- simplesamlphp | SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | 2018-02-01 | not yet calculated | CVE-2018-6520 CONFIRM |
snapd -- snapd | In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions. | 2018-02-02 | not yet calculated | CVE-2017-14178 CONFIRM CONFIRM CONFIRM |
sophos -- puremessage_for_unix | Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-01-26 | not yet calculated | CVE-2016-6217 CONFIRM |
sugarcrm -- sugarcrm | XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | 2018-02-01 | not yet calculated | CVE-2014-3244 FULLDISC BID MISC |
superantispyware -- superantispyware_professional_trial | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. | 2018-01-31 | not yet calculated | CVE-2018-6473 MISC |
superantispyware -- superantispyware_professional_trial | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. | 2018-01-31 | not yet calculated | CVE-2018-6472 MISC |
superantispyware -- superantispyware_professional_trial | In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. | 2018-01-31 | not yet calculated | CVE-2018-6476 MISC |
superantispyware -- superantispyware_professional_trial | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. | 2018-01-31 | not yet calculated | CVE-2018-6474 MISC |
superantispyware -- superantispyware_professional_trial | In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | 2018-01-31 | not yet calculated | CVE-2018-6475 MISC |
superantispyware -- superantispyware_professional_trial | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. | 2018-01-31 | not yet calculated | CVE-2018-6471 MISC |
systemd -- systemd | systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | 2018-01-29 | not yet calculated | CVE-2017-18078 MISC EXPLOIT-DB |
tracker -- pdf-xchange_viewer_and_viewer_ax_sdk | Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. | 2018-01-31 | not yet calculated | CVE-2018-6462 CONFIRM |
vastal_i-tech -- buddy_zone_facebook_clone | SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. | 2018-01-29 | not yet calculated | CVE-2018-6367 MISC EXPLOIT-DB |
vmware -- airwatch_console | VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices. | 2018-01-29 | not yet calculated | CVE-2017-4951 BID SECTRACK CONFIRM |
vmware -- realize_automation | VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. | 2018-01-29 | not yet calculated | CVE-2017-4947 BID SECTRACK SECTRACK CONFIRM |
wondercms -- wondercms | In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. | 2018-01-26 | not yet calculated | CVE-2017-14522 MISC |
wondercms -- wondercms | WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. | 2018-01-26 | not yet calculated | CVE-2017-14523 MISC |
wordpress -- wordpress | admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php. | 2018-01-30 | not yet calculated | CVE-2018-6195 MISC FULLDISC CONFIRM MISC |
wordpress -- wordpress | The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. | 2018-01-31 | not yet calculated | CVE-2018-6465 MISC MISC MISC MISC |
wordpress -- wordpress | Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 2018-02-01 | not yet calculated | CVE-2018-0511 JVN CONFIRM |
wordpress -- wordpress | A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php. | 2018-01-30 | not yet calculated | CVE-2018-6194 MISC FULLDISC CONFIRM MISC |
wordpress -- wordpress | An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. | 2018-01-26 | not yet calculated | CVE-2018-6015 MISC CONFIRM EXPLOIT-DB |
wordpress -- wordpress | The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | 2018-01-27 | not yet calculated | CVE-2018-6357 MISC MISC |
zabbix -- zabbix | XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | 2018-02-01 | not yet calculated | CVE-2014-3005 FEDORA FEDORA FULLDISC BID CONFIRM CONFIRM MISC |
zziplib -- zziplib | In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | 2018-02-01 | not yet calculated | CVE-2018-6484 MISC |
zziplib -- zziplib | In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. | 2018-01-29 | not yet calculated | CVE-2018-6381 MISC |
zziplib -- zziplib | In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. | 2018-02-02 | not yet calculated | CVE-2018-6542 MISC |
zziplib -- zziplib | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | 2018-02-02 | not yet calculated | CVE-2018-6540 MISC |
zziplib -- zziplib | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | 2018-02-02 | not yet calculated | CVE-2018-6541 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.