|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB18-036: Vulnerability Summary for the Week of January 29, 2018
SB18-036: Vulnerability Summary for the Week of January 29, 2018
02-04-2018 10:08 PM Original release date: February 05, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infowondercms -- wondercmsIn WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.2018-01-266.5CVE-2017-14521 @#13#Back to top Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info7-zip -- 7-zip_and_p7zipInsufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.2018-01-31not yet calculatedCVE-2018-5996 MISC7-zip -- 7-zip_and_p7zipHeap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.2018-01-30not yet calculatedCVE-2017-17969 MISCapache -- cordovaAfter the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distribu...p2018-02-01not yet calculatedCVE-2017-3160 MISCapache -- poiApache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).2018-01-29not yet calculatedCVE-2017-12626 BID MLISTapache -- tomcatAs part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.2018-01-31not yet calculatedCVE-2017-15706 MLISTapache -- tomcat_native_connectorWhen parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.2018-01-31not yet calculatedCVE-2017-15698 MLISTapport -- apportApport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.2018-02-02not yet calculatedCVE-2017-14179 CONFIRM CONFIRMapport -- apportApport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.2018-02-02not yet calculatedCVE-2017-14177 CONFIRM CONFIRM CONFIRM UBUNTUapport -- apportApport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.2018-02-02not yet calculatedCVE-2017-14180 CONFIRM CONFIRM CONFIRM UBUNTUapsis -- poundApsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.2018-01-29not yet calculatedCVE-2016-10711 CONFIRMarq -- arqThe standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.2018-01-31not yet calculatedCVE-2017-16945 MISC MISC EXPLOIT-DBarq -- arqThe arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.2018-01-31not yet calculatedCVE-2017-16928 MISC MISC EXPLOIT-DBartifex -- mupdfpdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.2018-02-02not yet calculatedCVE-2018-6544 MISC MISC MISC MISCasus -- asuswrtPassword are stored in plaintext in nvram in the HTTPd server in all current versions (exists value can change after it is validated.2018-01-29not yet calculatedCVE-2017-18079 CONFIRM CONFIRM CONFIRMlinux -- linux_kernelThe "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16913 BID MISC MISC MISC MISC MISC MISC MISClinux -- linux_kernelIn the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.2018-01-31not yet calculatedCVE-2018-6412 MISClinux -- linux_kernelThe "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16914 BID MISC MISC MISC MISC MISC MISC MISC MISClinux -- linux_kernelThe vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.2018-01-31not yet calculatedCVE-2017-16911 BID MISC MISC MISC MISC MISC MISClinux -- linux_kernelThe "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.2018-01-31not yet calculatedCVE-2017-16912 BID MISC MISC MISC MISC MISC MISC MISCmantisbt -- mantisbtview_all_bug_page.php in MantisBT 2.10.0 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.2018-02-02not yet calculatedCVE-2018-6526 MISCmantisbt -- mantisbtMantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address,2018-01-30not yet calculatedCVE-2018-6382 MISC MISCmicro_focus -- fortify_audit_workbench_and_software_security_cent erXML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.2018-02-02not yet calculatedCVE-2018-6486 CONFIRMmiekg-dns -- miekg-dnsA denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.2018-01-29not yet calculatedCVE-2017-15133 CONFIRM CONFIRMmonstra -- monstra_cmsMonstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.2018-02-02not yet calculatedCVE-2018-6550 CONFIRM CONFIRMmonstra -- monstra_cmsMonstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.2018-01-29not yet calculatedCVE-2018-6383 MISCmpv -- mpvmpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.2018-01-27not yet calculatedCVE-2018-6360 MISC MISCnetis -- wf2419_devicesA cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.2018-01-29not yet calculatedCVE-2018-6391 MISC MISC EXPLOIT-DBnetwave -- ip_camera_devicesAn issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI.2018-01-31not yet calculatedCVE-2018-6479 MISCnibbleblog -- nibbleblogNibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.2018-02-01not yet calculatedCVE-2018-6470 MISCnootka -- nootkaNootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2018-01-26not yet calculatedCVE-2018-0506 JVNnprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.2018-02-01not yet calculatedCVE-2018-6525 MISCnprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.2018-02-01not yet calculatedCVE-2018-6524 MISCnprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.2018-02-01not yet calculatedCVE-2018-6523 MISCnprotect -- nprotect_avsIn nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.2018-02-01not yet calculatedCVE-2018-6522 MISCnsclient++ -- nsclient++Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.2018-01-31not yet calculatedCVE-2018-6384 CONFIRMntt-cert -- flet's_virus_clear_easy_setup_&_application_toolUntrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-01-26not yet calculatedCVE-2018-0507 JVNomniauth -- omniauthIn strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.2018-01-26not yet calculatedCVE-2017-18076 CONFIRM CONFIRM CONFIRMopendaylight -- opendaylightOpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout.2018-01-31not yet calculatedCVE-2017-1000411 MLIST BIDpacketfence -- packetfencehtml/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.2018-02-01not yet calculatedCVE-2011-4069 CONFIRM CONFIRMpacketfence -- packetfenceThe check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.2018-02-01not yet calculatedCVE-2011-4068 CONFIRM CONFIRMperfex_crm -- perfex_crmIn Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.2018-01-26not yet calculatedCVE-2017-17976 MISC EXPLOIT-DBphoenix_contact -- mguardAn Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.2018-01-30not yet calculatedCVE-2018-5441 MISCphpscriptsmall.com -- multilanguage_real_estate_mlm_scriptSQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.2018-01-29not yet calculatedCVE-2018-6364 MISC EXPLOIT-DBpictuscode -- taskrabbit_clone_scriptSQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.2018-01-29not yet calculatedCVE-2018-6363 MISC EXPLOIT-DBpodofo -- podofoIn PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.2018-01-27not yet calculatedCVE-2018-6352 MISCptex -- ptexAn exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.2018-01-29not yet calculatedCVE-2018-3835 MISCpulse_secure -- desktop_linuxThe GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.2018-01-31not yet calculatedCVE-2018-6374 CONFIRMpuppet -- puppet_enterpriseVersions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.2018-02-01not yet calculatedCVE-2017-2293 CONFIRMpuppet -- puppet_enterprisePuppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.2018-02-01not yet calculatedCVE-2017-2297 CONFIRMpuppet -- puppet_enterpriseIn Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.2018-02-01not yet calculatedCVE-2017-2296 CONFIRMqemu -- qemuInteger overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).2018-01-31not yet calculatedCVE-2017-18043 MLIST BID CONFIRMsimditor -- simditorSimditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.2018-01-31not yet calculatedCVE-2018-6464 MISCsimplesamlphp -- simplesamlphpThe consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.2018-02-02not yet calculatedCVE-2017-18121 CONFIRMsimplesamlphp -- simplesamlphpA signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.2018-02-02not yet calculatedCVE-2017-18122 CONFIRMsimplesamlphp -- simplesamlphpThe SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.2018-02-01not yet calculatedCVE-2018-6519 CONFIRMsimplesamlphp -- simplesamlphpThe sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.2018-02-01not yet calculatedCVE-2018-6521 CONFIRMsimplesamlphp -- simplesamlphpSimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.2018-02-01not yet calculatedCVE-2018-6520 CONFIRMsnapd -- snapdIn snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.2018-02-02not yet calculatedCVE-2017-14178 CONFIRM CONFIRM CONFIRMsophos -- puremessage_for_unixCross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-26not yet calculatedCVE-2016-6217 CONFIRMsugarcrm -- sugarcrmXML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.2018-02-01not yet calculatedCVE-2014-3244 FULLDISC BID MISCsuperantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080.2018-01-31not yet calculatedCVE-2018-6473 MISCsuperantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c.2018-01-31not yet calculatedCVE-2018-6472 MISCsuperantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.2018-01-31not yet calculatedCVE-2018-6476 MISCsuperantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148.2018-01-31not yet calculatedCVE-2018-6474 MISCsuperantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.2018-01-31not yet calculatedCVE-2018-6475 MISCsuperantispyware -- superantispyware_professional_trialIn SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078.2018-01-31not yet calculatedCVE-2018-6471 MISCsystemd -- systemdsystemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.2018-01-29not yet calculatedCVE-2017-18078 MISC EXPLOIT-DBtracker -- pdf-xchange_viewer_and_viewer_ax_sdkTracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.2018-01-31not yet calculatedCVE-2018-6462 CONFIRMvastal_i-tech -- buddy_zone_facebook_cloneSQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.2018-01-29not yet calculatedCVE-2018-6367 MISC EXPLOIT-DBvmware -- airwatch_consoleVMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.2018-01-29not yet calculatedCVE-2017-4951 BID SECTRACK CONFIRMvmware -- realize_automationVMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.2018-01-29not yet calculatedCVE-2017-4947 BID SECTRACK SECTRACK CONFIRMwondercms -- wondercmsIn WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript.2018-01-26not yet calculatedCVE-2017-14522 MISCwondercms -- wondercmsWonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages.2018-01-26not yet calculatedCVE-2017-14523 MISCwordpress -- wordpressadmin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.2018-01-30not yet calculatedCVE-2018-6195 MISC FULLDISC CONFIRM MISCwordpress -- wordpressThe PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.2018-01-31not yet calculatedCVE-2018-6465 MISC MISC MISC MISCwordpress -- wordpressCross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-01not yet calculatedCVE-2018-0511 JVN CONFIRMwordpress -- wordpressA cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.2018-01-30not yet calculatedCVE-2018-6194 MISC FULLDISC CONFIRM MISCwordpress -- wordpressAn issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.2018-01-26not yet calculatedCVE-2018-6015 MISC CONFIRM EXPLOIT-DBwordpress -- wordpressThe acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.2018-01-27not yet calculatedCVE-2018-6357 MISC MISCzabbix -- zabbixXML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.2018-02-01not yet calculatedCVE-2014-3005 FEDORA FEDORA FULLDISC BID CONFIRM CONFIRM MISCzziplib -- zziplibIn ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-01not yet calculatedCVE-2018-6484 MISCzziplib -- zziplibIn ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.2018-01-29not yet calculatedCVE-2018-6381 MISCzziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.2018-02-02not yet calculatedCVE-2018-6542 MISCzziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6540 MISCzziplib -- zziplibIn ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02not yet calculatedCVE-2018-6541 @#251#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
Sponsored Links |
|