SB18-043: Vulnerability Summary for the Week of February 5, 2018

The Patriot · #1 02-12-2018, 08:21 PM

SB18-043: Vulnerability Summary for the Week of February 5, 2018

02-11-2018 09:46 PM

Original release date: February 12, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabrt -- abrt
*The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.2018-02-09not yet calculatedCVE-2015-1862
MISC
MISC
MISC
FULLDISC
MLIST
BID
CONFIRM
CONFIRM
EXPLOIT-DB
EXPLOIT-DBadobe -- flash_player
*A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to quality of service functionality. A successful attack can lead to arbitrary code execution.2018-02-06not yet calculatedCVE-2018-4877
BID
REDHAT
MISCadobe -- flash_player
*A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to the handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.2018-02-06not yet calculatedCVE-2018-4878
MISC
BID
SECTRACK
REDHAT
MISC
MISC
MISC
MISCanymail -- anymail
*webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.2018-02-03not yet calculatedCVE-2018-6596
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANapache -- allura
*In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.2018-02-06not yet calculatedCVE-2018-1299
CONFIRM
MLISTapache -- cloudstack
*In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.2018-02-06not yet calculatedCVE-2013-4317
MLISTapache -- cloudstack
*Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.2018-02-06not yet calculatedCVE-2016-6813
MLIST
BID
MLISTapache -- juddi
*In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.2018-02-09not yet calculatedCVE-2018-1307
CONFIRM
CONFIRMapache -- mod-gnutls
*mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.2018-02-03not yet calculatedCVE-2009-5144
CONFIRM
MLIST
CONFIRM
CONFIRMapache -- qpid_broker
*A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable.2018-02-09not yet calculatedCVE-2018-1298
MLISTapport -- apport
*Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.2018-02-02not yet calculatedCVE-2017-14177
CONFIRM
CONFIRM
CONFIRM
UBUNTUapport -- apport
*Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.2018-02-02not yet calculatedCVE-2017-14180
CONFIRM
CONFIRM
CONFIRM
UBUNTUapport -- apport
*Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.2018-02-02not yet calculatedCVE-2017-14179
CONFIRM
CONFIRMarmmbed -- mbedtls
*ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity.2018-02-09not yet calculatedCVE-2018-1000061
CONFIRMartifex -- mupdf
*pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.2018-02-02not yet calculatedCVE-2018-6544
MISC
MISC
MISC
MISCartifex -- mupdf
*Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.2018-02-09not yet calculatedCVE-2018-1000051
CONFIRM
CONFIRMatlassian -- bamboo
*The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18040
CONFIRMatlassian -- bamboo
*The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18042
CONFIRMatlassian -- bamboo
*The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.2018-02-02not yet calculatedCVE-2017-18082
CONFIRMatlassian -- bamboo
*The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18080
CONFIRMatlassian -- bamboo
*The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.2018-02-02not yet calculatedCVE-2017-18081
CONFIRMatlassian -- bamboo
*The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02not yet calculatedCVE-2017-18041
CONFIRMatlassian -- bitbucket_server
*The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.2018-02-02not yet calculatedCVE-2017-18037
CONFIRMatlassian -- bitbucket_server
*The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.2018-02-02not yet calculatedCVE-2017-18036
BID
CONFIRMatlassian -- bitbucket_server
*The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.2018-02-02not yet calculatedCVE-2017-18038
CONFIRMatlassian -- confluence_serverThe viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.2018-02-02not yet calculatedCVE-2017-18085
CONFIRMatlassian -- confluence_server
*The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.2018-02-02not yet calculatedCVE-2017-18083
CONFIRMatlassian -- confluence_server
*Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.2018-02-02not yet calculatedCVE-2017-18086
CONFIRMatlassian -- confluence_server
*The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.2018-02-02not yet calculatedCVE-2017-18084
CONFIRMatlassian -- fisheye_and_crucible
*The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.2018-02-02not yet calculatedCVE-2017-18035
CONFIRM
CONFIRMatlassian -- fisheye_and_crucible
*The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.2018-02-02not yet calculatedCVE-2017-18034
CONFIRM
CONFIRMatlassian -- jira
*The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.2018-02-02not yet calculatedCVE-2017-18039
CONFIRMaudacity -- audacity
*Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.2018-02-07not yet calculatedCVE-2016-2540
CONFIRM
MISCaudacity -- audacity
*Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.2018-02-07not yet calculatedCVE-2016-2541
CONFIRM
MISCavaya -- aura
*System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.2018-02-05not yet calculatedCVE-2018-6635
BID
SECTRACK
CONFIRMbitpay -- insight-api
*Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.2018-02-09not yet calculatedCVE-2018-1000023
CONFIRMboot2docker -- boot2dockerDocker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.2018-02-06not yet calculatedCVE-2014-5282
CONFIRM
CONFIRMboot2docker -- boot2docker
*boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.2018-02-06not yet calculatedCVE-2014-5280
CONFIRMboot2docker -- boot2docker
*The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.2018-02-06not yet calculatedCVE-2014-5279
CONFIRMborg -- borg_servers
*Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.2018-02-08not yet calculatedCVE-2017-15914
CONFIRMbrocade -- fabric_os
*Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.2018-02-08not yet calculatedCVE-2017-6225
CONFIRMbrocade -- fabric_os
*A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.2018-02-08not yet calculatedCVE-2017-6227
CONFIRMcanvs_canvas -- canvs_canvas
*Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.2018-02-09not yet calculatedCVE-2017-1000507
CONFIRMccn-lite -- ccn-lite
*ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.2018-02-07not yet calculatedCVE-2017-12412
CONFIRM
CONFIRMccn-lite -- ccn-lite
*ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values."2018-02-07not yet calculatedCVE-2017-12473
CONFIRMccn-lite -- ccn-lite
*Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown.2018-02-07not yet calculatedCVE-2017-12463
CONFIRMccn-lite -- ccn-lite
*Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.2018-02-07not yet calculatedCVE-2017-12470
CONFIRMccn-lite -- ccn-lite
*ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.2018-02-07not yet calculatedCVE-2017-12464
CONFIRM
CONFIRMccn-lite -- ccn-lite
*CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.2018-02-07not yet calculatedCVE-2017-12466
CONFIRM
CONFIRMccn-lite -- ccn-lite
*Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.2018-02-07not yet calculatedCVE-2017-12469
CONFIRM
CONFIRMccn-lite -- ccn-lite
*Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.2018-02-07not yet calculatedCVE-2017-12467
CONFIRM
CONFIRMccn-lite -- ccn-lite
*Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.2018-02-07not yet calculatedCVE-2017-12465
CONFIRM
CONFIRMccn-lite -- ccn-lite
*Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.2018-02-07not yet calculatedCVE-2017-12468
CONFIRM
CONFIRMccn-lite -- ccn-lite
*The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.2018-02-07not yet calculatedCVE-2017-12471
CONFIRM
CONFIRMccn-lite -- ccn-lite
*ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc.2018-02-07not yet calculatedCVE-2017-12472
CONFIRM
CONFIRMcisco -- data_center_analytics_framework
*A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02088.2018-02-08not yet calculatedCVE-2018-0129
BID
CONFIRMcisco -- data_center_analytics_framework
*A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02082.2018-02-08not yet calculatedCVE-2018-0128
BID
CONFIRMcisco -- email_security_appliance_and _content_security_management_appliance
*A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.2018-02-08not yet calculatedCVE-2018-0140
SECTRACK
SECTRACK
CONFIRMcisco -- firepower_system_software
*A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946.2018-02-08not yet calculatedCVE-2018-0138
CONFIRMcisco -- ios_and_ios_xe_software
*A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950.2018-02-08not yet calculatedCVE-2018-0123
SECTRACK
CONFIRMcisco -- ios_xr_softwareA vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency between the FIB and the RIB, resulting in a DoS condition. Cisco Bug IDs: CSCus84718.2018-02-08not yet calculatedCVE-2018-0132
SECTRACK
CONFIRMcisco -- policy_suite
*A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830.2018-02-08not yet calculatedCVE-2018-0134
BID
CONFIRMcisco -- policy_suite

*A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124.2018-02-08not yet calculatedCVE-2018-0116
CONFIRMcisco -- prime_network

*A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152.2018-02-08not yet calculatedCVE-2018-0137
BID
CONFIRMcisco -- rv132w_adsl2+_wireless-n_vpn_ and _rv134w_vdsl2_wireless-ac_vpn_routers

*A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.2018-02-08not yet calculatedCVE-2018-0127
SECTRACK
CONFIRMcisco -- rv132w_adsl2+_wireless-n_vpn_and_rv134w_vdsl2_wireless-ac_vpn_routers
*A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.2018-02-08not yet calculatedCVE-2018-0125
SECTRACK
CONFIRMcisco -- spark
*A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206.2018-02-08not yet calculatedCVE-2018-0119
CONFIRMcisco -- staros_operating_system_for_cisco_asr_5000_series_ aggregation_services_routers

*A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335.2018-02-08not yet calculatedCVE-2018-0122
SECTRACK
CONFIRMcisco -- ucs_central
*A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.2018-02-08not yet calculatedCVE-2018-0113
SECTRACK
CONFIRMcisco -- unified_communications_manager
*A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.2018-02-08not yet calculatedCVE-2018-0135
SECTRACK
CONFIRMcisco -- unified_communications_manager
*A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810.2018-02-08not yet calculatedCVE-2018-0120
BID
SECTRACK
CONFIRMcisco -- virtualized_packet_core-distributed_instance_softwareA vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. Cisco Bug IDs: CSCve17656.2018-02-08not yet calculatedCVE-2018-0117
CONFIRMclaymore -- dual_gpu_miner
*The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.2018-02-02not yet calculatedCVE-2018-6317
MISC
EXPLOIT-DBclaymore -- dual_gpu_miner
*nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote Code Execution vulnerability in API that can result in RCE by abusing the remote manager API. This attack appear to be exploitable via The victim must run the miner with read/write mode enabled.2018-02-09not yet calculatedCVE-2018-1000049
MISC
MISCcloudera -- cloudera
*An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.2018-02-04not yet calculatedCVE-2017-15536
CONFIRMcozy -- cozy
*Cozy has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset.2018-02-07not yet calculatedCVE-2018-6824
MISCcroogo -- croogo
*Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.2018-02-09not yet calculatedCVE-2017-1000510
CONFIRMdjango -- django
*django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.2018-02-04not yet calculatedCVE-2018-6188
CONFIRMdojo -- dojo_toolkit
*dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.2018-02-02not yet calculatedCVE-2018-6561
MISCdokuwiki -- dokuwiki
*The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.2018-02-03not yet calculatedCVE-2017-18123
MISC
MISC
MISC
MISC
MLIST
MISCdolibarr -- dolibarr
*Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.2018-02-09not yet calculatedCVE-2017-1000509
CONFIRMechor -- echorThe perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.2018-02-02not yet calculatedCVE-2014-1834
MLISTechor -- echor
*The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.2018-02-02not yet calculatedCVE-2014-1835
MLIST
XFedx -- edx
*The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.2018-02-03not yet calculatedCVE-2015-2186
CONFIRM
CONFIRMefront -- cms
*Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.2018-02-05not yet calculatedCVE-2015-4461
CONFIRM
MISCelectrum_technologies -- electrum_bitcoin_wallet
*Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.2018-02-09not yet calculatedCVE-2018-1000022
MISC
MISC
CONFIRM
MISCemc -- recoverpoint
*An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.2018-02-03not yet calculatedCVE-2018-1184
CONFIRM
SECTRACKemc -- recoverpoint
*An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.2018-02-03not yet calculatedCVE-2018-1185
CONFIRM
SECTRACKepson -- airprint
*Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.2018-02-08not yet calculatedCVE-2018-5550
MISC
CONFIRMether -- etherpad_lite
*static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.2018-02-08not yet calculatedCVE-2018-6834
CONFIRM
CONFIRMether -- etherpad_lite
*node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.2018-02-08not yet calculatedCVE-2018-6835
CONFIRM
CONFIRMexim -- exim
*An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific function. This can be used to execute code remotely.2018-02-08not yet calculatedCVE-2018-6789
MLIST
CONFIRMextreme_networks -- extremewireless_wingAn issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5787
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5793
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5791
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5792
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.2018-02-04not yet calculatedCVE-2018-5797
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5790
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.2018-02-04not yet calculatedCVE-2018-5788
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.2018-02-04not yet calculatedCVE-2018-5794
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.2018-02-04not yet calculatedCVE-2018-5789
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller.2018-02-04not yet calculatedCVE-2018-5795
CONFIRMextreme_networks -- extremewireless_wing
*An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.2018-02-04not yet calculatedCVE-2018-5796
CONFIRMezcode -- event_manager
*SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.2018-02-02not yet calculatedCVE-2018-6576
EXPLOIT-DBf5 -- big-ip
*In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.2018-02-06not yet calculatedCVE-2017-6169
SECTRACK
CONFIRMfasterxml -- jackson-databind
*A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.2018-02-06not yet calculatedCVE-2017-15095
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
DEBIANfasterxml -- jackson-databind
*A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.2018-02-06not yet calculatedCVE-2017-7525
BID
SECTRACK
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANffmpeg -- ffmpeg
*Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.2018-02-08not yet calculatedCVE-2012-5359
MISC
CONFIRMffmpeg -- ffmpeg
*Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.2018-02-08not yet calculatedCVE-2012-5360
MISC
CONFIRMffmpeg -- ffmpeg
*The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.2018-02-04not yet calculatedCVE-2018-6621
BID
CONFIRMfirebase -- firebase
*Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1.2018-02-09not yet calculatedCVE-2018-1000025
CONFIRM
CONFIRMfishshell -- fishfish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.2018-02-09not yet calculatedCVE-2014-3219
FEDORA
GENTOO
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMflatpak -- flatpak
*In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.2018-02-02not yet calculatedCVE-2018-6560
CONFIRM
CONFIRM
CONFIRMflexense -- diskboss
*An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.2018-02-02not yet calculatedCVE-2018-5261
MISCflexense -- syncbreeze_enterpriseA buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.2018-02-08not yet calculatedCVE-2018-1000030
CONFIRM
MISC
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4316.2018-02-08not yet calculatedCVE-2017-17658
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230.2018-02-08not yet calculatedCVE-2017-17419
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4238.2018-02-08not yet calculatedCVE-2017-17652
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225.2018-02-08not yet calculatedCVE-2017-17414
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4292.2018-02-08not yet calculatedCVE-2017-17656
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4294.2018-02-08not yet calculatedCVE-2017-17657
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4237.2018-02-08not yet calculatedCVE-2017-17425
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215.2018-02-08not yet calculatedCVE-2018-1161
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4226.2018-02-08not yet calculatedCVE-2017-17415
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4229.2018-02-08not yet calculatedCVE-2017-17418
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4234.2018-02-08not yet calculatedCVE-2017-17423
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4231.2018-02-08not yet calculatedCVE-2017-17420
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4287.2018-02-08not yet calculatedCVE-2017-17654
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4224.2018-02-08not yet calculatedCVE-2017-17413
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4906.2018-02-08not yet calculatedCVE-2017-17659
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233.2018-02-08not yet calculatedCVE-2017-17422
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within the handling of Export requests. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to arbitrarily overwrite files resulting in a denial-of-service condition. Was ZDI-CAN-4222.2018-02-08not yet calculatedCVE-2018-1162
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.2018-02-08not yet calculatedCVE-2017-17417
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4232.2018-02-08not yet calculatedCVE-2017-17421
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the underlying database. Was ZDI-CAN-4223.2018-02-08not yet calculatedCVE-2017-17412
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286.2018-02-08not yet calculatedCVE-2017-17653
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752.2018-02-08not yet calculatedCVE-2018-1163
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4227.2018-02-08not yet calculatedCVE-2017-17416
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4289.2018-02-08not yet calculatedCVE-2017-17655
MISCquest -- netvault_backup
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4235.2018-02-08not yet calculatedCVE-2017-17424
MISCredcap -- redcap
*A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.2018-02-08not yet calculatedCVE-2017-7351
MISCring -- video_doorbells
*Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.2018-02-06not yet calculatedCVE-2015-4400
MISC
MISC
MISCruby -- ruby
*BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.2018-02-05not yet calculatedCVE-2015-4412
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
MISCsaifor -- cvms_hub
*Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:f ilter. The GET parameter is nombreAgente.2018-02-06not yet calculatedCVE-2018-6792
MISCsandstorm -- sandstorm
*A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.2018-02-06not yet calculatedCVE-2017-6201
MISC
CONFIRM
CONFIRMsandstorm -- sandstorm
*A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.2018-02-06not yet calculatedCVE-2017-6199
MISC
MISC
CONFIRM
CONFIRMsandstorm -- sandstorm
*The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.2018-02-06not yet calculatedCVE-2017-6198
MISC
MISCsandstorm -- sandstorm
*Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.2018-02-06not yet calculatedCVE-2017-6200
MISC
MISC
CONFIRM
CONFIRM
CONFIRMsblim -- small_footprint_cim_broker
*SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.2018-02-08not yet calculatedCVE-2018-6644
MLISTsecurity_onion_solutions -- squert
*Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0.2018-02-09not yet calculatedCVE-2018-1000044
CONFIRMsecurity_onion_solutions -- squert
*Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0.2018-02-09not yet calculatedCVE-2018-1000043
CONFIRMsecurity_onion_solutions -- squert
*Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0.2018-02-09not yet calculatedCVE-2018-1000042
CONFIRMsensu -- sensu_core
*Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.2018-02-09not yet calculatedCVE-2018-1000060
CONFIRM
CONFIRMsimplesamlphp -- simplesamlphpThe consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.2018-02-02not yet calculatedCVE-2017-18121
CONFIRMsimplesamlphp -- simplesamlphp
*A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.2018-02-02not yet calculatedCVE-2017-18122
CONFIRMsnapd -- snapd
*In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.2018-02-02not yet calculatedCVE-2017-14178
CONFIRM
CONFIRM
CONFIRMsonatype -- nexus_repository_manager
*Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.2018-02-09not yet calculatedCVE-2018-5306
FULLDISC
CONFIRM
MISCsonatype -- nexus_repository_manager
*Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.2018-02-09not yet calculatedCVE-2018-5307
FULLDISC
CONFIRM
MISCsophos -- tester_tool
*In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.2018-02-02not yet calculatedCVE-2018-6318
MISCsophos -- tester_tool
*In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.2018-02-02not yet calculatedCVE-2018-6319
MISCsquid_software_foundation -- squid_http_caching_proxy

*The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.2018-02-09not yet calculatedCVE-2018-1000024
CONFIRM
MISCsquid_software_foundation -- squid_http_caching_proxy
*The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.2018-02-09not yet calculatedCVE-2018-1000027
CONFIRM
CONFIRM
CONFIRM
CONFIRMstb_vorbis -- stb_vorbis
*Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.2018-02-09not yet calculatedCVE-2018-1000050
CONFIRMsubsonic -- subsonic
*Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.2018-02-05not yet calculatedCVE-2017-9414
MISC
MISC
EXPLOIT-DBsuricata -- suricata
*Suricata before 4.1 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.2018-02-07not yet calculatedCVE-2018-6794
CONFIRM
CONFIRMsynacor -- zimbra_collaboration_suite
*Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.2018-02-03not yet calculatedCVE-2017-17703
CONFIRM
CONFIRMsynacor -- zimbra_collaboration_suite
*Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.2018-02-03not yet calculatedCVE-2017-8783
CONFIRM
CONFIRM
CONFIRM
CONFIRMthe_masha_brand -- online_voting_system
*A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.2018-02-08not yet calculatedCVE-2018-6180
MISC
EXPLOIT-DBtiki_wiki -- cms_groupware
*tiki wiki cms groupware