Quantcast
Channel: CISA All NCAS Products
Viewing all 3440 articles
Browse latest View live

Mozilla Releases Security Updates

January 23, 2018, 12:04 pm
$
0
0
Original release date: January 23, 2018

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox ESR 52.6 and Firefox 58 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Apple Releases Multiple Security Updates

January 23, 2018, 12:35 pm
$
0
0
Original release date: January 23, 2018

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

January 24, 2018, 3:59 pm
$
0
0
Original release date: January 24, 2018

Google has released Chrome version 64.0.3282.119 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to cause a denial-of-service condition.

NCCIC/US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update for Thunderbird

January 25, 2018, 8:04 pm
$
0
0
Original release date: January 25, 2018

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.6 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Data Privacy Day

January 26, 2018, 11:49 am
$
0
0
Original release date: January 26, 2018

January 28 is Data Privacy Day (DPD), an annual international effort to promote the importance of data privacy. DPD is sponsored in the United States by the National Cyber Security Alliance (NCSA) with the theme, Respecting Privacy, Safeguarding Data, and Enabling Trust.

The NCSA Stay Safe Online website features a recording of the Data Privacy Day 2018 – Live From LinkedIn event, which includes presentations on privacy management, location tracking, and business and privacy. NCCIC/US-CERT encourages users and administrators to review basic privacy tips from Stay Safe Online, and related resources from NCCIC/US-CERT:

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

January 26, 2018, 12:39 pm
$
0
0
Original release date: January 26, 2018

VMware has released security updates to address vulnerabilities in vRealize Automation, vSphere Integrated Containers, and AirWatch Console. An attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0006 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-029: Vulnerability Summary for the Week of January 22, 2018

January 28, 2018, 9:13 pm
$
0
0
Original release date: January 29, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
389-ds-base -- 389-ds-baseIt was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.2018-01-24not yet calculatedCVE-2017-15135
BID
CONFIRM
advantech -- webaccess/scadaA SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.2018-01-24not yet calculatedCVE-2018-5443
BID
MISC
advantech -- webaccess/scadaA Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.2018-01-24not yet calculatedCVE-2018-5445
BID
MISC
affiligator -- affiliate_webshop_management_systemSQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.2018-01-24not yet calculatedCVE-2018-5977
EXPLOIT-DB
apache -- hadoopThe YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.2018-01-24not yet calculatedCVE-2017-15718
MLIST
apache -- nifiA malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-23not yet calculatedCVE-2017-15697
CONFIRM
apache -- nifiAny authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-25not yet calculatedCVE-2017-15703
CONFIRM
apache -- nifiA malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-23not yet calculatedCVE-2017-12632
CONFIRM
artifex -- mujsjsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.2018-01-24not yet calculatedCVE-2018-5759
MISC
MISC
artifex -- mujsIn Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.2018-01-24not yet calculatedCVE-2018-6187
MISC
artifex -- mujsThe js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.2018-01-24not yet calculatedCVE-2018-6191
MISC
MISC
artifex -- mupdfHeap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.2018-01-22not yet calculatedCVE-2017-17858
MISC
MISC
MISC
artifex -- mupdfIn Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.2018-01-24not yet calculatedCVE-2018-6192
MISC
asus -- asuswrtAn issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.2018-01-22not yet calculatedCVE-2018-6000
MISC
MISC
MISC
EXPLOIT-DB
asus -- asuswrtAn issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.2018-01-22not yet calculatedCVE-2018-5999
MISC
MISC
MISC
EXPLOIT-DB
atlassian -- sourcetreeSourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability2018-01-25not yet calculatedCVE-2017-14593
CONFIRM
CONFIRM
atlassian -- sourcetreeSourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.2018-01-25not yet calculatedCVE-2017-14592
CONFIRM
CONFIRM
axtls -- axtlsaxTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.2018-01-22not yet calculatedCVE-2017-1000416
MISC
MISC
bigtree -- bigtreeCross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.2018-01-22not yet calculatedCVE-2018-6013
MISC
biscom -- biscom_secure_file_transferBiscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.2018-01-25not yet calculatedCVE-2016-10710
MISC
brace-expansion -- brace-expansionindex.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.2018-01-27not yet calculatedCVE-2017-18077
MISC
MISC
MISC
MISC
bylancer -- classified_ads_cms_quickadSQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.2018-01-24not yet calculatedCVE-2018-5972
EXPLOIT-DB
bylancer -- wchatSQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.2018-01-24not yet calculatedCVE-2018-5979
EXPLOIT-DB
bylancer -- zechatSQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.2018-01-24not yet calculatedCVE-2018-5978
EXPLOIT-DB
centos-webpanel.com -- centos_web_panelCentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.2018-01-21not yet calculatedCVE-2018-5961
MISC
centos-webpanel.com -- centos_web_panelindex.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.2018-01-21not yet calculatedCVE-2018-5962
MISC
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.2018-01-26not yet calculatedCVE-2017-12374
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.2018-01-26not yet calculatedCVE-2017-12376
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.2018-01-26not yet calculatedCVE-2017-12379
CONFIRM
CONFIRM
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.2018-01-26not yet calculatedCVE-2017-12375
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.2018-01-26not yet calculatedCVE-2017-12378
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.2018-01-26not yet calculatedCVE-2017-12380
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.2018-01-26not yet calculatedCVE-2017-12377
CONFIRM
CONFIRM
cms_made_simple -- cms_made_simpleCMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.2018-01-25not yet calculatedCVE-2018-5963
MISC
FULLDISC
MISC
cms_made_simple -- cms_made_simpleCMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.2018-01-25not yet calculatedCVE-2018-5964
MISC
FULLDISC
MISC
cms_made_simple -- cms_made_simpleCMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.2018-01-25not yet calculatedCVE-2018-5965
MISC
FULLDISC
MISC
cpp-ethereum -- cpp-ethereumAn exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12112
BID
MISC
cpp-ethereum -- cpp-ethereumAn exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12116
BID
MISC
cpp-ethereum -- cpp-ethereumAn exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12118
BID
MISC
cpp-ethereum -- cpp-ethereumAn exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-14457
BID
MISC
cpp-ethereum -- cpp-ethereum
 		An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12113
BID
MISC
cpp-ethereum -- cpp-ethereum
 		An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12114
BID
MISC
cpp-ethereum -- cpp-ethereum
 		An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12119
BID
MISC
cpp-ethereum -- cpp-ethereum
 		An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass.2018-01-19not yet calculatedCVE-2017-12115
BID
MISC
cpp-ethereum -- cpp-ethereum
 		An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12117
BID
MISC
dasan -- gpon_ont_wifi_router_h640xBuffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).2018-01-21not yet calculatedCVE-2017-18046
MISC
dell_emc -- rsa_authentication_managerThe Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.2018-01-24not yet calculatedCVE-2017-15546
CONFIRM
SECTRACK
desigo – desigo_automation_controllers_and_operator_unit_pxm20-eA vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.2018-01-24not yet calculatedCVE-2018-4834
MISC
CONFIRM
dnsmasq -- dnsmasqA vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.2018-01-23not yet calculatedCVE-2017-15107
MLIST
BID
dovecot -- dovecotA flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.2018-01-25not yet calculatedCVE-2017-15132
CONFIRM
CONFIRM
dyw -- flexible_pollSQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.2018-01-24not yet calculatedCVE-2018-5988
EXPLOIT-DB
e.i_hi-tech -- professional_local_directory_scriptSQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.2018-01-25not yet calculatedCVE-2018-5973
MISC
EXPLOIT-DB
easycarscript.com -- easy_car_script_2014SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.2018-01-24not yet calculatedCVE-2018-5986
EXPLOIT-DB
electron -- electronGitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.2018-01-24not yet calculatedCVE-2018-1000006
BID
CONFIRM
MISC
EXPLOIT-DB
electrum -- electrumThe Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.2018-01-27not yet calculatedCVE-2018-6353
MISC
MISC
f5 -- big-ip_advanced_firewall_managerX509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.2018-01-19not yet calculatedCVE-2017-6142
SECTRACK
CONFIRM
fasterxml -- jackson-databindFasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.2018-01-21not yet calculatedCVE-2018-5968
MISC
flets -- virus_clearUntrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-01-26not yet calculatedCVE-2018-0507
JVN
flexense -- multiple_productsA buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.2018-01-24not yet calculatedCVE-2017-13696
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
MISC
flexsense -- sysguageThe server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.2018-01-23not yet calculatedCVE-2018-5359
MISC
EXPLOIT-DB
formspree -- formspreetemplates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.2018-01-27not yet calculatedCVE-2018-6354
MISC
freesshd -- freesshdFreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.2018-01-24not yet calculatedCVE-2017-1000475
MISC
gitstack -- gitstackAn issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.2018-01-21not yet calculatedCVE-2018-5955
MISC
gnu -- bitutilsThe elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-01-26not yet calculatedCVE-2018-6323
CONFIRM
gnu -- libtasn1An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.2018-01-22not yet calculatedCVE-2018-6003
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- androidBuffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713.2018-01-22not yet calculatedCVE-2016-5345
BID
CONFIRM
CONFIRM
groupsession -- groupsessionOpen redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2018-01-26not yet calculatedCVE-2017-2166
JVN
hp -- designjet_and_latex_printersHP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.2018-01-23not yet calculatedCVE-2017-2747
HP
hp -- jetadvantage_security_managerPotential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service.2018-01-23not yet calculatedCVE-2017-2746
HP
hp -- jetadvantage_security_managerPotential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser.2018-01-23not yet calculatedCVE-2017-2745
HP
hp -- multiple_printersInsufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.2018-01-23not yet calculatedCVE-2017-2750
BID
HP
hp -- multiple_printersHP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.2018-01-23not yet calculatedCVE-2017-2743
HP
hp -- pagewide_and_officejet_pro_printersA potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.2018-01-23not yet calculatedCVE-2017-2741
HP
EXPLOIT-DB
hp -- support_assistantThe vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.2018-01-23not yet calculatedCVE-2017-2744
HP
hp -- thinpro_operating_systemA potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.2018-01-23not yet calculatedCVE-2017-2740
HP
hp -- web_jetadminA potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.2018-01-23not yet calculatedCVE-2017-2742
SECTRACK
HP
ibm -- business_process_managerIBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.2018-01-24not yet calculatedCVE-2017-1769
CONFIRM
BID
MISC
ibm -- cognos_tm1IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617.2018-01-26not yet calculatedCVE-2017-1506
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.2018-01-26not yet calculatedCVE-2017-1545
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.2018-01-26not yet calculatedCVE-2017-1563
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.2018-01-26not yet calculatedCVE-2017-1540
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.2018-01-26not yet calculatedCVE-2017-1515
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.2018-01-26not yet calculatedCVE-2017-1516
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 131769.2018-01-26not yet calculatedCVE-2017-1567
CONFIRM
MISC
ibm -- doors_web_accessIBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.2018-01-26not yet calculatedCVE-2017-1532
CONFIRM
MISC
ibm -- integration_busIBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.2018-01-19not yet calculatedCVE-2017-1693
CONFIRM
BID
MISC

ibm -- jazz_foundation

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.2018-01-26not yet calculatedCVE-2017-1653
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.2018-01-26not yet calculatedCVE-2017-1204
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.2018-01-26not yet calculatedCVE-2016-2983
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.2018-01-26not yet calculatedCVE-2017-1279
CONFIRM
MISC
impulseadventure -- jpegsnoopImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.2018-01-25not yet calculatedCVE-2017-1000414
CONFIRM
CONFIRM
ipswitch -- whatsup_goldAn issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.2018-01-24not yet calculatedCVE-2018-5777
CONFIRM
ipswitch -- whatsup_goldAn issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.2018-01-24not yet calculatedCVE-2018-5778
CONFIRM
jbmc -- directadminJBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.2018-01-21not yet calculatedCVE-2017-18045
CONFIRM
jboss -- jboss_enterprise_application_platformIt was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.2018-01-24not yet calculatedCVE-2018-1048
CONFIRM
jenkins -- jenkinsJenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations.2018-01-25not yet calculatedCVE-2017-1000387
BID
CONFIRM
jenkins -- jenkinsThe Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.2018-01-25not yet calculatedCVE-2017-1000404
BID
CONFIRM
jenkins -- jenkinsThe Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to.2018-01-25not yet calculatedCVE-2017-1000400
CONFIRM
jenkins -- jenkinsThe Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API endpoint is now only available for tasks that the current user has access to.2018-01-25not yet calculatedCVE-2017-1000399
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.2018-01-25not yet calculatedCVE-2017-1000394
CONFIRM
jenkins -- jenkinsJenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.2018-01-25not yet calculatedCVE-2017-1000388
CONFIRM
jenkins -- jenkinsThe remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks.2018-01-25not yet calculatedCVE-2017-1000398
CONFIRM
jenkins -- jenkinsIn Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval.2018-01-25not yet calculatedCVE-2017-1000505
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.2018-01-25not yet calculatedCVE-2017-1000396
CONFIRM
jenkins -- jenkinsThe Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged.2018-01-25not yet calculatedCVE-2017-1000401
CONFIRM
jenkins -- jenkinsJenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.2018-01-25not yet calculatedCVE-2017-1000403
CONFIRM
jenkins -- jenkinsJenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.2018-01-25not yet calculatedCVE-2017-1000392
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator.2018-01-25not yet calculatedCVE-2017-1000395
CONFIRM
jenkins -- jenkinsSome URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.2018-01-25not yet calculatedCVE-2017-1000389
CONFIRM
jenkins -- jenkinsJenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output.2018-01-25not yet calculatedCVE-2017-1000386
BID
CONFIRM
jenkins -- jenkinsJenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.2018-01-25not yet calculatedCVE-2017-1000397
CONFIRM
jenkins -- jenkinsJenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000009
CONFIRM
jenkins -- jenkinsA race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.2018-01-24not yet calculatedCVE-2017-1000504
CONFIRM
jenkins -- jenkinsJenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000008
CONFIRM
jenkins -- jenkinsJenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.2018-01-25not yet calculatedCVE-2017-1000390
CONFIRM
jenkins -- jenkinsJenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.2018-01-23not yet calculatedCVE-2018-1000013
CONFIRM
jenkins -- jenkinsOn Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.2018-01-23not yet calculatedCVE-2018-1000015
CONFIRM
jenkins -- jenkinsUsers with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators.2018-01-24not yet calculatedCVE-2017-1000502
CONFIRM
jenkins -- jenkinsJenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000010
CONFIRM
jenkins -- jenkinsA race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.2018-01-24not yet calculatedCVE-2017-1000503
CONFIRM
jenkins -- jenkinsJenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.2018-01-25not yet calculatedCVE-2017-1000391
CONFIRM
jenkins -- jenkinsJenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000011
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators.2018-01-25not yet calculatedCVE-2017-1000393
CONFIRM
jenkins -- jenkinsJenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.2018-01-25not yet calculatedCVE-2017-1000402
CONFIRM
jenkins -- jenkinsJenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.2018-01-23not yet calculatedCVE-2018-1000014
BID
CONFIRM
jenkins -- jenkinsJenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000012
CONFIRM
joomla! -- joomla!SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.2018-01-24not yet calculatedCVE-2018-5984
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.2018-01-24not yet calculatedCVE-2018-5985
EXPLOIT-DB
kingsoft -- wps_officeThe WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.2018-01-25not yet calculatedCVE-2018-6217
MISC
knot_resolver -- knot_resolverImproper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.2018-01-22not yet calculatedCVE-2018-1000002
CONFIRM
labf -- nfsaxeBuffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.2018-01-21not yet calculatedCVE-2017-18047
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
lenovo -- fingerprint_manager_proSensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.2018-01-25not yet calculatedCVE-2017-3762
CONFIRM
lenovo -- integrated_management_module_2An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.2018-01-26not yet calculatedCVE-2017-3768
CONFIRM
libcurl -- libcurllibcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.2018-01-24not yet calculatedCVE-2018-1000005
SECTRACK
CONFIRM
CONFIRM
DEBIAN
libcurl -- libcurllibcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.2018-01-24not yet calculatedCVE-2018-1000007
SECTRACK
CONFIRM
DEBIAN
libming -- libmingThe printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.2018-01-27not yet calculatedCVE-2018-6358
CONFIRM
libming -- libmingThe decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-27not yet calculatedCVE-2018-6359
CONFIRM
libming -- libmingThe outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-25not yet calculatedCVE-2018-6315
CONFIRM
libvirt -- libvirtqemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.2018-01-25not yet calculatedCVE-2018-5748
MLIST
linux -- linux_kernelOn multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.2018-01-23not yet calculatedCVE-2015-1142857
MLIST
CONFIRM
MISC
linux -- linux_kernelThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.2018-01-26not yet calculatedCVE-2018-5750
CONFIRM
linux – linux_kernelcrypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.2018-01-24not yet calculatedCVE-2017-18075
CONFIRM
BID
CONFIRM
CONFIRM
mailman -- mailmanCross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-23not yet calculatedCVE-2018-5950
MLIST
mariadb_and_percona -- mariadb_ and_percona_xtradb_clustersql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.2018-01-25not yet calculatedCVE-2017-15365
CONFIRM
CONFIRM
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRM
matrixssl -- matrixsslMatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.2018-01-22not yet calculatedCVE-2017-1000417
MISC
MISC
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220011.2018-01-24not yet calculatedCVE-2018-6206
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22000d.2018-01-24not yet calculatedCVE-2018-6208
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.2018-01-24not yet calculatedCVE-2018-6207
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220009.2018-01-24not yet calculatedCVE-2018-6205
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.2018-01-24not yet calculatedCVE-2018-6204
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.2018-01-24not yet calculatedCVE-2018-6209
MISC
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0845
BID
CONFIRM
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0848
BID
CONFIRM
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0862
BID
CONFIRM
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0849
BID
CONFIRM
microworld_technologies -- escan_antivirusIn eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4.2018-01-24not yet calculatedCVE-2018-6201
MISC
microworld_technologies -- escan_antivirusIn eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C.2018-01-24not yet calculatedCVE-2018-6203
MISC
microworld_technologies -- escan_antivirusIn eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8.2018-01-24not yet calculatedCVE-2018-6202
MISC
mojang -- minecraft_servers_list_lite_and_premium_minecraft_servers_listinstall.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.2018-01-23not yet calculatedCVE-2018-5749
MISC
monstra -- monstra_cmsMonstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.2018-01-23not yet calculatedCVE-2017-18048
MISC
MISC
MISC
EXPLOIT-DB
moodle -- moodleIn Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.2018-01-22not yet calculatedCVE-2018-1043
BID
CONFIRM
moodle -- moodleIn Moodle 3.x, there is XSS via a calendar event name.2018-01-22not yet calculatedCVE-2018-1045
BID
CONFIRM
moodle -- moodleIn Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.2018-01-22not yet calculatedCVE-2018-1044
BID
CONFIRM
moodle -- moodleMoodle 3.x has Server Side Request Forgery in the filepicker.2018-01-22not yet calculatedCVE-2018-1042
BID
CONFIRM
mpv -- mpvmpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.2018-01-27not yet calculatedCVE-2018-6360
MISC
MISC
nari -- pcs-9611An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.2018-01-25not yet calculatedCVE-2018-5447
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099.2018-01-22not yet calculatedCVE-2017-16590
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5100.2018-01-22not yet calculatedCVE-2017-16591
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103.2018-01-22not yet calculatedCVE-2017-16592
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.2018-01-22not yet calculatedCVE-2017-16610
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080.2018-01-22not yet calculatedCVE-2017-17407
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.2018-01-22not yet calculatedCVE-2017-16608
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753.2018-01-22not yet calculatedCVE-2017-17406
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197.2018-01-22not yet calculatedCVE-2017-16606
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196.2018-01-22not yet calculatedCVE-2017-16605
BID
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194.2018-01-22not yet calculatedCVE-2017-16603
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.2018-01-22not yet calculatedCVE-2017-16609
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118.2018-01-22not yet calculatedCVE-2017-16595
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104.2018-01-22not yet calculatedCVE-2017-16593
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193.2018-01-22not yet calculatedCVE-2017-16602
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191.2018-01-22not yet calculatedCVE-2017-16600
BID
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5119.2018-01-22not yet calculatedCVE-2017-16596
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718.2018-01-22not yet calculatedCVE-2017-16607
BID
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the ip parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5138.2018-01-22not yet calculatedCVE-2017-16598
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117.2018-01-22not yet calculatedCVE-2017-16594
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192.2018-01-22not yet calculatedCVE-2017-16601
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5137.2018-01-22not yet calculatedCVE-2017-16597
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195.2018-01-22not yet calculatedCVE-2017-16604
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190.2018-01-22not yet calculatedCVE-2017-16599
MISC
netiq -- access_manager_and_administrative_consoleA Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.2018-01-25not yet calculatedCVE-2018-1342
CONFIRM
netis -- wf2419_devicesNetis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.2018-01-25not yet calculatedCVE-2018-5967
MISC
netis -- wf2419_devicesNetis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.2018-01-24not yet calculatedCVE-2018-6190
MISC
nonecms -- nonecmsThe copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.2018-01-23not yet calculatedCVE-2018-6029
MISC
nonecms -- nonecmsDirectory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.2018-01-23not yet calculatedCVE-2018-6022
MISC
omniauth -- omniauthIn strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.2018-01-26not yet calculatedCVE-2017-18076
CONFIRM
CONFIRM
CONFIRM
openssh -- opensshsshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.2018-01-21not yet calculatedCVE-2016-10708
MISC
BID
MISC
MISC
ovirt -- ovirt-hosted-engine-setupAn information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.2018-01-24not yet calculatedCVE-2018-1000018
CONFIRM
CONFIRM
perfex_crm -- perfex_crmIn Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.2018-01-26not yet calculatedCVE-2017-17976
MISC
EXPLOIT-DB
pfsense -- pfsensepfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.2018-01-21not yet calculatedCVE-2016-10709
EXPLOIT-DB
MISC
MISC
MISC
photography_cms -- photography_cmsCross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.2018-01-24not yet calculatedCVE-2018-5969
EXPLOIT-DB
phpfreechat -- phpfreechatphpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands.2018-01-25not yet calculatedCVE-2018-5954
MISC
EXPLOIT-DB
podofo -- podofoIn PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.2018-01-27not yet calculatedCVE-2018-6352
MISC
powerdns -- powerdnsImproper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.2018-01-22not yet calculatedCVE-2018-1000003
CONFIRM
powerdns -- powerdns_authoritative
 		An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.2018-01-23not yet calculatedCVE-2017-15091
BID
CONFIRM
powerdns -- powerdns_recursorWhen api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.2018-01-23not yet calculatedCVE-2017-15093
BID
CONFIRM
powerdns -- powerdns_recursorA cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.2018-01-23not yet calculatedCVE-2017-15092
BID
CONFIRM
powerdns -- powerdns_recursorAn issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).2018-01-23not yet calculatedCVE-2017-15094
BID
CONFIRM
powerdns -- powerdns_recursorAn issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.2018-01-23not yet calculatedCVE-2017-15090
BID
CONFIRM
putra -- rsvp_invitation_onlineCross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.2018-01-24not yet calculatedCVE-2018-5976
EXPLOIT-DB
qemu -- qemuThe vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.2018-01-23not yet calculatedCVE-2018-5683
MLIST
BID
MLIST
qemu -- qemuThe cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.2018-01-23not yet calculatedCVE-2017-18030
MLIST
BID
CONFIRM
ravpower -- filehubRAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.2018-01-24not yet calculatedCVE-2018-5319
EXPLOIT-DB
ravpower -- filehub
 		An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.2018-01-25not yet calculatedCVE-2018-5997
EXPLOIT-DB
reservo -- image_hostingReservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.2018-01-24not yet calculatedCVE-2018-5705
MISC
EXPLOIT-DB
resteasy -- resteasyIt was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.2018-01-25not yet calculatedCVE-2018-1051
CONFIRM
rise -- ultimate_project_managerSQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.2018-01-23not yet calculatedCVE-2017-17999
MISC
EXPLOIT-DB
routers2 -- routers2A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.2018-01-24not yet calculatedCVE-2018-6193
MISC
rubrik – cdmA man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.2018-01-22not yet calculatedCVE-2018-5761
CONFIRM
CONFIRM
rubygems -- rails_gemAn exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12097
BID
MISC
rubygems -- rails_gemAn exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12098
BID
MISC
seelook -- nootkaNootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2018-01-26not yet calculatedCVE-2018-0506
JVN
siemens -- telecontrol_server_basicA vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.2018-01-25not yet calculatedCVE-2018-4837
BID
CONFIRM
siemens -- telecontrol_server_basicA vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.2018-01-25not yet calculatedCVE-2018-4835
CONFIRM
siemens -- telecontrol_server_basicA vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.2018-01-25not yet calculatedCVE-2018-4836
CONFIRM
silverstripe -- silverstripeIn the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.2018-01-23not yet calculatedCVE-2017-18049
EXPLOIT-DB
MISC
sophos -- puremessage_for_unixCross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-26not yet calculatedCVE-2016-6217
CONFIRM
soyket_chowdhury -- vehicle_sales_management_systemSoyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.2018-01-24not yet calculatedCVE-2017-1000474
MISC
subsonic -- subsonicSubsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data.2018-01-22not yet calculatedCVE-2018-6014
MISC
MISC
sugarcrm -- sugarcrm_community_editionMultiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.2018-01-25not yet calculatedCVE-2018-6308
MISC
symantec -- reporterSymantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.2018-01-23not yet calculatedCVE-2017-15531
BID
CONFIRM
tinder -- tinderFixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.2018-01-24not yet calculatedCVE-2018-6018
MISC
MISC
tinder -- tinderUnencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.2018-01-24not yet calculatedCVE-2018-6017
MISC
MISC
tinysvcmds -- tinysvcmdsAn exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12130
BID
MISC
trend_micro -- mobile_securityAn uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.2018-01-19not yet calculatedCVE-2017-14082
BID
MISC
CONFIRM
trend_micro -- smart_protection_serverA session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.2018-01-19not yet calculatedCVE-2017-11398
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_serverA vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.2018-01-19not yet calculatedCVE-2017-14094
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_serverA stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.2018-01-19not yet calculatedCVE-2017-14096
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_serverA vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.2018-01-19not yet calculatedCVE-2017-14095
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_server
 		An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.2018-01-19not yet calculatedCVE-2017-14097
BID
CONFIRM
MISC
EXPLOIT-DB
unbound -- unboundA flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.2018-01-23not yet calculatedCVE-2017-15105
BID
CONFIRM
vbulletin -- vbulletinvBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.2018-01-24not yet calculatedCVE-2018-6200
MISC
w3m_project -- w3mw3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.2018-01-24not yet calculatedCVE-2018-6198
CONFIRM
CONFIRM
CONFIRM
w3m_project -- w3mw3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.2018-01-24not yet calculatedCVE-2018-6196
CONFIRM
CONFIRM
w3m_project -- w3mw3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.2018-01-24not yet calculatedCVE-2018-6197
CONFIRM
CONFIRM
wbce_cms -- wbce_cmsCross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.2018-01-25not yet calculatedCVE-2018-6313
MISC
wildfly -- wildflyA flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.2018-01-24not yet calculatedCVE-2018-1047
CONFIRM
CONFIRM
wondercms -- wondercmsWonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages.2018-01-26not yet calculatedCVE-2017-14523
MISC
wondercms -- wondercmsIn WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.2018-01-26not yet calculatedCVE-2017-14521
MISC
wondercms -- wondercmsIn WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript.2018-01-26not yet calculatedCVE-2017-14522
MISC
wordpress -- wordpressThe Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).2018-01-22not yet calculatedCVE-2018-6002
MISC
wordpress -- wordpressAn issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.2018-01-26not yet calculatedCVE-2018-6015
MISC
wordpress -- wordpressThe Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter).2018-01-22not yet calculatedCVE-2018-6001
MISC
wordpress -- wordpressThe acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.2018-01-27not yet calculatedCVE-2018-6357
MISC
MISC
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12184
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12186
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12183
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12178
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12182
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12187
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12179
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12185
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12176
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12180
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12177
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12181
CONFIRM
CONFIRM
GENTOO
DEBIAN
yii_framework -- yii_frameworkIn Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.2018-01-22not yet calculatedCVE-2018-6010
CONFIRM
yii_framework -- yii_frameworkIn Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.2018-01-22not yet calculatedCVE-2018-6009
CONFIRM
zeit_next.js -- zeit_next.jsZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.2018-01-24not yet calculatedCVE-2018-6184
CONFIRM
zenario -- zenarioZenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.2018-01-21not yet calculatedCVE-2018-5960
MISC
zillya! -- zillya!_antivirusIn Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424.2018-01-21not yet calculatedCVE-2018-5958
MISC
zillya! -- zillya!_antivirusIn Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.2018-01-21not yet calculatedCVE-2018-5957
MISC
zillya! -- zillya!_antivirusIn Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414.2018-01-21not yet calculatedCVE-2018-5956
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Tax Identity Theft Awareness Week

January 29, 2018, 5:27 am
$
0
0
Original release date: January 29, 2018

Tax Identity Theft Awareness Week is January 29 to February 2, and many federal agencies are offering information and resources to help consumers learn to protect themselves from tax-related identity theft and Internal Revenue Service (IRS) imposter scams.

NCCIC/US-CERT encourages consumers to review IRS publication Taxes.Security.Together. and NCCIC/US-CERT Tip Preventing and Responding to Identity Theft. Users can also participate in a series of free webinars and chats on avoiding tax identity theft, hosted by the Federal Trade Commission, IRS, Department of Veterans Affairs, and others.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Cisco Releases Security Update

January 29, 2018, 11:06 am
$
0
0
Original release date: January 29, 2018

Cisco has released a security update to address a vulnerability in its Adaptive Security Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update for Firefox

January 30, 2018, 4:23 am
$
0
0
Original release date: January 30, 2018

Mozilla has released a security update to address a vulnerability in Firefox. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 58.0.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

January 31, 2018, 10:52 am
$
0
0
Original release date: January 31, 2018

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Pyeongchang 2018: Staying Cyber Safe during the Olympics

February 1, 2018, 3:35 am
$
0
0
Original release date: February 01, 2018

As the 2018 Olympic Games in Pyeongchang approach, NCCIC/US-CERT reminds travelers to be aware of cybersecurity risks. At high-profile events, cyber activists may take advantage of the large audience to spread their message. Cyber criminals may attempt to steal personally identifiable information or harvest users’ credentials for financial gain. There is also the possibility that mobile or other communications will be monitored.

NCCIC/US-CERT encourages users to protect themselves against these risks—especially risks associated with portable devices such as smart phones and tablets—by taking the following actions:

  • Switch off Wi-Fi and Bluetooth connections when not in use.
  • Use a credit card to pay for online goods and services.
  • When using a public or unsecured wireless connection, avoid using sites and applications that require personal information like log-ins.
  • Update mobile software.
  • Use strong PINs and passwords.

Using the security practices suggested in the resources listed below will also help travelers stay more secure in Pyeongchang and other travel destinations:

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Warns of Impersonation Scams

February 1, 2018, 6:18 pm
$
0
0
Original release date: February 01, 2018

The Internet Crime Complaint Center (IC3) has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited messages.

NCCIC/US-CERT encourages consumers to refer to the IC3 Alert and the NCCIC/US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Warns of Online Dating Scams

February 1, 2018, 6:22 pm
$
0
0
Original release date: February 01, 2018

The Federal Trade Commission (FTC) has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.

To stay safer online, review the FTC article on Online Dating Scams and the NCCIC/US-CERT tip on Staying Safe on Social Networking Sites. If you think you have been a victim of an online dating scam, report your experience to

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-036: Vulnerability Summary for the Week of January 29, 2018

February 4, 2018, 10:08 pm
$
0
0
Original release date: February 05, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
wondercms -- wondercmsIn WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.2018-01-266.5CVE-2017-14521
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
7-zip -- 7-zip_and_p7zipInsufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.2018-01-31not yet calculatedCVE-2018-5996
MISC
7-zip -- 7-zip_and_p7zipHeap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.2018-01-30not yet calculatedCVE-2017-17969
MISC
apache -- cordovaAfter the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip2018-02-01not yet calculatedCVE-2017-3160
MISC
apache -- poiApache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).2018-01-29not yet calculatedCVE-2017-12626
BID
MLIST
apache -- tomcatAs part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.2018-01-31not yet calculatedCVE-2017-15706
MLIST
apache -- tomcat_native_connectorWhen parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.2018-01-31not yet calculatedCVE-2017-15698
MLIST
apport -- apportApport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.2018-02-02not yet calculatedCVE-2017-14179
CONFIRM
CONFIRM
apport -- apportApport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.2018-02-02not yet calculatedCVE-2017-14177
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apport -- apportApport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.2018-02-02not yet calculatedCVE-2017-14180
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apsis -- poundApsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.2018-01-29not yet calculatedCVE-2016-10711
CONFIRM
arq -- arqThe standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.2018-01-31not yet calculatedCVE-2017-16945
MISC
MISC
EXPLOIT-DB
arq -- arqThe arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.2018-01-31not yet calculatedCVE-2017-16928
MISC
MISC
EXPLOIT-DB
artifex -- mupdfpdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.2018-02-02not yet calculatedCVE-2018-6544
MISC
MISC
MISC
MISC
asus -- asuswrtPassword are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.2018-01-31not yet calculatedCVE-2017-15656
MISC
FULLDISC
asus -- asuswrtMultiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.2018-01-31not yet calculatedCVE-2017-15655
MISC
FULLDISC
MISC
asus -- asuswrtHighly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.2018-01-31not yet calculatedCVE-2017-15654
MISC
FULLDISC
asus -- asuswrtImproper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.2018-01-31not yet calculatedCVE-2017-15653
MISC
FULLDISC
asus -- multiple_routersASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.2018-01-29not yet calculatedCVE-2017-14698
CONFIRM
MISC
asus -- multiple_routersMultiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.2018-01-29not yet calculatedCVE-2017-14699
CONFIRM
MISC
atlassian -- activity_streamsSeveral rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.2018-01-29not yet calculatedCVE-2017-9513
BID
CONFIRM
atlassian -- bambooThe update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18042
CONFIRM
atlassian -- bambooThe saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18080
CONFIRM
atlassian -- bambooThe viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18041
CONFIRM
atlassian -- bambooThe viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18040
CONFIRM
atlassian -- bambooThe signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.2018-02-02not yet calculatedCVE-2017-18081
CONFIRM
atlassian -- bambooThe plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.2018-02-02not yet calculatedCVE-2017-18082
CONFIRM
atlassian -- bitbucket_serverThe Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18036
CONFIRM
atlassian -- bitbucket_serverThe git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.2018-02-02not yet calculatedCVE-2017-18037
CONFIRM
atlassian -- bitbucket_serverThe repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.2018-02-02not yet calculatedCVE-2017-18038
CONFIRM
atlassian -- confluence_serverThe viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.2018-02-02not yet calculatedCVE-2017-18085
CONFIRM
atlassian -- confluence_serverThe editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.2018-02-02not yet calculatedCVE-2017-18083
CONFIRM
atlassian -- confluence_serverThe usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.2018-02-02not yet calculatedCVE-2017-18084
CONFIRM
atlassian -- confluence_server
 		Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.2018-02-02not yet calculatedCVE-2017-18086
CONFIRM
atlassian -- crowdThe 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.2018-01-31not yet calculatedCVE-2017-16858
CONFIRM
atlassian -- fisheye_and_crucibleIt was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.2018-01-31not yet calculatedCVE-2017-16861
MISC
MISC
MISC
MISC
atlassian -- fisheye_and_crucibleThe /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.2018-02-02not yet calculatedCVE-2017-18035
CONFIRM
CONFIRM
atlassian -- fisheye_and_crucibleThe source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.2018-02-02not yet calculatedCVE-2017-18034
CONFIRM
CONFIRM
atlassian -- jiraThe IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.2018-02-02not yet calculatedCVE-2017-18039
CONFIRM
bmc -- track-it!BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.2018-01-30not yet calculatedCVE-2016-6599
MISC
FULLDISC
CONFIRM
MISC
bmc -- track-it!BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.2018-01-30not yet calculatedCVE-2016-6598
MISC
FULLDISC
CONFIRM
MISC
brace-expansion -- brace-expansionindex.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.2018-01-27not yet calculatedCVE-2017-18077
MISC
MISC
MISC
MISC
ccn-lite -- ccn-liteA type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient.2018-01-31not yet calculatedCVE-2018-6480
CONFIRM
center_for_internet_security -- cis-cat_pro_dashboardIn Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.2018-01-31not yet calculatedCVE-2017-8916
CONFIRM
cisco -- adaptive_security_applianceA vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618.2018-01-29not yet calculatedCVE-2018-0101
BID
SECTRACK
CONFIRM
cisco -- ios_xrA vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800.2018-01-31not yet calculatedCVE-2018-0136
SECTRACK
CONFIRM
citrix -- netscaler_vpxCitrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.2018-02-01not yet calculatedCVE-2018-6186
MISC
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.2018-01-26not yet calculatedCVE-2017-12378
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.2018-01-26not yet calculatedCVE-2017-12376
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.2018-01-26not yet calculatedCVE-2017-12380
CONFIRM
CONFIRM
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.2018-01-26not yet calculatedCVE-2017-12375
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.2018-01-26not yet calculatedCVE-2017-12379
CONFIRM
CONFIRM
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.2018-01-26not yet calculatedCVE-2017-12374
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.2018-01-26not yet calculatedCVE-2017-12377
CONFIRM
CONFIRM
cloud_foundry_foundation -- cf-releaseIn Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.2018-02-01not yet calculatedCVE-2018-1192
CONFIRM
conceptronic -- cipcamptiwl_devicesAn issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.2018-01-30not yet calculatedCVE-2018-6407
MISC
conceptronic -- cipcamptiwl_devicesAn issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account.2018-01-30not yet calculatedCVE-2018-6408
MISC
data_components -- tsitebuilderSQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.2018-01-29not yet calculatedCVE-2018-6365
MISC
EXPLOIT-DB
debian -- debianzxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.2018-01-30not yet calculatedCVE-2011-2902
MLIST
CONFIRM
CONFIRM
dodocool -- dc38_3-in-1_n300_mini_wireless_range_devicesAn issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc.2018-01-29not yet calculatedCVE-2018-5720
EXPLOIT-DB
dojo -- dojo_toolkitdijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.2018-02-02not yet calculatedCVE-2018-6561
MISC
drupal -- drupalThe Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.2018-02-01not yet calculatedCVE-2014-9503
MLIST
XF
MISC
CONFIRM
drupal -- drupalMultiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.2018-02-01not yet calculatedCVE-2014-9502
MLIST
XF
MISC
CONFIRM
drupal -- drupal
 		The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.2018-02-01not yet calculatedCVE-2014-9504
MLIST
XF
MISC
CONFIRM
electrum -- electrumThe Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.2018-01-27not yet calculatedCVE-2018-6353
MISC
MISC
eventum -- eventumEventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.2018-01-31not yet calculatedCVE-2014-1631
CONFIRM
BUGTRAQ
CONFIRM
MISC
eventum -- eventumhtdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.2018-01-31not yet calculatedCVE-2014-1632
CONFIRM
BUGTRAQ
CONFIRM
MISC
evergreen -- evergreenEvergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.2018-02-01not yet calculatedCVE-2015-2204
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
evergreen -- evergreenEvergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.2018-02-01not yet calculatedCVE-2015-2203
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
evergreen -- evergreenThe open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.2018-02-01not yet calculatedCVE-2013-7435
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
ezcode -- event_managerSQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.2018-02-02not yet calculatedCVE-2018-6576
EXPLOIT-DB
ffmpeg -- ffmpegThe filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.2018-01-29not yet calculatedCVE-2018-6392
BID
CONFIRM
CONFIRM
flatpak -- flatpakIn dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.2018-02-02not yet calculatedCVE-2018-6560
CONFIRM
CONFIRM
CONFIRM
flexense -- syncbreeze_enterpriseA buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.2018-02-02not yet calculatedCVE-2018-6537
EXPLOIT-DB
formspree -- formspreetemplates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.2018-01-27not yet calculatedCVE-2018-6354
MISC
fortinet -- fortiosA Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.2018-01-29not yet calculatedCVE-2017-14190
BID
SECTRACK
CONFIRM
freepbx -- freepbxFreePBX 10.13.66-32bit allows post-authentication SQL injection via the order parameter.2018-01-29not yet calculatedCVE-2018-6393
MISC
BID
g_data_totalprotection -- g_data_totalprotectionThe MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.2018-02-01not yet calculatedCVE-2014-3752
MISC
FULLDISC
BUGTRAQ
MISC
gifsicle -- gifsicleA double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.2018-02-02not yet calculatedCVE-2017-18120
MISC
MISC
MISC
MISC
glibc -- glibcA buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.2018-01-31not yet calculatedCVE-2017-1000409
MLIST
EXPLOIT-DB
glibc -- glibcA memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.2018-01-31not yet calculatedCVE-2017-1000408
MLIST
EXPLOIT-DB
glibc -- glibcIn glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.2018-01-31not yet calculatedCVE-2018-1000001
MLIST
BID
SECTRACK
EXPLOIT-DB
MISC
gnu -- binutilsThe elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-01-26not yet calculatedCVE-2018-6323
BID
CONFIRM
gnu -- binutilsIn GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-02-02not yet calculatedCVE-2018-6543
MISC
gnu -- cpioIt was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory.2018-01-29not yet calculatedCVE-2017-7516
CONFIRM
MISC
gnu -- glibcAn integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.2018-02-01not yet calculatedCVE-2018-6485
CONFIRM
CONFIRM
gnu -- glibcThe malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.2018-02-02not yet calculatedCVE-2018-6551
CONFIRM
CONFIRM
hotspot_shield -- hotspot_shieldHotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.2018-01-31not yet calculatedCVE-2018-6460
MISC
huawei -- multple_productsMultiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.2018-01-30not yet calculatedCVE-2014-4705
SECUNIA
CONFIRM
iball -- 300m_devices/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter.2018-01-30not yet calculatedCVE-2018-6355
MISC
iball -- ib-wra150n_devicesiBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.2018-01-29not yet calculatedCVE-2018-6388
MISC
iball -- ib-wra150n_devicesiBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.2018-01-29not yet calculatedCVE-2018-6387
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.2018-01-29not yet calculatedCVE-2017-1783
CONFIRM
BID
SECTRACK
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.2018-01-29not yet calculatedCVE-2017-1779
CONFIRM
BID
SECTRACK
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.2018-01-29not yet calculatedCVE-2017-1784
CONFIRM
SECTRACK
MISC
ibm -- cognos_tm1IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617.2018-01-26not yet calculatedCVE-2017-1506
CONFIRM
SECTRACK
MISC
ibm -- content_navigatorIBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.2018-01-29not yet calculatedCVE-2018-1364
CONFIRM
BID
MISC
ibm -- datapower_gatewaysIBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.2018-01-31not yet calculatedCVE-2017-1773
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.2018-01-26not yet calculatedCVE-2017-1545
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.2018-01-26not yet calculatedCVE-2017-1540
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 131769.2018-01-26not yet calculatedCVE-2017-1567
CONFIRM
BID
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.2018-01-26not yet calculatedCVE-2017-1563
CONFIRM
BID
MISC
ibm -- doors_web_accessIBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.2018-01-26not yet calculatedCVE-2017-1532
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.2018-01-26not yet calculatedCVE-2017-1515
CONFIRM
BID
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.2018-01-26not yet calculatedCVE-2017-1516
CONFIRM
BID
MISC
ibm -- jazz_foundationIBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.2018-01-26not yet calculatedCVE-2017-1653
CONFIRM
BID
SECTRACK
SECTRACK
SECTRACK
MISC
ibm -- remote_controlIBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.2018-01-31not yet calculatedCVE-2017-1233
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.2018-01-26not yet calculatedCVE-2016-2983
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.2018-01-26not yet calculatedCVE-2017-1204
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experience
 		IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.2018-01-26not yet calculatedCVE-2017-1279
CONFIRM
MISC
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.2018-01-30not yet calculatedCVE-2017-1731
CONFIRM
MISC
icinga -- icingaAn issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.2018-02-02not yet calculatedCVE-2018-6536
MISC
imagemagick -- imagemagickIn the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.2018-01-30not yet calculatedCVE-2018-6405
CONFIRM
imm2 -- imm2An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.2018-01-26not yet calculatedCVE-2017-3768
CONFIRM
intel -- graphics_driverPointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.2018-02-02not yet calculatedCVE-2017-5727
CONFIRM
iolo -- system_shieldIn Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.2018-01-31not yet calculatedCVE-2018-5701
MISC
EXPLOIT-DB
MISC
ipswitch -- moveitIpswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.2018-02-02not yet calculatedCVE-2018-6545
MISC
japan_total_system -- groupsessionOpen redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2018-01-26not yet calculatedCVE-2017-2166
JVN
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.2018-01-29not yet calculatedCVE-2017-1000355
BID
CONFIRM
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.2018-01-29not yet calculatedCVE-2017-1000353
BID
CONFIRM
EXPLOIT-DB
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.2018-01-29not yet calculatedCVE-2017-1000354
BID
CONFIRM
jenkins -- jenkinsJenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.2018-01-29not yet calculatedCVE-2017-1000356
BID
CONFIRM
joomla! -- joomla!SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.2018-01-30not yet calculatedCVE-2018-6395
EXPLOIT-DB
joomla! -- joomla!CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.2018-01-29not yet calculatedCVE-2018-6007
MISC
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.2018-02-02not yet calculatedCVE-2018-6581
EXPLOIT-DB
joomla! -- joomla!In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.2018-01-30not yet calculatedCVE-2018-6379
SECTRACK
CONFIRM
joomla! -- joomla!In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox2018-01-30not yet calculatedCVE-2018-6377
SECTRACK
CONFIRM
joomla! -- joomla!In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.2018-01-30not yet calculatedCVE-2018-6376
SECTRACK
CONFIRM
joomla! -- joomla!SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.2018-01-30not yet calculatedCVE-2018-6398
EXPLOIT-DB
joomla! -- joomla!In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.2018-01-30not yet calculatedCVE-2018-6380
SECTRACK
CONFIRM
joomla! -- joomla!SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.2018-02-02not yet calculatedCVE-2018-6578
EXPLOIT-DB
joomla! -- joomla!Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.2018-02-02not yet calculatedCVE-2018-6580
EXPLOIT-DB
joomla! -- joomla!Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.2018-01-29not yet calculatedCVE-2018-6008
MISC
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.2018-02-02not yet calculatedCVE-2018-6579
EXPLOIT-DB
joomla! -- joomla!Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.2018-01-30not yet calculatedCVE-2018-6397
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.2018-02-02not yet calculatedCVE-2018-6577
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.2018-02-02not yet calculatedCVE-2018-6575
EXPLOIT-DB
kingsoft -- wps_officeThe WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.2018-01-29not yet calculatedCVE-2018-6390
MISC

kkcal -- epg_search_result_viewer

Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0508
CONFIRM
JVN
kkcal -- epg_search_result_viewerCross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0509
CONFIRM
JVN
kkcal -- epg_search_result_viewerBuffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0510
CONFIRM
JVN
libming -- libmingThe printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.2018-01-27not yet calculatedCVE-2018-6358
CONFIRM
libming -- libmingThe decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-27not yet calculatedCVE-2018-6359
BID
CONFIRM
libwebm -- libwebmA use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.2018-02-02not yet calculatedCVE-2018-6548
MISC
MISC
libwebm -- libwebmThe function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.2018-01-30not yet calculatedCVE-2018-6406
MISC
MISC
linux -- linux_kernelThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.2018-01-26not yet calculatedCVE-2018-5750
CONFIRM
linux -- linux_kernelThe open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.2018-02-01not yet calculatedCVE-2014-3519
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kerneldrivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.2018-01-29not yet calculatedCVE-2017-18079
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16913
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelIn the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.2018-01-31not yet calculatedCVE-2018-6412
MISC
linux -- linux_kernelThe "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16914
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelThe vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.2018-01-31not yet calculatedCVE-2017-16911
BID
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelThe "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16912
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mantisbt -- mantisbtview_all_bug_page.php in MantisBT 2.10.0 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.2018-02-02not yet calculatedCVE-2018-6526
MISC
mantisbt -- mantisbtMantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address,2018-01-30not yet calculatedCVE-2018-6382
MISC
MISC
micro_focus -- fortify_audit_workbench_and_software_security_centerXML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.2018-02-02not yet calculatedCVE-2018-6486
CONFIRM
miekg-dns -- miekg-dnsA denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.2018-01-29not yet calculatedCVE-2017-15133
CONFIRM
CONFIRM
monstra -- monstra_cmsMonstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.2018-02-02not yet calculatedCVE-2018-6550
CONFIRM
CONFIRM
monstra -- monstra_cmsMonstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.2018-01-29not yet calculatedCVE-2018-6383
MISC
mpv -- mpvmpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.2018-01-27not yet calculatedCVE-2018-6360
MISC
MISC
netis -- wf2419_devicesA cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.2018-01-29not yet calculatedCVE-2018-6391
MISC
MISC
EXPLOIT-DB
netwave -- ip_camera_devicesAn issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI.2018-01-31not yet calculatedCVE-2018-6479
MISC
nibbleblog -- nibbleblogNibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.2018-02-01not yet calculatedCVE-2018-6470
MISC
nootka -- nootkaNootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2018-01-26not yet calculatedCVE-2018-0506
JVN
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.2018-02-01not yet calculatedCVE-2018-6525
MISC
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.2018-02-01not yet calculatedCVE-2018-6524
MISC
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.2018-02-01not yet calculatedCVE-2018-6523
MISC
nprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.2018-02-01not yet calculatedCVE-2018-6522
MISC
nsclient++ -- nsclient++Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.2018-01-31not yet calculatedCVE-2018-6384
CONFIRM
ntt-cert -- flet's_virus_clear_easy_setup_&_application_toolUntrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-01-26not yet calculatedCVE-2018-0507
JVN
omniauth -- omniauthIn strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.2018-01-26not yet calculatedCVE-2017-18076
CONFIRM
CONFIRM
CONFIRM
opendaylight -- opendaylightOpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout.2018-01-31not yet calculatedCVE-2017-1000411
MLIST
BID
packetfence -- packetfencehtml/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.2018-02-01not yet calculatedCVE-2011-4069
CONFIRM
CONFIRM
packetfence -- packetfenceThe check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.2018-02-01not yet calculatedCVE-2011-4068
CONFIRM
CONFIRM
perfex_crm -- perfex_crmIn Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.2018-01-26not yet calculatedCVE-2017-17976
MISC
EXPLOIT-DB
phoenix_contact -- mguardAn Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.2018-01-30not yet calculatedCVE-2018-5441
MISC
phpscriptsmall.com -- multilanguage_real_estate_mlm_scriptSQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.2018-01-29not yet calculatedCVE-2018-6364
MISC
EXPLOIT-DB
pictuscode -- taskrabbit_clone_scriptSQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.2018-01-29not yet calculatedCVE-2018-6363
MISC
EXPLOIT-DB
podofo -- podofoIn PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.2018-01-27not yet calculatedCVE-2018-6352
MISC
ptex -- ptexAn exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.2018-01-29not yet calculatedCVE-2018-3835
MISC
pulse_secure -- desktop_linuxThe GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.2018-01-31not yet calculatedCVE-2018-6374
CONFIRM
puppet -- puppet_enterpriseVersions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.2018-02-01not yet calculatedCVE-2017-2293
CONFIRM
puppet -- puppet_enterprisePuppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.2018-02-01not yet calculatedCVE-2017-2297
CONFIRM
puppet -- puppet_enterpriseIn Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.2018-02-01not yet calculatedCVE-2017-2296
CONFIRM
qemu -- qemuInteger overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).2018-01-31not yet calculatedCVE-2017-18043
MLIST
BID
CONFIRM
simditor -- simditorSimditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.2018-01-31not yet calculatedCVE-2018-6464
MISC
simplesamlphp -- simplesamlphpThe consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.2018-02-02not yet calculatedCVE-2017-18121
CONFIRM
simplesamlphp -- simplesamlphpA signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.2018-02-02not yet calculatedCVE-2017-18122
CONFIRM
simplesamlphp -- simplesamlphpThe SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.2018-02-01not yet calculatedCVE-2018-6519
CONFIRM
simplesamlphp -- simplesamlphpThe sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.2018-02-01not yet calculatedCVE-2018-6521
CONFIRM
simplesamlphp -- simplesamlphpSimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.2018-02-01not yet calculatedCVE-2018-6520
CONFIRM
snapd -- snapdIn snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.2018-02-02not yet calculatedCVE-2017-14178
CONFIRM
CONFIRM
CONFIRM
sophos -- puremessage_for_unixCross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-26not yet calculatedCVE-2016-6217
CONFIRM
sugarcrm -- sugarcrmXML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.2018-02-01not yet calculatedCVE-2014-3244
FULLDISC
BID
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080.2018-01-31not yet calculatedCVE-2018-6473
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c.2018-01-31not yet calculatedCVE-2018-6472
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.2018-01-31not yet calculatedCVE-2018-6476
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148.2018-01-31not yet calculatedCVE-2018-6474
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.2018-01-31not yet calculatedCVE-2018-6475
MISC
superantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078.2018-01-31not yet calculatedCVE-2018-6471
MISC
systemd -- systemdsystemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.2018-01-29not yet calculatedCVE-2017-18078
MISC
EXPLOIT-DB
tracker -- pdf-xchange_viewer_and_viewer_ax_sdkTracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.2018-01-31not yet calculatedCVE-2018-6462
CONFIRM
vastal_i-tech -- buddy_zone_facebook_cloneSQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.2018-01-29not yet calculatedCVE-2018-6367
MISC
EXPLOIT-DB
vmware -- airwatch_consoleVMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.2018-01-29not yet calculatedCVE-2017-4951
BID
SECTRACK
CONFIRM
vmware -- realize_automationVMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.2018-01-29not yet calculatedCVE-2017-4947
BID
SECTRACK
SECTRACK
CONFIRM
wondercms -- wondercmsIn WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript.2018-01-26not yet calculatedCVE-2017-14522
MISC
wondercms -- wondercmsWonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages.2018-01-26not yet calculatedCVE-2017-14523
MISC
wordpress -- wordpressadmin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.2018-01-30not yet calculatedCVE-2018-6195
MISC
FULLDISC
CONFIRM
MISC
wordpress -- wordpressThe PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.2018-01-31not yet calculatedCVE-2018-6465
MISC
MISC
MISC
MISC
wordpress -- wordpressCross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0511
JVN
CONFIRM
wordpress -- wordpressA cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.2018-01-30not yet calculatedCVE-2018-6194
MISC
FULLDISC
CONFIRM
MISC
wordpress -- wordpressAn issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.2018-01-26not yet calculatedCVE-2018-6015
MISC
CONFIRM
EXPLOIT-DB
wordpress -- wordpressThe acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.2018-01-27not yet calculatedCVE-2018-6357
MISC
MISC
zabbix -- zabbixXML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.2018-02-01not yet calculatedCVE-2014-3005
FEDORA
FEDORA
FULLDISC
BID
CONFIRM
CONFIRM
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-01not yet calculatedCVE-2018-6484
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.2018-01-29not yet calculatedCVE-2018-6381
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.2018-02-02not yet calculatedCVE-2018-6542
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6540
MISC
zziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6541
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Safer Internet Day

February 5, 2018, 5:56 am
$
0
0
Original release date: February 05, 2018

February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's SID theme—Create, Connect and Share Respect: A better Internet starts with you—encourages everyone to play their part in creating a better, safer, and more secure Internet.

NCCIC/US-CERT encourages users to view the Safer Internet Day website and the following tips:

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

February 5, 2018, 12:27 pm
$
0
0
Original release date: February 05, 2018

Cisco has released an updated advisory and security updates to address a vulnerability affecting its Adaptive Security Appliance software. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review Cisco's updated Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates for Flash Player

February 6, 2018, 10:09 am
$
0
0
Original release date: February 06, 2018

Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.                 

NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-03 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates for Multiple Products

February 7, 2018, 10:08 am
$
0
0
Original release date: February 07, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-043: Vulnerability Summary for the Week of February 5, 2018

February 11, 2018, 9:46 pm
$
0
0
Original release date: February 12, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
abrt -- abrt
 		The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.2018-02-09not yet calculatedCVE-2015-1862
MISC
MISC
MISC
FULLDISC
MLIST
BID
CONFIRM
CONFIRM
EXPLOIT-DB
EXPLOIT-DB
adobe -- flash_player
 		A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to quality of service functionality. A successful attack can lead to arbitrary code execution.2018-02-06not yet calculatedCVE-2018-4877
BID
REDHAT
MISC
adobe -- flash_player
 		A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to the handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.2018-02-06not yet calculatedCVE-2018-4878
MISC
BID
SECTRACK
REDHAT
MISC
MISC
MISC
MISC
anymail -- anymail
 		webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.2018-02-03not yet calculatedCVE-2018-6596
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
apache -- allura
 		In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.2018-02-06not yet calculatedCVE-2018-1299
CONFIRM
MLIST
apache -- cloudstack
 		In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.2018-02-06not yet calculatedCVE-2013-4317
MLIST
apache -- cloudstack
 		Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.2018-02-06not yet calculatedCVE-2016-6813
MLIST
BID
MLIST
apache -- juddi
 		In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.2018-02-09not yet calculatedCVE-2018-1307
CONFIRM
CONFIRM
apache -- mod-gnutls
 		mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.2018-02-03not yet calculatedCVE-2009-5144
CONFIRM
MLIST
CONFIRM
CONFIRM
apache -- qpid_broker
 		A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable.2018-02-09not yet calculatedCVE-2018-1298
MLIST
apport -- apport
 		Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.2018-02-02not yet calculatedCVE-2017-14177
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apport -- apport
 		Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.2018-02-02not yet calculatedCVE-2017-14180
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apport -- apport
 		Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.2018-02-02not yet calculatedCVE-2017-14179
CONFIRM
CONFIRM
armmbed -- mbedtls
 		ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity.2018-02-09not yet calculatedCVE-2018-1000061
CONFIRM
artifex -- mupdf
 		pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.2018-02-02not yet calculatedCVE-2018-6544
MISC
MISC
MISC
MISC
artifex -- mupdf
 		Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.2018-02-09not yet calculatedCVE-2018-1000051
CONFIRM
CONFIRM
atlassian -- bamboo
 		The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18040
CONFIRM
atlassian -- bamboo
 		The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18042
CONFIRM
atlassian -- bamboo
 		The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.2018-02-02not yet calculatedCVE-2017-18082
CONFIRM
atlassian -- bamboo
 		The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18080
CONFIRM
atlassian -- bamboo
 		The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.2018-02-02not yet calculatedCVE-2017-18081
CONFIRM
atlassian -- bamboo
 		The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18041
CONFIRM
atlassian -- bitbucket_server
 		The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.2018-02-02not yet calculatedCVE-2017-18037
CONFIRM
atlassian -- bitbucket_server
 		The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18036
BID
CONFIRM
atlassian -- bitbucket_server
 		The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.2018-02-02not yet calculatedCVE-2017-18038
CONFIRM
atlassian -- confluence_serverThe viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.2018-02-02not yet calculatedCVE-2017-18085
CONFIRM
atlassian -- confluence_server
 		The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.2018-02-02not yet calculatedCVE-2017-18083
CONFIRM
atlassian -- confluence_server
 		Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.2018-02-02not yet calculatedCVE-2017-18086
CONFIRM
atlassian -- confluence_server
 		The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.2018-02-02not yet calculatedCVE-2017-18084
CONFIRM
atlassian -- fisheye_and_crucible
 		The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.2018-02-02not yet calculatedCVE-2017-18035
CONFIRM
CONFIRM
atlassian -- fisheye_and_crucible
 		The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.2018-02-02not yet calculatedCVE-2017-18034
CONFIRM
CONFIRM
atlassian -- jira
 		The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.2018-02-02not yet calculatedCVE-2017-18039
CONFIRM
audacity -- audacity
 		Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.2018-02-07not yet calculatedCVE-2016-2540
CONFIRM
MISC
audacity -- audacity
 		Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.2018-02-07not yet calculatedCVE-2016-2541
CONFIRM
MISC
avaya -- aura
 		System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.2018-02-05not yet calculatedCVE-2018-6635
BID
SECTRACK
CONFIRM
bitpay -- insight-api
 		Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.2018-02-09not yet calculatedCVE-2018-1000023
CONFIRM
boot2docker -- boot2dockerDocker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.2018-02-06not yet calculatedCVE-2014-5282
CONFIRM
CONFIRM
boot2docker -- boot2docker
 		boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.2018-02-06not yet calculatedCVE-2014-5280
CONFIRM
boot2docker -- boot2docker
 		The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.2018-02-06not yet calculatedCVE-2014-5279
CONFIRM
borg -- borg_servers
 		Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.2018-02-08not yet calculatedCVE-2017-15914
CONFIRM
brocade -- fabric_os
 		Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.2018-02-08not yet calculatedCVE-2017-6225
CONFIRM
brocade -- fabric_os
 		A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.2018-02-08not yet calculatedCVE-2017-6227
CONFIRM
canvs_canvas -- canvs_canvas
 		Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.2018-02-09not yet calculatedCVE-2017-1000507
CONFIRM
ccn-lite -- ccn-lite
 		ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.2018-02-07not yet calculatedCVE-2017-12412
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values."2018-02-07not yet calculatedCVE-2017-12473
CONFIRM
ccn-lite -- ccn-lite
 		Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown.2018-02-07not yet calculatedCVE-2017-12463
CONFIRM
ccn-lite -- ccn-lite
 		Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.2018-02-07not yet calculatedCVE-2017-12470
CONFIRM
ccn-lite -- ccn-lite
 		ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.2018-02-07not yet calculatedCVE-2017-12464
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.2018-02-07not yet calculatedCVE-2017-12466
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.2018-02-07not yet calculatedCVE-2017-12469
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.2018-02-07not yet calculatedCVE-2017-12467
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.2018-02-07not yet calculatedCVE-2017-12465
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.2018-02-07not yet calculatedCVE-2017-12468
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.2018-02-07not yet calculatedCVE-2017-12471
CONFIRM
CONFIRM
ccn-lite -- ccn-lite
 		ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc.2018-02-07not yet calculatedCVE-2017-12472
CONFIRM
CONFIRM
cisco -- data_center_analytics_framework
 		A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02088.2018-02-08not yet calculatedCVE-2018-0129
BID
CONFIRM
cisco -- data_center_analytics_framework
 		A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02082.2018-02-08not yet calculatedCVE-2018-0128
BID
CONFIRM
cisco -- email_security_appliance_and _content_security_management_appliance
 		A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.2018-02-08not yet calculatedCVE-2018-0140
SECTRACK
SECTRACK
CONFIRM
cisco -- firepower_system_software
 		A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946.2018-02-08not yet calculatedCVE-2018-0138
CONFIRM
cisco -- ios_and_ios_xe_software
 		A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950.2018-02-08not yet calculatedCVE-2018-0123
SECTRACK
CONFIRM
cisco -- ios_xr_softwareA vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency between the FIB and the RIB, resulting in a DoS condition. Cisco Bug IDs: CSCus84718.2018-02-08not yet calculatedCVE-2018-0132
SECTRACK
CONFIRM
cisco -- policy_suite
 		A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830.2018-02-08not yet calculatedCVE-2018-0134
BID
CONFIRM

cisco -- policy_suite


 		A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124.2018-02-08not yet calculatedCVE-2018-0116
CONFIRM

cisco -- prime_network


 		A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152.2018-02-08not yet calculatedCVE-2018-0137
BID
CONFIRM

cisco -- rv132w_adsl2+_wireless-n_vpn_ and _rv134w_vdsl2_wireless-ac_vpn_routers


 		A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.2018-02-08not yet calculatedCVE-2018-0127
SECTRACK
CONFIRM
cisco -- rv132w_adsl2+_wireless-n_vpn_and_rv134w_vdsl2_wireless-ac_vpn_routers
 		A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.2018-02-08not yet calculatedCVE-2018-0125
SECTRACK
CONFIRM
cisco -- spark
 		A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206.2018-02-08not yet calculatedCVE-2018-0119
CONFIRM

cisco -- staros_operating_system_for_cisco_asr_5000_series_aggregation_services_routers


 		A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335.2018-02-08not yet calculatedCVE-2018-0122
SECTRACK
CONFIRM
cisco -- ucs_central
 		A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.2018-02-08not yet calculatedCVE-2018-0113
SECTRACK
CONFIRM
cisco -- unified_communications_manager
 		A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.2018-02-08not yet calculatedCVE-2018-0135
SECTRACK
CONFIRM
cisco -- unified_communications_manager
 		A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810.2018-02-08not yet calculatedCVE-2018-0120
BID
SECTRACK
CONFIRM
cisco -- virtualized_packet_core-distributed_instance_softwareA vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. Cisco Bug IDs: CSCve17656.2018-02-08not yet calculatedCVE-2018-0117
CONFIRM
claymore -- dual_gpu_miner
 		The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.2018-02-02not yet calculatedCVE-2018-6317
MISC
EXPLOIT-DB
claymore -- dual_gpu_miner
 		nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote Code Execution vulnerability in API that can result in RCE by abusing the remote manager API. This attack appear to be exploitable via The victim must run the miner with read/write mode enabled.2018-02-09not yet calculatedCVE-2018-1000049
MISC
MISC
cloudera -- cloudera
 		An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.2018-02-04not yet calculatedCVE-2017-15536
CONFIRM
cozy -- cozy
 		Cozy has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset.2018-02-07not yet calculatedCVE-2018-6824
MISC
croogo -- croogo
 		Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.2018-02-09not yet calculatedCVE-2017-1000510
CONFIRM
django -- django
 		django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.2018-02-04not yet calculatedCVE-2018-6188
CONFIRM
dojo -- dojo_toolkit
 		dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.2018-02-02not yet calculatedCVE-2018-6561
MISC
dokuwiki -- dokuwiki
 		The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.2018-02-03not yet calculatedCVE-2017-18123
MISC
MISC
MISC
MISC
MLIST
MISC
dolibarr -- dolibarr
 		Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.2018-02-09not yet calculatedCVE-2017-1000509
CONFIRM
echor -- echorThe perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.2018-02-02not yet calculatedCVE-2014-1834
MLIST
echor -- echor
 		The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.2018-02-02not yet calculatedCVE-2014-1835
MLIST
XF
edx -- edx
 		The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.2018-02-03not yet calculatedCVE-2015-2186
CONFIRM
CONFIRM
efront -- cms
 		Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.2018-02-05not yet calculatedCVE-2015-4461
CONFIRM
MISC
electrum_technologies -- electrum_bitcoin_wallet
 		Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.2018-02-09not yet calculatedCVE-2018-1000022
MISC
MISC
CONFIRM
MISC
emc -- recoverpoint
 		An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.2018-02-03not yet calculatedCVE-2018-1184
CONFIRM
SECTRACK
emc -- recoverpoint
 		An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.2018-02-03not yet calculatedCVE-2018-1185
CONFIRM
SECTRACK
epson -- airprint
 		Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.2018-02-08not yet calculatedCVE-2018-5550
MISC
CONFIRM
ether -- etherpad_lite
 		static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.2018-02-08not yet calculatedCVE-2018-6834
CONFIRM
CONFIRM
ether -- etherpad_lite
 		node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.2018-02-08not yet calculatedCVE-2018-6835
CONFIRM
CONFIRM
exim -- exim
 		An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific function. This can be used to execute code remotely.2018-02-08not yet calculatedCVE-2018-6789
MLIST
CONFIRM
extreme_networks -- extremewireless_wingAn issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5787
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5793
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5791
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5792
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.2018-02-04not yet calculatedCVE-2018-5797
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5790
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5788
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.2018-02-04not yet calculatedCVE-2018-5794
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.2018-02-04not yet calculatedCVE-2018-5789
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller.2018-02-04not yet calculatedCVE-2018-5795
CONFIRM
extreme_networks -- extremewireless_wing
 		An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.2018-02-04not yet calculatedCVE-2018-5796
CONFIRM
ezcode -- event_manager
 		SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.2018-02-02not yet calculatedCVE-2018-6576
EXPLOIT-DB
f5 -- big-ip
 		In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.2018-02-06not yet calculatedCVE-2017-6169
SECTRACK
CONFIRM
fasterxml -- jackson-databind
 		A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.2018-02-06not yet calculatedCVE-2017-15095
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
DEBIAN
fasterxml -- jackson-databind
 		A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.2018-02-06not yet calculatedCVE-2017-7525
BID
SECTRACK
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
ffmpeg -- ffmpeg
 		Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.2018-02-08not yet calculatedCVE-2012-5359
MISC
CONFIRM
ffmpeg -- ffmpeg
 		Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.2018-02-08not yet calculatedCVE-2012-5360
MISC
CONFIRM
ffmpeg -- ffmpeg
 		The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.2018-02-04not yet calculatedCVE-2018-6621
BID
CONFIRM
firebase -- firebase
 		Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1.2018-02-09not yet calculatedCVE-2018-1000025
CONFIRM
CONFIRM
fishshell -- fishfish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.2018-02-09not yet calculatedCVE-2014-3219
FEDORA
GENTOO
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
flatpak -- flatpak
 		In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.2018-02-02not yet calculatedCVE-2018-6560
CONFIRM
CONFIRM
CONFIRM
flexense -- diskboss
 		An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.2018-02-02not yet calculatedCVE-2018-5261
MISC
flexense -- syncbreeze_enterpriseA buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the SyncBreeze Enterprise server and possibly remote command execution with SYSTEM privilege.2018-02-06not yet calculatedCVE-2017-17996
FULLDISC
MISC
flexense -- syncbreeze_enterprise
 		A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.2018-02-02not yet calculatedCVE-2018-6537
EXPLOIT-DB
fmtlib -- fmtlib
 		fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7.2018-02-09not yet calculatedCVE-2018-1000052
CONFIRM
CONFIRM
fortinet -- fortigate_fortidbMultiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf.2018-02-09not yet calculatedCVE-2012-6347
CONFIRM
MISC
fortinet -- fortigate_utm_waf_appliances_with_fortiosMultiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.2018-02-08not yet calculatedCVE-2012-0941
MISC
BID
XF
CONFIRM
SECTRACK
MISC
fortinet -- fortiwebMultiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.2018-02-09not yet calculatedCVE-2012-6346
CONFIRM
MISC
foxit -- foxit_reader_and_phantompdf
 		Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.2018-02-07not yet calculatedCVE-2016-6169
MISC
CONFIRM
foxit -- foxit_reader_and_phantompdf
 		Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.2018-02-07not yet calculatedCVE-2016-6168
MISC
CONFIRM
freebsd -- freebsd
 		patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1 allows remote attackers to execute arbitrary commands via a crafted patch file.2018-02-05not yet calculatedCVE-2015-1418
BID
SECTRACK
FREEBSD
freebsd -- freebsd
 		The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected.2018-02-05not yet calculatedCVE-2015-5674
BID
SECTRACK
FREEBSD
freebsd -- freebsd
 		Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.2018-02-05not yet calculatedCVE-2015-1416
MLIST
MLIST
MLIST
MLIST
BID
SECTRACK
FREEBSD
fuji_electric -- v-server_vpr
 		A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.2018-02-05not yet calculatedCVE-2018-5442
BID
MISC
futomi -- mp_form_mail_cgi_ecommerce_edition
 		MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2018-02-08not yet calculatedCVE-2018-0514
CONFIRM
JVN
gifsicle -- gifsicle
 		A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.2018-02-02not yet calculatedCVE-2017-18120
MISC
MISC
MISC
MISC
git -- git
 		GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).2018-02-09not yet calculatedCVE-2018-1000021
MISC
gnome -- librsvg
 		GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.2018-02-09not yet calculatedCVE-2018-1000041
CONFIRM
CONFIRM
gnu -- binutils
 		The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.2018-02-09not yet calculatedCVE-2018-6872
CONFIRM
CONFIRM
gnu -- binutils
 		The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.2018-02-06not yet calculatedCVE-2018-6759
CONFIRM
gnu -- binutils
 		In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-02-02not yet calculatedCVE-2018-6543
MISC
gnu -- c_library
 		The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.2018-02-02not yet calculatedCVE-2018-6551
CONFIRM
CONFIRM
go -- go
 		Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.2018-02-07not yet calculatedCVE-2018-6574
CONFIRM
CONFIRM
CONFIRM
google -- android
 		NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.2018-02-06not yet calculatedCVE-2017-6258
CONFIRM
google -- android
 		NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.2018-02-06not yet calculatedCVE-2017-6279
CONFIRM
google -- chrome
 		A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2018-02-07not yet calculatedCVE-2017-5126
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.2018-02-07not yet calculatedCVE-2017-5128
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.2018-02-07not yet calculatedCVE-2017-15390
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.2018-02-07not yet calculatedCVE-2017-5129
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.2018-02-07not yet calculatedCVE-2017-15397
BID
MISC
MISC
MISC
google -- chrome
 		Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.2018-02-07not yet calculatedCVE-2017-15391
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.2018-02-07not yet calculatedCVE-2017-5124
BID
REDHAT
MISC
MISC
MISC
MISC
GENTOO
DEBIAN
MISC
google -- chrome
 		A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.2018-02-07not yet calculatedCVE-2017-15395
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-02-07not yet calculatedCVE-2017-15386
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-02-07not yet calculatedCVE-2017-15389
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.2018-02-07not yet calculatedCVE-2017-5130
MISC
BID
REDHAT
MISC
MISC
MISC
MLIST
GENTOO
google -- chrome
 		An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.2018-02-07not yet calculatedCVE-2017-5131
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2018-02-07not yet calculatedCVE-2017-5127
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.2018-02-07not yet calculatedCVE-2017-15394
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-02-07not yet calculatedCVE-2017-5125
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.2018-02-07not yet calculatedCVE-2017-15393
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.2018-02-07not yet calculatedCVE-2017-5132
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.2018-02-07not yet calculatedCVE-2017-15388
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.2018-02-05not yet calculatedCVE-2018-6654
MISC
google -- chrome
 		Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.2018-02-07not yet calculatedCVE-2017-15392
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.2018-02-07not yet calculatedCVE-2017-15400
MISC
MISC
google -- chrome
 		Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentiality execute code via a crafted PDF file.2018-02-07not yet calculatedCVE-2017-5133
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 		Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.2018-02-07not yet calculatedCVE-2017-15387
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
graphicsmagick -- graphicsmagick
 		The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.2018-02-07not yet calculatedCVE-2018-6799
CONFIRM
gskit -- gskit
 		GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.2018-02-07not yet calculatedCVE-2018-1388
CONFIRM
MISC
i-o_data_device -- multiple_products
 		Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.2018-02-08not yet calculatedCVE-2018-0512
CONFIRM
JVN
ibm -- aix
 		IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.2018-02-07not yet calculatedCVE-2017-1692
CONFIRM
SECTRACK
MISC
ibm -- api_connect
 		IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.2018-02-07not yet calculatedCVE-2017-1785
CONFIRM
MISC
ibm -- api_connect
 		IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.2018-02-07not yet calculatedCVE-2018-1382
CONFIRM
MISC
ibm -- content_navigator
 		IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.2018-02-07not yet calculatedCVE-2018-1366
CONFIRM
MISC
ibm -- emptoris_sourcing
 		Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.2018-02-02not yet calculatedCVE-2016-0329
CONFIRM
XF
ibm -- sametimeIBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048.2018-02-08not yet calculatedCVE-2012-3331
CONFIRM
XF
ibm -- security_guardium_database_activity_monitor
 		IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765.2018-02-09not yet calculatedCVE-2018-1368
CONFIRM
MISC
ibm -- tivoli_business_service_manager
 		Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480.2018-02-02not yet calculatedCVE-2016-0311
CONFIRM
XF
CONFIRM
ibm -- tivoli_integrated_portal
 		Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-02-02not yet calculatedCVE-2016-0303
CONFIRM
ibm -- tririga_application_platform
 		IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486.2018-02-02not yet calculatedCVE-2016-0312
CONFIRM
XF
ibm -- tririga_application_platform
 		IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.2018-02-02not yet calculatedCVE-2016-0300
CONFIRM
XF
ibm -- tririga_application_platform
 		IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783.2018-02-02not yet calculatedCVE-2016-0342
CONFIRM
XF
ibm -- websphere_application_serverThe javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.2018-02-08not yet calculatedCVE-2011-4889
XF
CONFIRM
ibm -- websphere_portalIBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005.2018-02-09not yet calculatedCVE-2017-1761
CONFIRM
MISC
ibm -- websphere_portalIBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.2018-02-09not yet calculatedCVE-2018-1401
MISC
CONFIRM
ibm -- xiv_storage_system_devices
 		IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unspecified vectors. IBM X-Force ID: 75041.2018-02-08not yet calculatedCVE-2012-2166
CONFIRM
XF
icinga -- icinga
 		An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.2018-02-02not yet calculatedCVE-2018-6536
MISC
imagemagick -- imagemagick
 		THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.2018-02-09not yet calculatedCVE-2018-6876
MISC
infozip -- unzip
 		A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.2018-02-09not yet calculatedCVE-2018-1000031
MISC
infozip -- unzip
 		An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.2018-02-09not yet calculatedCVE-2018-1000033
MISC
infozip -- unzip
 		A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.2018-02-09not yet calculatedCVE-2018-1000032
MISC
infozip -- unzip
 		An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.2018-02-09not yet calculatedCVE-2018-1000034
MISC
infozip -- unzip
 		A heap-based buffer overflow exists in InfoZip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.2018-02-09not yet calculatedCVE-2018-1000035
MISC
intel -- graphics_driver
 		Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.2018-02-02not yet calculatedCVE-2017-5727
CONFIRM
invoiceplane -- invoiceplane
 		Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later.2018-02-09not yet calculatedCVE-2017-1000508
CONFIRM
CONFIRM
ipswitch -- moveit
 		Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.2018-02-02not yet calculatedCVE-2018-6545
MISC
jenkins -- jenkins
 		Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-02-09not yet calculatedCVE-2018-1000054
CONFIRM
jenkins -- jenkins
 		Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-02-09not yet calculatedCVE-2018-1000056
CONFIRM
jenkins -- jenkins
 		Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-02-09not yet calculatedCVE-2018-1000055
CONFIRM
jenkins -- jenkins
 		Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password.2018-02-09not yet calculatedCVE-2018-1000057
CONFIRM
jenkins -- jenkins
 		Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.2018-02-09not yet calculatedCVE-2018-1000058
CONFIRM
jhead -- jhead
 		An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.2018-02-04not yet calculatedCVE-2018-6612
CONFIRM
CONFIRM
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x221808.2018-02-06not yet calculatedCVE-2018-6787
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081E4.2018-02-06not yet calculatedCVE-2018-6780
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008088.2018-02-06not yet calculatedCVE-2018-6774
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008084.2018-02-06not yet calculatedCVE-2018-6773
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00825C.2018-02-06not yet calculatedCVE-2018-6783
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008090.2018-02-06not yet calculatedCVE-2018-6768
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2208C0.2018-02-06not yet calculatedCVE-2018-6788
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008224.2018-02-06not yet calculatedCVE-2018-6771
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400.2018-02-06not yet calculatedCVE-2018-6777
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00824C.2018-02-06not yet calculatedCVE-2018-6784
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008208.2018-02-06not yet calculatedCVE-2018-6772
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008254.2018-02-06not yet calculatedCVE-2018-6785
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x990081C8.2018-02-06not yet calculatedCVE-2018-6775
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220840.2018-02-06not yet calculatedCVE-2018-6786
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008264.2018-02-06not yet calculatedCVE-2018-6781
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008020.2018-02-06not yet calculatedCVE-2018-6769
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008268.2018-02-06not yet calculatedCVE-2018-6778
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00813C.2018-02-06not yet calculatedCVE-2018-6776
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081DC.2018-02-06not yet calculatedCVE-2018-6782
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008240.2018-02-06not yet calculatedCVE-2018-6779
MISC
jiangmin -- antivirus
 		In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008210.2018-02-06not yet calculatedCVE-2018-6770
MISC
joomla! -- joomla!
 		SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.2018-02-02not yet calculatedCVE-2018-6581
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.2018-02-02not yet calculatedCVE-2018-6578
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.2018-02-05not yet calculatedCVE-2018-6582
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.2018-02-02not yet calculatedCVE-2018-6579
EXPLOIT-DB
joomla! -- joomla!
 		Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.2018-02-02not yet calculatedCVE-2018-6580
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.2018-02-05not yet calculatedCVE-2018-6604
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.2018-02-05not yet calculatedCVE-2018-6605
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.2018-02-02not yet calculatedCVE-2018-6577
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.2018-02-05not yet calculatedCVE-2018-6609
EXPLOIT-DB
joomla! -- joomla!
 		SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.2018-02-02not yet calculatedCVE-2018-6575
EXPLOIT-DB
joomla! -- joomla!
 		Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.2018-02-05not yet calculatedCVE-2018-6610
EXPLOIT-DB
joomla! -- joomla!
 		Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company."2018-02-06not yet calculatedCVE-2015-3619
CONFIRM
MISC
CONFIRM
kaspersky -- secure_mail_gateway
 		Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.2018-02-06not yet calculatedCVE-2018-6289
CONFIRM
kaspersky -- secure_mail_gateway
 		WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.2018-02-06not yet calculatedCVE-2018-6291
CONFIRM
kaspersky -- secure_mail_gateway
 		Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.2018-02-06not yet calculatedCVE-2018-6290
CONFIRM
kaspersky -- secure_mail_gateway
 		Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.2018-02-06not yet calculatedCVE-2018-6288
CONFIRM
kddi -- anshin_net_security_for_windows
 		Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-02-08not yet calculatedCVE-2018-0517
JVN
kde -- plasma_workspace
 		An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.2018-02-06not yet calculatedCVE-2018-6790
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kde -- plasma_workspace
 		An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.2018-02-06not yet calculatedCVE-2018-6791
CONFIRM
CONFIRM
konakart -- konakart_ecommerce_platform
 		Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server.2018-02-03not yet calculatedCVE-2017-17108
BUGTRAQ
krzysztof_kowalczyk -- sumatrapdf
 		Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.2018-02-08not yet calculatedCVE-2013-2830
MISC
libgcrypt -- libgcrypt
 		cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.2018-02-07not yet calculatedCVE-2018-6829
MISC
MISC
MISC
libreoffice -- libreoffice
 		LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.2018-02-09not yet calculatedCVE-2018-6871
MISC
libwebm -- libwebm
 		A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.2018-02-02not yet calculatedCVE-2018-6548
MISC
MISC
limesurvey -- limesurvey
 		LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.2018-02-09not yet calculatedCVE-2018-1000053
CONFIRM
linux -- linux_kernel
 		The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.2018-02-09not yet calculatedCVE-2014-8171
REDHAT
REDHAT
REDHAT
REDHAT
BID
CONFIRM
linux -- linux_kernel
 		Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..2018-02-09not yet calculatedCVE-2018-1000026
MLIST
MLIST
MISC
linux -- linux_kernel
 		Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.2018-02-09not yet calculatedCVE-2018-1000028
CONFIRM
mailbutler -- shimo_for_macos
 		In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.2018-02-07not yet calculatedCVE-2018-6823
MISC
malwarefox -- antimalware
 		An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.2018-02-03not yet calculatedCVE-2018-6593
MISC
EXPLOIT-DB
malwarefox -- antimalware
 		An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.2018-02-03not yet calculatedCVE-2018-6606
MISC
mantisbt -- mantisbt
 		view_all_bug_page.php in MantisBT before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.2018-02-02not yet calculatedCVE-2018-6526
MISC
march-hare -- wincvs
 		March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.2018-02-05not yet calculatedCVE-2018-6461
CONFIRM
marked_2 --marked_2
 		Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls.2018-02-07not yet calculatedCVE-2018-6806
MISC
MISC
mautic -- mautic
 		Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.2018-02-09not yet calculatedCVE-2017-1000506
CONFIRM
mcholste -- enterprise_log_search_and_archive
 		mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via the type, name, and value parameters of /Query/set_preference and the name and value parameters of /Query/preference. Payload executed when the user visits the index view (/).2018-02-09not yet calculatedCVE-2018-1000029
CONFIRM
micro_focus -- fortify_audit_workbench_and_fortify_software_security_center
 		XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.2018-02-02not yet calculatedCVE-2018-6486
BID
CONFIRM
micropoint -- proactive_defense_software
 		In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000014c.2018-02-05not yet calculatedCVE-2018-6630
MISC
micropoint -- proactive_defense_software
 		In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000010c.2018-02-05not yet calculatedCVE-2018-6628
MISC
micropoint -- proactive_defense_software
 		In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110009.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000170.2018-02-05not yet calculatedCVE-2018-6631
MISC
micropoint -- proactive_defense_software
 		In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000035.2018-02-05not yet calculatedCVE-2018-6626
MISC
micropoint -- proactive_defense_software
 		In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000110.2018-02-05not yet calculatedCVE-2018-6632
MISC
micropoint -- proactive_defense_software
 		In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038.2018-02-05not yet calculatedCVE-2018-6633
MISC
micropoint -- proactive_defense_software
 		In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000118.2018-02-05not yet calculatedCVE-2018-6629
MISC
microsoft -- internet_explorer
 		Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806.2018-02-08not yet calculatedCVE-2014-4066
MS
microsoft -- internet_explorer
 		Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145.2018-02-08not yet calculatedCVE-2014-8985
MS
microsoft -- internet_explorer
 		Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304.2018-02-08not yet calculatedCVE-2014-4112
MS
microsoft -- internet_explorer
 		Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985.2018-02-08not yet calculatedCVE-2014-4145
MS
mini_httpd -- mini_httpd
 		The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.2018-02-06not yet calculatedCVE-2017-17663
CONFIRM
monstra -- monstra_cms
 		Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.2018-02-02not yet calculatedCVE-2018-6550
CONFIRM
CONFIRM
mybb -- mybb
 		MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.2018-02-08not yet calculatedCVE-2018-6844
MISC
nagios -- business_process_intelligence
 		Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.2018-02-06not yet calculatedCVE-2015-3618
CONFIRM
MISC
nasa -- kodiak
 		NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library.2018-02-09not yet calculatedCVE-2018-1000047
MISC
nasa -- pyblock
 		NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4.2018-02-09not yet calculatedCVE-2018-1000046
CONFIRM
nasa -- rtretrievalframework
 		NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file.2018-02-09not yet calculatedCVE-2018-1000048
MISC
nasa -- singledop
 		NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1.2018-02-09not yet calculatedCVE-2018-1000045
CONFIRM
nitro_software -- nitro_pro_and_nitro_reader
 		Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.2018-02-08not yet calculatedCVE-2013-3553
MISC
nitro_software -- nitro_pro_and_nitro_reader
 		Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.2018-02-08not yet calculatedCVE-2013-3552
MISC
odoo -- odoo
 		Odoo does not require authentication to be configured for a Backup Database action.2018-02-04not yet calculatedCVE-2018-6620
MISC
omron -- ns_devices
 		OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.2018-02-05not yet calculatedCVE-2018-6624
MISC
openemr -- openemr
 		OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.2018-02-09not yet calculatedCVE-2018-1000019
CONFIRM
MISC
openemr -- openemr
 		OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.2018-02-09not yet calculatedCVE-2018-1000020
CONFIRM
MISC
openjpeg -- openjpeg
 		In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.2018-02-04not yet calculatedCVE-2018-6616
MISC
openmpt -- openmpt
 		soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.2018-02-04not yet calculatedCVE-2018-6611
CONFIRM
CONFIRM
openvms -- openvms
 		An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation.2018-02-07not yet calculatedCVE-2017-17482
MISC
MISC
MISC
php -- php
 		In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.2018-02-09not yet calculatedCVE-2016-10712
CONFIRM
CONFIRM
php_scripts_mall -- doctor_search_scriptPHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.2018-02-07not yet calculatedCVE-2018-6655
EXPLOIT-DB
php_scripts_mall -- hot_scripts_clone_script_classifiedCross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.2018-02-09not yet calculatedCVE-2018-6878
EXPLOIT-DB
php_scripts_mall -- multilanguage_real_estate_mlm_scriptPHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.2018-02-07not yet calculatedCVE-2018-6796
EXPLOIT-DB
php_scripts_mall -- naukri_clone_scriptPHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.2018-02-07not yet calculatedCVE-2018-6795
EXPLOIT-DB
postgresql -- postgresql
 		In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.2018-02-09not yet calculatedCVE-2018-1053
CONFIRM
postgresql -- postgresql
 		Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.2018-02-09not yet calculatedCVE-2018-1052
CONFIRM
project-pier -- projectpier-core
 		Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.2018-02-02not yet calculatedCVE-2015-2796
CONFIRM
CONFIRM
promise_technology -- webpam_pro-e_devices
 		Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.2018-02-07not yet calculatedCVE-2018-6603
MISC
puppet -- puppet_agentIn previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.42018-02-09not yet calculatedCVE-2017-10690
CONFIRM
puppet -- puppet_agentIn previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.2018-02-09not yet calculatedCVE-2017-10689
CONFIRM
puppet -- puppet_enterprisePuppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.2018-02-09not yet calculatedCVE-2018-6508
CONFIRM
purevpn -- purevpn
 		In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.2018-02-07not yet calculatedCVE-2018-6822
MISC
pycrypto -- pycryptolib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.2018-02-03not yet calculatedCVE-2018-6594
MISC
MISC
python -- python
 		Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.2018-02-08not yet calculatedCVE-2018-1000030
CONFIRM
MISC
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4316.2018-02-08not yet calculatedCVE-2017-17658
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230.2018-02-08not yet calculatedCVE-2017-17419
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4238.2018-02-08not yet calculatedCVE-2017-17652
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225.2018-02-08not yet calculatedCVE-2017-17414
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4292.2018-02-08not yet calculatedCVE-2017-17656
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4294.2018-02-08not yet calculatedCVE-2017-17657
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4237.2018-02-08not yet calculatedCVE-2017-17425
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215.2018-02-08not yet calculatedCVE-2018-1161
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4226.2018-02-08not yet calculatedCVE-2017-17415
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4229.2018-02-08not yet calculatedCVE-2017-17418
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4234.2018-02-08not yet calculatedCVE-2017-17423
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4231.2018-02-08not yet calculatedCVE-2017-17420
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4287.2018-02-08not yet calculatedCVE-2017-17654
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4224.2018-02-08not yet calculatedCVE-2017-17413
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4906.2018-02-08not yet calculatedCVE-2017-17659
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233.2018-02-08not yet calculatedCVE-2017-17422
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within the handling of Export requests. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to arbitrarily overwrite files resulting in a denial-of-service condition. Was ZDI-CAN-4222.2018-02-08not yet calculatedCVE-2018-1162
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.2018-02-08not yet calculatedCVE-2017-17417
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4232.2018-02-08not yet calculatedCVE-2017-17421
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the underlying database. Was ZDI-CAN-4223.2018-02-08not yet calculatedCVE-2017-17412
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286.2018-02-08not yet calculatedCVE-2017-17653
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752.2018-02-08not yet calculatedCVE-2018-1163
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4227.2018-02-08not yet calculatedCVE-2017-17416
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4289.2018-02-08not yet calculatedCVE-2017-17655
MISC
quest -- netvault_backup
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4235.2018-02-08not yet calculatedCVE-2017-17424
MISC
redcap -- redcap
 		A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.2018-02-08not yet calculatedCVE-2017-7351
MISC
ring -- video_doorbells
 		Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.2018-02-06not yet calculatedCVE-2015-4400
MISC
MISC
MISC
ruby -- ruby
 		BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.2018-02-05not yet calculatedCVE-2015-4412
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
MISC
saifor -- cvms_hub
 		Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:filter. The GET parameter is nombreAgente.2018-02-06not yet calculatedCVE-2018-6792
MISC
sandstorm -- sandstorm
 		A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.2018-02-06not yet calculatedCVE-2017-6201
MISC
CONFIRM
CONFIRM
sandstorm -- sandstorm
 		A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.2018-02-06not yet calculatedCVE-2017-6199
MISC
MISC
CONFIRM
CONFIRM
sandstorm -- sandstorm
 		The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.2018-02-06not yet calculatedCVE-2017-6198
MISC
MISC
sandstorm -- sandstorm
 		Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.2018-02-06not yet calculatedCVE-2017-6200
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
sblim -- small_footprint_cim_broker
 		SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.2018-02-08not yet calculatedCVE-2018-6644
MLIST
security_onion_solutions -- squert
 		Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0.2018-02-09not yet calculatedCVE-2018-1000044
CONFIRM
security_onion_solutions -- squert
 		Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0.2018-02-09not yet calculatedCVE-2018-1000043
CONFIRM
security_onion_solutions -- squert
 		Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0.2018-02-09not yet calculatedCVE-2018-1000042
CONFIRM
sensu -- sensu_core
 		Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.2018-02-09not yet calculatedCVE-2018-1000060
CONFIRM
CONFIRM
simplesamlphp -- simplesamlphpThe consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.2018-02-02not yet calculatedCVE-2017-18121
CONFIRM
simplesamlphp -- simplesamlphp
 		A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.2018-02-02not yet calculatedCVE-2017-18122
CONFIRM
snapd -- snapd
 		In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.2018-02-02not yet calculatedCVE-2017-14178
CONFIRM
CONFIRM
CONFIRM
sonatype -- nexus_repository_manager
 		Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.2018-02-09not yet calculatedCVE-2018-5306
FULLDISC
CONFIRM
MISC
sonatype -- nexus_repository_manager
 		Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.2018-02-09not yet calculatedCVE-2018-5307
FULLDISC
CONFIRM
MISC
sophos -- tester_tool
 		In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.2018-02-02not yet calculatedCVE-2018-6318
MISC
sophos -- tester_tool
 		In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.2018-02-02not yet calculatedCVE-2018-6319
MISC

squid_software_foundation -- squid_http_caching_proxy


 		The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.2018-02-09not yet calculatedCVE-2018-1000024
CONFIRM
MISC
squid_software_foundation -- squid_http_caching_proxy
 		The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.2018-02-09not yet calculatedCVE-2018-1000027
CONFIRM
CONFIRM
CONFIRM
CONFIRM
stb_vorbis -- stb_vorbis
 		Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.2018-02-09not yet calculatedCVE-2018-1000050
CONFIRM
subsonic -- subsonic
 		Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.2018-02-05not yet calculatedCVE-2017-9414
MISC
MISC
EXPLOIT-DB
suricata -- suricata
 		Suricata before 4.1 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.2018-02-07not yet calculatedCVE-2018-6794
CONFIRM
CONFIRM
synacor -- zimbra_collaboration_suite
 		Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.2018-02-03not yet calculatedCVE-2017-17703
CONFIRM
CONFIRM
synacor -- zimbra_collaboration_suite
 		Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.2018-02-03not yet calculatedCVE-2017-8783
CONFIRM
CONFIRM
CONFIRM
CONFIRM
the_masha_brand -- online_voting_system
 		A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.2018-02-08not yet calculatedCVE-2018-6180
MISC
EXPLOIT-DB
tiki_wiki -- cms_groupware
 		tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.2018-02-06not yet calculatedCVE-2016-7394
CONFIRM
trend_micro -- control_managerXXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3607
CONFIRM
MISC
MISC
MISC
trend_micro -- control_manager
 		An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3602
CONFIRM
MISC
trend_micro -- control_manager
 		A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3603
CONFIRM
MISC
trend_micro -- control_manager
 		A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3601
CONFIRM
MISC
trend_micro -- control_manager
 		A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3600
CONFIRM
MISC
trend_micro -- control_manager
 		GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3604
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
trend_micro -- control_manager
 		TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3605
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
trend_micro -- control_manager
 		XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.2018-02-09not yet calculatedCVE-2018-3606
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
twitter -- twitter_kit_for_ios
 		Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.2018-02-09not yet calculatedCVE-2017-0911
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
unbit -- uwsgi
 		The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.2018-02-06not yet calculatedCVE-2018-6758
MISC
MISC
uncurl -- uncurl
 		In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions.2018-02-05not yet calculatedCVE-2018-6651
CONFIRM
CONFIRM
validformbuilder -- validformbuilder
 		ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system.2018-02-09not yet calculatedCVE-2018-1000059
CONFIRM
vobot -- vobot_clock
 		An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response.2018-02-09not yet calculatedCVE-2018-6826
MISC
vobot -- vobot_clock
 		An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access.2018-02-09not yet calculatedCVE-2018-6825
MISC
vobot -- vobot_clock
 		VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option.2018-02-09not yet calculatedCVE-2018-6827
MISC
vyaire_medical -- carefusion_upgrade_utility_used_with_windows_xp_systems
 		A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.2018-02-06not yet calculatedCVE-2018-5457
MISC
watchdog -- anti-malware
 		In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.2018-02-05not yet calculatedCVE-2018-6627
MISC
watchdog -- anti-malware
 		In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.2018-02-05not yet calculatedCVE-2018-6625
MISC
wavpack -- wavpack
 		A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.2018-02-06not yet calculatedCVE-2018-6767
CONFIRM
CONFIRM
CONFIRM
web2py -- web2py
 		web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.2018-02-06not yet calculatedCVE-2016-3954
MISC
web2py -- web2py
 		The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.2018-02-06not yet calculatedCVE-2016-3953
MISC
MISC
web2py -- web2py
 		The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.2018-02-06not yet calculatedCVE-2016-3957
MISC
MISC
web2py -- web2py
 		web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access.2018-02-06not yet calculatedCVE-2016-3952
MISC
CONFIRM
west_wind -- web_server
 		West Wind Web Server 6.x does not require authentication for /ADMIN.ASP.2018-02-05not yet calculatedCVE-2018-6569
MISC
wireshark -- wireshark
 		The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-02-08not yet calculatedCVE-2018-6836
MISC
MISC
MISC
MISC
wondercms -- wondercms
 		WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.2018-02-09not yet calculatedCVE-2018-1000062
CONFIRM
CONFIRM
wordpress -- wordpress
 		The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.2018-02-06not yet calculatedCVE-2018-6467
MISC
wordpress -- wordpress
 		In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.2018-02-06not yet calculatedCVE-2018-6389
MISC
MISC
MISC
MISC
EXPLOIT-DB
wordpress -- wordpress
 		A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.2018-02-06not yet calculatedCVE-2018-6468
MISC
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.2018-02-08not yet calculatedCVE-2015-2329
MISC
CONFIRM
wordpress -- wordpress
 		Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-02-08not yet calculatedCVE-2018-0513
CONFIRM
JVN
wordpress -- wordpress
 		A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.2018-02-06not yet calculatedCVE-2018-6469
MISC
wordpress -- wordpress
 		Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.2018-02-05not yet calculatedCVE-2015-4179
MLIST
MLIST
MLIST
wordpress -- wordpress
 		A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.2018-02-06not yet calculatedCVE-2018-6466
MISC
z-blogphp -- z-blogphp
 		Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.2018-02-06not yet calculatedCVE-2018-6656
MISC
MISC
z-blogphp -- z-blogphp
 		Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php.2018-02-08not yet calculatedCVE-2018-6846
CONFIRM
zoho -- manageengine_ad_manager_plus
 		/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.2018-02-07not yet calculatedCVE-2017-17552
MISC
zziplib -- zziplib
 		In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6541
MISC
zziplib -- zziplib
 		In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.2018-02-02not yet calculatedCVE-2018-6542
MISC
zziplib -- zziplib
 		In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6540
MISC
zziplib -- zziplib
 		In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-09not yet calculatedCVE-2018-6869
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Viewing all 3440 articles
Browse latest View live
Search