|
|
|||||||
| Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
  |
|
|
Thread Tools | Display Modes |
|
#1
02-27-2018, 07:08 AM
|
||||
|
||||
SB18-057: Vulnerability Summary for the Week of February 19, 2018
SB18-057: Vulnerability Summary for the Week of February 19, 2018
02-25-2018 09:12 PM Original release date: February 26, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb -- microscada *This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.2018-02-21not yet calculatedCVE-2018-1168 CONFIRM MISCabb -- netcadops_web_application *An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.2018-02-20not yet calculatedCVE-2018-5477 BID MISCadobe -- shockwave_player *Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759.2018-02-19not yet calculatedCVE-2012-0771 CONFIRManchor -- anchor *An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.2018-02-19not yet calculatedCVE-2018-7251 MISC MISCapache -- juddi *The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.2018-02-19not yet calculatedCVE-2009-4267 CONFIRM MLISTapache -- karaf *Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.2018-02-19not yet calculatedCVE-2016-8750 BID CONFIRMapache -- oozie *Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.2018-02-19not yet calculatedCVE-2017-15712 BID MLISTapache -- qpid *The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.2018-02-21not yet calculatedCVE-2015-0203 BID REDHAT CONFIRM MISCapache -- tomcat *Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.2018-02-23not yet calculatedCVE-2018-1305 MISCapache -- vcl *The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.2018-02-21not yet calculatedCVE-2013-0267 CONFIRM MLISTapexis -- apm-h803-mpc_software *An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege.2018-02-19not yet calculatedCVE-2017-17101 MISCapexis -- apm_j601_ws *Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.2018-02-19not yet calculatedCVE-2014-3972 MISCapngdis -- apngdis *Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.2018-02-20not yet calculatedCVE-2017-6193 BID EXPLOIT-DB EXPLOIT-DB MISCapngdis -- apngdis *Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.2018-02-20not yet calculatedCVE-2017-6192 BID EXPLOIT-DB EXPLOIT-DB MISCapple -- cups *A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).2018-02-16not yet calculatedCVE-2017-18190 MISC MISC MLISTarmadito -- armadito *An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.2018-02-21not yet calculatedCVE-2018-7289 MISCasterisk -- asterisk *An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).2018-02-21not yet calculatedCVE-2018-7287 CONFIRM SECTRACK CONFIRMasterisk -- asterisk *A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.2018-02-21not yet calculatedCVE-2018-7284 CONFIRM SECTRACKasterisk -- asterisk *A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.2018-02-21not yet calculatedCVE-2018-7285 CONFIRM SECTRACKasterisk -- asterisk *An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.2018-02-21not yet calculatedCVE-2018-7286 CONFIRM SECTRACK CONFIRMatlassian -- crucible *The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.2018-02-19not yet calculatedCVE-2017-18092 BID CONFIRMatlassian -- crucible *The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.2018-02-16not yet calculatedCVE-2017-18089 BID CONFIRMatlassian -- crucible *The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.2018-02-19not yet calculatedCVE-2017-18095 CONFIRMatlassian -- fisheye *Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.2018-02-16not yet calculatedCVE-2017-18090 BID CONFIRMatlassian -- floodlight_controller *Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.2018-02-21not yet calculatedCVE-2015-6569 CONFIRM CONFIRMatlassian -- multiple_products *Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.2018-02-19not yet calculatedCVE-2017-18093 BID CONFIRM CONFIRMatlassian -- multiple_products *The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.2018-02-16not yet calculatedCVE-2017-18091 BID CONFIRM CONFIRMcactus_vpn -- cactus_vpn *CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.2018-02-21not yet calculatedCVE-2018-7281 MISCcarbon_black -- carbon_black *A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.2018-02-19not yet calculatedCVE-2016-9568 MISCcisco -- data_center_analytics_framework *A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105.2018-02-21not yet calculatedCVE-2018-0145 CONFIRMcisco -- data_center_analytics_framework *A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could exploit this vulnerability by persuading a user of the affected application to click a malicious link. A successful exploit could allow the attacker to submit arbitrary requests and take unauthorized actions on behalf of the user. Cisco Bug IDs: CSCvg45114.2018-02-21not yet calculatedCVE-2018-0146 CONFIRMcisco -- elastic_services_controller *A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the web-based service portal of an affected system. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg30884.2018-02-21not yet calculatedCVE-2018-0130 BID CONFIRMcisco -- elastic_services_controller *A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal. A successful exploit could allow the attacker to bypass authentication and gain administrator privileges for the web-based service portal of the affected software. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg29809.2018-02-21not yet calculatedCVE-2018-0121 BID CONFIRMcisco -- jabber_client_framework *A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989.2018-02-21not yet calculatedCVE-2018-0199 SECTRACK CONFIRMcisco -- jabber_client_framework *A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001.2018-02-21not yet calculatedCVE-2018-0201 SECTRACK CONFIRMcisco -- multiple_products *A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.2018-02-21not yet calculatedCVE-2018-0148 SECTRACK CONFIRMcisco -- orime_service_catalog *A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh65713.2018-02-21not yet calculatedCVE-2018-0200 SECTRACK CONFIRMcisco -- prime_collaboration_provisioning_tool *A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by using a brute-force attack (Repeated Bad Login Attempts). A successful exploit could allow the attacker to restrict user access. Manual administrative intervention is required to restore access. Cisco Bug IDs: CSCvd07264.2018-02-21not yet calculatedCVE-2018-0204 SECTRACK CONFIRMcisco -- prime_collaboration_provisioning_tool *A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by placing a malicious string in the Prime Collaboration Provisioning database. A successful exploit could allow the attacker to access Cisco Prime Collaboration Provisioning by injecting crafted data into the database. Cisco Bug IDs: CSCvd86609.2018-02-21not yet calculatedCVE-2018-0205 SECTRACK CONFIRMcisco -- unified_communications_customer_voice_portal *A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560.2018-02-21not yet calculatedCVE-2018-0139 SECTRACK CONFIRMcisco -- unified_communications_domain_manager *A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964.2018-02-21not yet calculatedCVE-2018-0124 BID SECTRACK CONFIRMcisco -- unified_communications_manager *A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815.2018-02-21not yet calculatedCVE-2018-0206 SECTRACK CONFIRMcisco -- unity_connection *A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215.2018-02-21not yet calculatedCVE-2018-0203 SECTRACK CONFIRMcodeigniter -- codeigniter *The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.2018-02-21not yet calculatedCVE-2013-4891 CONFIRM MISC CONFIRMcodeigniter -- codeigniter *SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.2018-02-21not yet calculatedCVE-2015-5725 CONFIRM CONFIRM CONFIRM CONFIRMcombodo -- itop *Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.2018-02-20not yet calculatedCVE-2015-6544 CONFIRM CONFIRM MISCconverse.js_inverse.js -- converse.js_inverse.js *Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.2018-02-19not yet calculatedCVE-2018-6591 MISCd-link -- dir-600m_c1 *Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.2018-02-21not yet calculatedCVE-2018-6936 MISCdanwin -- danwin_hosting *A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.2018-02-21not yet calculatedCVE-2018-7308 MISC MISCdatto -- multiple_products *Datto ALTO and SIRIS devices have a default VNC password.2018-02-20not yet calculatedCVE-2015-9254 MISCdatto -- multiple_products *Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.2018-02-20not yet calculatedCVE-2015-9256 MISCdatto -- multiple_products *Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.2018-02-20not yet calculatedCVE-2015-2081 MISCdatto -- multiple_products *Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.2018-02-20not yet calculatedCVE-2015-9255 MISCdotcms -- dotcms *SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.2018-02-19not yet calculatedCVE-2016-10008 MISCdotcms -- dotcms *SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.2018-02-19not yet calculatedCVE-2016-10007 MISCepic -- mychart *SQL injection vulnerability in EPIC MyChart allows remote attackers to execute arbitrary SQL commands via the topic parameter to help.asp.2018-02-20not yet calculatedCVE-2016-6272 MISC EXPLOIT-DBeq-3 -- homematic_ccu2 *eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.2018-02-22not yet calculatedCVE-2018-7301 MISCeq-3 -- homematic_ccu2 *Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.2018-02-22not yet calculatedCVE-2018-7297 MISCeq-3 -- homematic_ccu2 *In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise.2018-02-22not yet calculatedCVE-2018-7298 MISCeq-3 -- homematic_ccu2 *Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.2018-02-22not yet calculatedCVE-2018-7296 MISCeq-3 -- homematic_ccu2 *Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.2018-02-22not yet calculatedCVE-2018-7300 MISCeq-3 -- homematic_ccu2 *Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.2018-02-22not yet calculatedCVE-2018-7299 MISCfllight_sim_labs -- fllight_sim_labs *The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.2018-02-19not yet calculatedCVE-2018-7259 MISC MISC MISCforgerock -- forgerock_am *The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.2018-02-20not yet calculatedCVE-2018-7272 MISC MISCfreexl -- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.2018-02-23not yet calculatedCVE-2018-7438 MISC MISCfreexl -- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.2018-02-23not yet calculatedCVE-2018-7436 MISC MISCfreexl -- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.2018-02-23not yet calculatedCVE-2018-7439 MISC MISCfreexl -- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.2018-02-23not yet calculatedCVE-2018-7437 MISC MISCfreexl -- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.2018-02-23not yet calculatedCVE-2018-7435 MISC MISCfuji_soft_incorporated -- fs010w Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-23not yet calculatedCVE-2018-0519 JVNfuji_soft_incorporated -- fs010w *Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.2018-02-23not yet calculatedCVE-2018-0520 JVNge -- d60_line_distance_relay_devices *A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution.2018-02-19not yet calculatedCVE-2018-5475 BID MISCge -- d60_line_distance_relay_devices *An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.2018-02-19not yet calculatedCVE-2018-5473 BID MISCgnu -- binutils *In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.2018-02-17not yet calculatedCVE-2018-7208 BID CONFIRMgnu -- libcdio *realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.2018-02-24not yet calculatedCVE-2017-18199 CONFIRM CONFIRMgnu -- libcdio *print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.2018-02-24not yet calculatedCVE-2017-18198 CONFIRM CONFIRMgo -- go *The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.2018-02-16not yet calculatedCVE-2018-7187 CONFIRMgoogle -- android *smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.2018-02-20not yet calculatedCVE-2017-18192 MISCgoogle -- android *The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.2018-02-20not yet calculatedCVE-2017-16835 MISChamayeshnegar_cms --*hamayeshnegar_cms *SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.2018-02-22not yet calculatedCVE-2017-18194 MISChostapd -- hostapd *The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.2018-02-21not yet calculatedCVE-2015-5314 CONFIRM MLIST UBUNTU DEBIANhostapd -- hostapd *The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.2018-02-21not yet calculatedCVE-2015-5315 CONFIRM MLIST UBUNTU DEBIANhostapd -- hostapd *The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.2018-02-21not yet calculatedCVE-2015-5316 CONFIRM MLIST BID UBUNTU DEBIANibm -- financial_transaction_manager *IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376.2018-02-22not yet calculatedCVE-2018-1391 CONFIRM MISCibm -- financial_transaction_manager *IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859.2018-02-21not yet calculatedCVE-2017-1758 CONFIRM CONFIRM CONFIRM MISCibm -- financial_transaction_manager *IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.2018-02-22not yet calculatedCVE-2018-1392 CONFIRM MISCibm -- forms_experience_builder *XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088.2018-02-21not yet calculatedCVE-2016-0369 CONFIRM XFibm -- j9_jvm *Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for Java Technology 6.0, 6.1, 7.0, 7.1, and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.2018-02-22not yet calculatedCVE-2018-1417 SECTRACK MISC CONFIRMibm -- maximo_anywhere *IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132851.2018-02-21not yet calculatedCVE-2017-1604 CONFIRM MISCibm -- maximo_asset_management *IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821.2018-02-22not yet calculatedCVE-2018-1415 CONFIRM MISCibm -- maximo_asset_management *IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.2018-02-22not yet calculatedCVE-2018-1414 CONFIRM MISCibm -- notes_diagnostics *IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.2018-02-19not yet calculatedCVE-2018-1411 CONFIRM CONFIRM MISCibm -- notes_diagnostics *IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.2018-02-19not yet calculatedCVE-2018-1409 CONFIRM CONFIRM MISCibm -- notes_diagnostics *IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.2018-02-19not yet calculatedCVE-2018-1410 CONFIRM CONFIRM MISCibm -- rhapsody_dm *IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461.2018-02-21not yet calculatedCVE-2017-1462 CONFIRM SECTRACK MISCibm -- security_identity_manager_virtual_appliance *IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890.2018-02-21not yet calculatedCVE-2016-0351 CONFIRM XFibm -- security_identity_manager_virtual_appliance *IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072.2018-02-21not yet calculatedCVE-2016-0367 CONFIRM XFibm -- security_identity_manager_virtual_appliance *IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071.2018-02-21not yet calculatedCVE-2016-0366 CONFIRM XFibm -- tririga *IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784.2018-02-21not yet calculatedCVE-2016-0343 CONFIRM XFibm -- tririga *Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785.2018-02-21not yet calculatedCVE-2016-0344 XF CONFIRMibm -- tririga *Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.2018-02-21not yet calculatedCVE-2016-0348 XFibm -- tririga *IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786.2018-02-21not yet calculatedCVE-2016-0345 XF CONFIRMidashbboards -- idashboards *An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials.2018-02-17not yet calculatedCVE-2018-7211 MISCidashbboards -- idashboards *An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts.2018-02-17not yet calculatedCVE-2018-7210 MISCidashbboards -- idashboards *An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports.2018-02-17not yet calculatedCVE-2018-7209 MISCimagemagick -- imagemagick *The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).2018-02-23not yet calculatedCVE-2018-7443 MISCinsteon -- insteon_for_hub_android_app *In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.2018-02-22not yet calculatedCVE-2017-5250 MISCinsteon -- insteon_hub *In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.2018-02-22not yet calculatedCVE-2017-5251 MISCjenkins -- jenkins *An issue was discovered in the Extended Choice Parameter (aka extended-choice-parameter) plugin 0.64 for Jenkins 2.89.3. The PATH_INFO filename is vulnerable to path traversal attacks via ..\ sequences to the /plugin/extended-choice-parameter/js/ URI.2018-02-20not yet calculatedCVE-2018-6356 MLIST BID CONFIRMjoomla! -- joomla!SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.2018-02-17not yet calculatedCVE-2018-6396 BID EXPLOIT-DBjoomla! -- joomla!SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.2018-02-17not yet calculatedCVE-2018-5980 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.2018-02-17not yet calculatedCVE-2018-7177 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.2018-02-17not yet calculatedCVE-2018-5989 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.2018-02-17not yet calculatedCVE-2018-7180 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.2018-02-22not yet calculatedCVE-2018-7318 EXPLOIT-DBjoomla! -- joomla! *Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.2018-02-22not yet calculatedCVE-2018-7317 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.2018-02-17not yet calculatedCVE-2018-6584 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.2018-02-17not yet calculatedCVE-2018-7178 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.2018-02-17not yet calculatedCVE-2018-7179 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.2018-02-22not yet calculatedCVE-2018-7314 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.2018-02-17not yet calculatedCVE-2018-5975 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.2018-02-17not yet calculatedCVE-2018-5981 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.2018-02-17not yet calculatedCVE-2018-5983 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.2018-02-17not yet calculatedCVE-2018-5982 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.2018-02-17not yet calculatedCVE-2018-5974 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.2018-02-17not yet calculatedCVE-2018-5970 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.2018-02-17not yet calculatedCVE-2018-5987 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.2018-02-17not yet calculatedCVE-2018-6585 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.2018-02-17not yet calculatedCVE-2018-5971 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.2018-02-17not yet calculatedCVE-2018-6372 EXPLOIT-DBjoomla! -- joomla! *Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.2018-02-20not yet calculatedCVE-2017-16356 MISC EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.2018-02-18not yet calculatedCVE-2018-6024 MISC EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.2018-02-17not yet calculatedCVE-2018-6006 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.2018-02-17not yet calculatedCVE-2018-6004 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.2018-02-17not yet calculatedCVE-2018-5991 EXPLOIT-DBjoomla! -- joomla! *Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.2018-02-22not yet calculatedCVE-2018-7316 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.2018-02-22not yet calculatedCVE-2018-7313 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.2018-02-17not yet calculatedCVE-2018-6583 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.2018-02-22not yet calculatedCVE-2018-7315 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.2018-02-17not yet calculatedCVE-2018-6368 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.2018-02-17not yet calculatedCVE-2018-5990 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.2018-02-17not yet calculatedCVE-2018-5992 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.2018-02-22not yet calculatedCVE-2018-7319 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.2018-02-22not yet calculatedCVE-2018-7312 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.2018-02-17not yet calculatedCVE-2018-6394 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.2018-02-17not yet calculatedCVE-2018-6373 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.2018-02-17not yet calculatedCVE-2018-6005 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.2018-02-17not yet calculatedCVE-2018-5993 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.2018-02-17not yet calculatedCVE-2018-6370 EXPLOIT-DBjoomla! -- joomla! *SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.2018-02-17not yet calculatedCVE-2018-5994 EXPLOIT-DBjoyent -- smartos *This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984.2018-02-21not yet calculatedCVE-2018-1166 CONFIRM MISCjoyent -- smartos *This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.2018-02-21not yet calculatedCVE-2018-1165 CONFIRM MISCjuniper -- appformix_agent *A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: all versions of 2.7; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue.2018-02-22not yet calculatedCVE-2018-0015 CONFIRMkeyclock -- keycloak *It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.2018-02-21not yet calculatedCVE-2017-12161 CONFIRM CONFIRMleptonica -- leptonica *An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.2018-02-23not yet calculatedCVE-2018-7440 MISCleptonica -- leptonica *An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.2018-02-19not yet calculatedCVE-2018-7247 MISCleptonica -- leptonica *An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.2018-02-23not yet calculatedCVE-2018-7442 MISCleptonica -- leptonica *Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.2018-02-16not yet calculatedCVE-2018-7186 MISC MISC MISCleptonica -- leptonica *Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.2018-02-23not yet calculatedCVE-2017-18196 MISCleptonica -- leptonica *Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.2018-02-23not yet calculatedCVE-2018-7441 MISClibid3tag -- libid3tag *id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).2018-02-20not yet calculatedCVE-2004-2779 MISC MISC MISClibtiff -- libtiff *A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)2018-02-24not yet calculatedCVE-2018-7456 MISC MISClibvirt -- libvirt *util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.2018-02-23not yet calculatedCVE-2018-6764 UBUNTU MLISTlibvncserver -- libvncserverAn issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.2018-02-19not yet calculatedCVE-2018-7226 MISC MISClibvncserver -- libvncserver *An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.2018-02-19not yet calculatedCVE-2018-7225 MISC BID MISClibxml2 -- libxml2 *A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).2018-02-19not yet calculatedCVE-2017-7375 BID SECTRACK CONFIRM CONFIRM CONFIRM GENTOO CONFIRM DEBIANlibxml2 -- libxml2 *Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.2018-02-19not yet calculatedCVE-2017-7376 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM DEBIANlinux -- linux_kernel *fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.2018-02-22not yet calculatedCVE-2017-18193 MISC MISClinux -- linux_kernel *In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.2018-02-20not yet calculatedCVE-2018-7273 BID MISClutron -- quantum_bacnet_integration *An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.2018-02-20not yet calculatedCVE-2018-7276 MISCmahara -- mahara *Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.2018-02-20not yet calculatedCVE-2017-17455 MISC CONFIRM CONFIRMmahara -- mahara *Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.2018-02-20not yet calculatedCVE-2017-17454 MISC CONFIRM CONFIRMmanageengine -- desktop_central_msp *Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data//collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.2018-02-18not yet calculatedCVE-2017-16924 MISC MISCmetinfo -- metinfo *An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.2018-02-20not yet calculatedCVE-2018-7271 MISCmicro_focus -- project_and_portfolio_management_center *XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)2018-02-22not yet calculatedCVE-2018-6489 CONFIRMmicro_focus -- universal_cmdb_foundation_software *Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.2018-02-20not yet calculatedCVE-2018-6487 CONFIRMmicro_focus -- universal_cmdb *Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.2018-02-22not yet calculatedCVE-2018-6488 CONFIRMmojoportal -- mojoportal *mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable.2018-02-23not yet calculatedCVE-2018-7447 MISCmp4v2 -- mp4v2 *The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.2018-02-23not yet calculatedCVE-2018-7339 MISCmxgraph -- mxgraph *In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.2018-02-23not yet calculatedCVE-2017-18197 CONFIRMmybb -- mybb *MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.2018-02-21not yet calculatedCVE-2018-7305 MISCnat_software -- nat32_router *A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.2018-02-20not yet calculatedCVE-2018-6940 MISC MISC BUGTRAQ EXPLOIT-DBnat_software -- nat32_router *A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.2018-02-20not yet calculatedCVE-2018-6941 MISC MISC EXPLOIT-DBnetapp -- multiple_products *All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.2018-02-23not yet calculatedCVE-2017-15518 MISCnippon_telegraph_and_telephone_east_corporation -- flet's_azukeru_backup_tool *Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-02-16not yet calculatedCVE-2018-0515 MISC JVNnippon_telegraph_and_telephone_east_corporation -- flet's_azukeru_backup_tool *Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-02-16not yet calculatedCVE-2018-0516 MISC JVNnonecms -- nonecms *application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.2018-02-19not yet calculatedCVE-2018-7219 MISCnortek -- linear_emerge_e3 *A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.2018-02-19not yet calculatedCVE-2018-5439 MISCnpm -- npm *An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.2018-02-22not yet calculatedCVE-2018-7408 MISC MISC MISCoctober_cms -- october_cms *October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.2018-02-17not yet calculatedCVE-2018-7198 MISC EXPLOIT-DBopenstack -- nova *An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.0.4. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.2018-02-19not yet calculatedCVE-2017-18191 BID CONFIRM CONFIRMoxid -- eshop_enterprise_edition *An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.2018-02-19not yet calculatedCVE-2018-5763 CONFIRMoxid-- eshop_community_edition *OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option.2018-02-20not yet calculatedCVE-2017-14993 CONFIRM CONFIRMoxid-- eshop_community_edition *OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order.2018-02-20not yet calculatedCVE-2017-12415 CONFIRM CONFIRMphp -- php *An issue was discovered in PHP through 7.2.2. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.2018-02-19not yet calculatedCVE-2015-9253 MISC MISC MISCphpmyadmin -- phpmyadmin *Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2018-02-21not yet calculatedCVE-2018-7260 BID CONFIRM MISC CONFIRMphpscriptsmall.com -- alibaba_clone_script *Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.2018-02-23not yet calculatedCVE-2018-6867 EXPLOIT-DBphpscriptsmall.com -- learning_and_examination_management_system_script *Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.2018-02-23not yet calculatedCVE-2018-6866 EXPLOIT-DBphpscriptsmall.com -- schools_alert_management_script *SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.2018-02-23not yet calculatedCVE-2018-6859 MISCphpscriptsmall.com -- slickdeals_dealnews_groupon_clone_script *Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.2018-02-23not yet calculatedCVE-2018-6868 EXPLOIT-DBpiwigo -- piwigo *Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.2018-02-24not yet calculatedCVE-2018-6883 MISC MISCpluck -- pluck *An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.2018-02-17not yet calculatedCVE-2018-7197 MISCproject_jupyter -- jupyter_hub *An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)2018-02-17not yet calculatedCVE-2018-7206 CONFIRMquagga -- bgpdThe Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.2018-02-19not yet calculatedCVE-2018-5380 CONFIRM CERT-VN CONFIRM MLIST DEBIANquagga -- bgpd *The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.2018-02-19not yet calculatedCVE-2018-5381 CONFIRM CERT-VN CONFIRM MLIST DEBIANquagga -- bgpd *The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.2018-02-19not yet calculatedCVE-2018-5379 CONFIRM CERT-VN BID CONFIRM MLIST DEBIANquagga -- bgpd *The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.2018-02-19not yet calculatedCVE-2018-5378 CONFIRM CERT-VN CONFIRM DEBIANqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.2018-02-23not yet calculatedCVE-2017-15861 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.2018-02-23not yet calculatedCVE-2017-17764 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.2018-02-23not yet calculatedCVE-2017-15817 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.2018-02-23not yet calculatedCVE-2017-17767 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.2018-02-23not yet calculatedCVE-2017-17765 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overread is possible if there are no newlines in an input file.2018-02-23not yet calculatedCVE-2017-14910 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.2018-02-23not yet calculatedCVE-2017-14884 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.2018-02-23not yet calculatedCVE-2017-15829 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.2018-02-23not yet calculatedCVE-2017-15820 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.2018-02-23not yet calculatedCVE-2017-15862 CONFIRMqualcomm*-- android *In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.2018-02-23not yet calculatedCVE-2017-15860 CONFIRMradiant_cms -- radiant_cms *There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).2018-02-21not yet calculatedCVE-2018-7261 BUGTRAQ BIDred hat -- linux *In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.2018-02-16not yet calculatedCVE-2018-1049 REDHAT CONFIRMreprise -- license_manager *An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file.2018-02-21not yet calculatedCVE-2018-5716 MISCrle -- protocol_converter_fds-pc/fds-pc-dp *An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.2018-02-20not yet calculatedCVE-2018-7278 MISCrle -- wi-mgr/fds-wi_routers *An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.2018-02-20not yet calculatedCVE-2018-7277 MISCsamsung -- mobile_devices *In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world.2018-02-20not yet calculatedCVE-2017-10963 MISC MISCseagate -- blackarmor_nas *Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.2018-02-23not yet calculatedCVE-2014-3206 EXPLOIT-DBseagate -- blackarmor_nas *backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.2018-02-23not yet calculatedCVE-2014-3205 EXPLOIT-DBshimmie -- shimmie *Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.2018-02-20not yet calculatedCVE-2018-7265 MISCsinatra -- sinatra *An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.2018-02-18not yet calculatedCVE-2018-7212 MISC MISCsmartbear -- soapui *The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.2018-02-19not yet calculatedCVE-2017-16670 MISCsoftonic -- line_for_ios *LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2018-02-23not yet calculatedCVE-2018-0518 JVN MISCstrongswan -- strongswan *The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.2018-02-20not yet calculatedCVE-2018-6459 CONFIRMsymantec -- altris_deployment_solution *DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.2018-02-19not yet calculatedCVE-2010-0109 BID CONFIRMsymantec -- gear_software_cd_dvd_filter_driver *GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.2018-02-19not yet calculatedCVE-2011-3477 BID CONFIRMsynology -- photo_station *Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.2018-02-23not yet calculatedCVE-2017-16769 CONFIRMtejari*-- procurement_portal *In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request.2018-02-18not yet calculatedCVE-2018-7217 MISC MISCtejari*-- procurement_portal *Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.2018-02-18not yet calculatedCVE-2018-7216 MISC MISC MISCtiki -- tiki *Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.2018-02-21not yet calculatedCVE-2018-7304 MISCtiki -- tiki *Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.2018-02-21not yet calculatedCVE-2018-7302 MISCtiki -- tiki *The Calendar component in Tiki 17.1 allows HTML injection.2018-02-21not yet calculatedCVE-2018-7303 MISCtiki -- tiki *An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.2018-02-16not yet calculatedCVE-2018-7188 MISC MISCtrend_micro -- interscan_messaging_security_virtual_appliance *A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.2018-02-16not yet calculatedCVE-2018-3609 BID MISC MISC CONFIRMtrend_micro -- user-mode_hooking_module *A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.2018-02-16not yet calculatedCVE-2018-6218 BID JVN MISC CONFIRMtwibright_labs -- multiple_products *ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.2018-02-23not yet calculatedCVE-2012-6709 MISC MISCunderbit -- underbit *The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.2018-02-20not yet calculatedCVE-2018-7263 MISC MISCunisys_stealth -- windows *Unisys Stealth Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage.2018-02-19not yet calculatedCVE-2018-6592 CONFIRMunixodbc -- unixodbc *In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.2018-02-22not yet calculatedCVE-2018-7409 MISC MISCuserscape -- helpspot *An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked.2018-02-19not yet calculatedCVE-2017-16755 MISC MISC MISCuserscape -- helpspot *An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.2018-02-19not yet calculatedCVE-2017-16756 MISC MISC MISCwavpack -- wavpack *The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.2018-02-19not yet calculatedCVE-2018-7253 MISC MISC MISCwavpack -- wavpack *The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.2018-02-19not yet calculatedCVE-2018-7254 MISC MISC MISC EXPLOIT-DBwink_labs -- wink *In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.2018-02-22not yet calculatedCVE-2017-5249 MISCwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.2018-02-23not yet calculatedCVE-2018-7322 CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.2018-02-23not yet calculatedCVE-2018-7324 CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.2018-02-23not yet calculatedCVE-2018-7331 CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.2018-02-23not yet calculatedCVE-2018-7336 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.2018-02-23not yet calculatedCVE-2018-7325 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.2018-02-23not yet calculatedCVE-2018-7321 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.2018-02-23not yet calculatedCVE-2018-7330 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.2018-02-23not yet calculatedCVE-2018-7320 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.2018-02-23not yet calculatedCVE-2018-7334 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.2018-02-23not yet calculatedCVE-2018-7333 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.2018-02-23not yet calculatedCVE-2018-7323 CONFIRM CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.2018-02-23not yet calculatedCVE-2018-7329 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.2018-02-23not yet calculatedCVE-2018-7332 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.2018-02-23not yet calculatedCVE-2018-7328 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.2018-02-23not yet calculatedCVE-2018-7421 CONFIRM CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.2018-02-23not yet calculatedCVE-2018-7337 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.2018-02-23not yet calculatedCVE-2018-7327 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.2018-02-23not yet calculatedCVE-2018-7420 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.2018-02-23not yet calculatedCVE-2018-7419 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.2018-02-23not yet calculatedCVE-2018-7335 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.2018-02-23not yet calculatedCVE-2018-7418 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.2018-02-23not yet calculatedCVE-2018-7326 CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.2018-02-23not yet calculatedCVE-2018-7417 CONFIRM CONFIRM CONFIRMwolf_cms -- wolf_cms *Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.2018-02-22not yet calculatedCVE-2018-6890 MISC MISCwordpress -- wordpress *Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.2018-02-19not yet calculatedCVE-2015-2324 MISC CONFIRMwordpress -- wordpress *core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.2018-02-16not yet calculatedCVE-2018-6944 MISCwordpress -- wordpress *The Ninja Forms plugin before 3.2.14 for WordPress has XSS.2018-02-21not yet calculatedCVE-2018-7280 CONFIRMwordpress -- wordpress *core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.2018-02-16not yet calculatedCVE-2018-6943 MISCxpdf -- xpdf *A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7452 MISCxpdf -- xpdf *Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7453 MISCxpdf -- xpdf *A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7454 MISCxpdf -- xpdf *An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7455 MISCyarb/quarx -- yarb/quarx *Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).2018-02-20not yet calculatedCVE-2018-7274 BID MISCzyxel -- p-870h-51_dsl_router *This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.2018-02-21not yet calculatedCVE-2018-1164 MISCzzcms -- zzcms *zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.2018-02-23not yet calculatedCVE-2018-7434 @#766#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... 
|
| Sponsored Links |
     |
Linear Mode
