|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB18-078: Vulnerability Summary for the Week of March 12, 2018
SB18-078: Vulnerability Summary for the Week of March 12, 2018
03-18-2018 08:23 PM Original release date: March 19, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info10-strike -- network_monitor *Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.2018-03-12not yet calculatedCVE-2018-6016 FULLDISCabine_blur -- abine_blur *The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured.2018-03-11not yet calculatedCVE-2018-7213 MISC MISCafflib -- afflib *The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.2018-03-11not yet calculatedCVE-2018-8050 MISCajenti -- ajenti *Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.2018-03-13not yet calculatedCVE-2018-1000126 MISCajenti -- ajenti *Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter ..2018-03-13not yet calculatedCVE-2018-1000081 MISCajenti -- ajenti *Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.2018-03-13not yet calculatedCVE-2018-1000080 MISCajenti -- ajenti *Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.2018-03-13not yet calculatedCVE-2018-1000083 MISCajenti -- ajenti *Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed..2018-03-13not yet calculatedCVE-2018-1000082 MISCalienvault -- alienvault *A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.2018-03-14not yet calculatedCVE-2018-7279 CONFIRM CONFIRMapache -- alluraIn Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.2018-03-15not yet calculatedCVE-2018-1319 MLISTapache -- commons_compressA specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.2018-03-16not yet calculatedCVE-2018-1324 MLISTapache -- http_server_mod_cluster *Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.2018-03-09not yet calculatedCVE-2016-8612 REDHAT BID REDHAT REDHAT CONFIRMapache -- tomcat_jk_isapi_connectorThe IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.2018-03-12not yet calculatedCVE-2018-1323 BID MISCappweb -- appweb *The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.2018-03-14not yet calculatedCVE-2018-8715 MISC MISCasus -- rt-n14uhp_devices *ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter.2018-03-16not yet calculatedCVE-2017-12590 MISCasyncssh -- asyncssh *The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.2018-03-12not yet calculatedCVE-2018-7749 CONFIRM MLISTatlassian -- jira *The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.2018-03-16not yet calculatedCVE-2016-10716 MISC MISCatlassian -- jira *The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.2018-03-16not yet calculatedCVE-2016-10715 MISCaurea -- jive-n *The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files.2018-03-12not yet calculatedCVE-2018-5758 MISCauthentikat-jwt -- authentikat-jwt *A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.2018-03-17not yet calculatedCVE-2017-18239 MISC MISC MISCbitdefender -- bitdefender *BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group.2018-03-12not yet calculatedCVE-2018-6183 FULLDISCbitmessage -- pybitmessage *Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. This attack appears to be exploitable via remote attacker using a malformed message which must be processed by the victim - e.g. arrive from any sender on bitmessage network. This vulnerability appears to have been fixed in v0.6.3.2018-03-13not yet calculatedCVE-2018-1000070 MISCblackberry -- uem_management_console *In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.2018-03-13not yet calculatedCVE-2017-17442 CONFIRMbmc_remedy -- ar_system *BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.2018-03-10not yet calculatedCVE-2017-18223 CONFIRMbmc_remedy -- ar_system *Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.2018-03-12not yet calculatedCVE-2017-18228 MISCbui -- bui *The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text.2018-03-14not yet calculatedCVE-2018-8108 MISCbylancer -- bookme_control_panel *Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.2018-03-17not yet calculatedCVE-2018-8737 MISCclamav -- clamav *ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.2018-03-13not yet calculatedCVE-2018-1000085 MLIST MISC MLIST UBUNTU UBUNTUcloudme -- cloudme *An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892.2018-03-14not yet calculatedCVE-2018-7886 MISCclusterlabs -- clusterlabs *ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.2018-03-12not yet calculatedCVE-2017-2661 CONFIRM CONFIRMcms_made_simple -- cms_made_simple *CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.2018-03-11not yet calculatedCVE-2018-8058 MISCcms_made_simple -- cms_made_simple *CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6.2018-03-13not yet calculatedCVE-2018-1000092 MISCcms_made_simple -- cms_made_simple *CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.2018-03-11not yet calculatedCVE-2018-7893 MISCcms_made_simple -- cms_made_simple *CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.2018-03-12not yet calculatedCVE-2018-1000094 MISCcoppermine -- photo_gallery *Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-03-16not yet calculatedCVE-2014-4612 CONFIRM MLIST MLIST CONFIRM BID CONFIRM CONFIRMcryptonote -- cryptonote *CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior.2018-03-13not yet calculatedCVE-2018-1000093 MISC MISC MISCcurl -- curl *A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage2018-03-14not yet calculatedCVE-2018-1000122 SECTRACK CONFIRM UBUNTU DEBIANcurl -- curl *A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.2018-03-14not yet calculatedCVE-2018-1000120 BID SECTRACK CONFIRM UBUNTU DEBIANcurl -- curl *A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service2018-03-14not yet calculatedCVE-2018-1000121 BID SECTRACK CONFIRM UBUNTU DEBIANdatalust -- seq *Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.2018-03-13not yet calculatedCVE-2018-8096 MISC MISCdell -- emc_data_protection_advisor *EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).2018-03-16not yet calculatedCVE-2017-8013 FULLDISC BID SECTRACKdell -- emc_data_protection_advisor *Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.2018-03-12not yet calculatedCVE-2018-1206 CONFIRM BID SECTRACKdell -- storage_manager *In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.2018-03-16not yet calculatedCVE-2017-14384 CONFIRMdelta_electronics -- delta_industrial_automation_dopsoft *A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.2018-03-15not yet calculatedCVE-2018-5476 BID MISCdelta_electronics -- delta_industrial_automation_screen_editor *An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area.2018-03-15not yet calculatedCVE-2017-16747 BID MISCdelta_electronics -- delta_industrial_automation_screen_editor *A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.2018-03-15not yet calculatedCVE-2017-16745 BID MISCdelta_electronics -- delta_industrial_automation_screen_editor *A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code.2018-03-15not yet calculatedCVE-2017-16751 BID MISCdelta_electronics -- delta_industrial_automation_screen_editor *A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.2018-03-15not yet calculatedCVE-2017-16749 BID MISCdewesoft -- x3_sp1_devices *RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.2018-03-14not yet calculatedCVE-2018-7756 MISC EXPLOIT-DBdjango -- django *An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.2018-03-09not yet calculatedCVE-2018-7536 BID MLIST UBUNTU CONFIRMdjango -- django *An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.2018-03-09not yet calculatedCVE-2018-7537 BID MLIST UBUNTU CONFIRMdjango-anymail -- django-anymail *Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.2018-03-13not yet calculatedCVE-2018-1000089 MISC MISCdoorkeeper -- doorkeeper *Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.2018-03-13not yet calculatedCVE-2018-1000088 MISC MISC MISC MISCenalean -- tuleap *A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.2018-03-12not yet calculatedCVE-2018-7538 FULLDISC MISC CONFIRM EXPLOIT-DBeve -- eve *io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.2018-03-14not yet calculatedCVE-2018-8097 MISC MISCexempi -- exempi *An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.2018-03-15not yet calculatedCVE-2017-18235 CONFIRM CONFIRMexempi -- exempi *An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.2018-03-15not yet calculatedCVE-2017-18237 CONFIRM CONFIRMexempi -- exempi *An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.2018-03-15not yet calculatedCVE-2017-18233 CONFIRM CONFIRMexempi -- exempi *An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.2018-03-15not yet calculatedCVE-2017-18238 CONFIRM CONFIRMexempi -- exempi *An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.2018-03-15not yet calculatedCVE-2017-18234 CONFIRM CONFIRMexempi -- exempi *An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.2018-03-15not yet calculatedCVE-2017-18236 CONFIRM CONFIRMflexense -- syncbreeze_enterprise *An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.2018-03-12not yet calculatedCVE-2018-8065 MISC MISCforeman -- foreman *Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.2018-03-12not yet calculatedCVE-2017-2667 CONFIRM BID REDHAT CONFIRMfoxconn -- femtocell *One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications.2018-03-10not yet calculatedCVE-2018-6311 MISCfoxconn -- femtocell *A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used.2018-03-10not yet calculatedCVE-2018-6312 MISCfreebsd -- freebsd *In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.2018-03-09not yet calculatedCVE-2018-6916 SECTRACK FREEBSDfreeplane -- freeplane *FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the vicim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.2018-03-13not yet calculatedCVE-2018-1000069 MISC MISCgemalto -- sentinel_ldk_rte *Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service2018-03-13not yet calculatedCVE-2018-6304 MISCgemalto -- sentinel_ldk_rte *Denial of service in Gemalto's Sentinel LDK RTE version before 7.652018-03-13not yet calculatedCVE-2018-6305 MISCgentoo -- gentooThe Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.2018-03-12not yet calculatedCVE-2017-18225 CONFIRMgentoo -- gentoo *The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.2018-03-12not yet calculatedCVE-2017-18226 CONFIRMglpi_project -- glpiA remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.2018-03-12not yet calculatedCVE-2018-7562 CONFIRM MISCglpi_project -- glpi *An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.2018-03-12not yet calculatedCVE-2018-7563 CONFIRM MISCgoogle -- android *NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287.2018-03-12not yet calculatedCVE-2017-6287 CONFIRMgoogle -- android *NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288.2018-03-12not yet calculatedCVE-2017-6288 CONFIRMgoogle -- android *NVIDIA libnvomx contains a possible out of bounds write due to a missing bounds check which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-64893247. Reference: N-CVE-2017-6286.2018-03-12not yet calculatedCVE-2017-6286 BID CONFIRMgoogle -- android *NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281.2018-03-12not yet calculatedCVE-2017-6281 BID CONFIRMgoogle -- android *NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285.2018-03-12not yet calculatedCVE-2017-6285 CONFIRMgoogle*-- android *An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.2018-03-13not yet calculatedCVE-2018-1000109 CONFIRMgraphicsmagick -- graphicsmagick *An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.2018-03-13not yet calculatedCVE-2017-18229 CONFIRM CONFIRMgraphicsmagick -- graphicsmagick *An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.2018-03-13not yet calculatedCVE-2017-18230 CONFIRM CONFIRMgraphicsmagick -- graphicsmagick *An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.2018-03-13not yet calculatedCVE-2017-18231 CONFIRM CONFIRMhanwha_techwin -- smartcams *An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6296 MISChanwha_techwin -- smartcams *Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6302 MISChanwha_techwin -- smartcams *Unencrypted way of remote control and communications in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6295 MISChanwha_techwin -- smartcams *Authentication bypass in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6299 MISChanwha_techwin -- smartcams *Remote code execution in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6298 MISChanwha_techwin -- smartcams *Unsecured way of firmware update in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6294 MISChanwha_techwin -- smartcams *Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6301 MISChanwha_techwin -- smartcams *Buffer overflow in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6297 MISChanwha_techwin -- smartcams *Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6303 MISChanwha_techwin -- smartcams *Remote password change in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6300 MISChola -- hola *An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.2018-03-12not yet calculatedCVE-2018-6623 FULLDISChuawei -- cloudengine *Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak.2018-03-09not yet calculatedCVE-2016-8784 CONFIRM BIDhuawei -- cloudengine *Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.2018-03-09not yet calculatedCVE-2016-8782 CONFIRM BIDhuawei -- ensp *Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal.2018-03-09not yet calculatedCVE-2017-17321 CONFIRM BIDhuawei -- honor_6_and_p9_plus *Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege.2018-03-09not yet calculatedCVE-2016-8783 CONFIRM BIDhuawei -- mate_9_pro *The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone.2018-03-09not yet calculatedCVE-2017-17279 CONFIRM BIDhuawei -- multiple_products *Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage.2018-03-09not yet calculatedCVE-2016-8785 CONFIRM BIDhuawei -- multiple_products *Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.2018-03-09not yet calculatedCVE-2016-8786 CONFIRM BIDi_librarian -- i-librarian *I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.2018-03-13not yet calculatedCVE-2018-1000124 CONFIRMibm -- application_performance_management_response_time_m onitoring_agent *IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597.2018-03-13not yet calculatedCVE-2018-1441 CONFIRM XFibm -- business_process_manager *IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.2018-03-15not yet calculatedCVE-2015-7463 CONFIRM XFibm -- forms_server *Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006.2018-03-15not yet calculatedCVE-2016-0223 CONFIRM XFibm -- infosphere_information_governance_catalog *XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.2018-03-12not yet calculatedCVE-2016-0250 CONFIRM XFibm -- multiple_products *Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296.2018-03-15not yet calculatedCVE-2015-7453 CONFIRM XFibm -- multiple_products *Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604.2018-03-12not yet calculatedCVE-2016-0261 CONFIRM XFibm -- multiple_products *Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429.2018-03-15not yet calculatedCVE-2015-7471 CONFIRM XFibm -- multiple_products *IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098.2018-03-15not yet calculatedCVE-2015-7440 CONFIRM XFibm -- notes *IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.2018-03-13not yet calculatedCVE-2018-1435 CONFIRM BID XFibm -- notes *IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.2018-03-13not yet calculatedCVE-2018-1437 CONFIRM BID XFibm -- security_guardium_database_activity_monitor *IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.2018-03-12not yet calculatedCVE-2016-0235 CONFIRM XFibm -- security_guardium_database_activity_monitor *IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.2018-03-12not yet calculatedCVE-2016-0237 CONFIRM XFibm -- trivoli_workload_automation_for_aix *IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.2018-03-13not yet calculatedCVE-2018-1386 CONFIRM XFibm -- websphere_application_server *IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.2018-03-13not yet calculatedCVE-2017-1741 CONFIRM SECTRACK XFibm -- websphere_portal *IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.2018-03-13not yet calculatedCVE-2018-1444 SECTRACK XF CONFIRMidm -- ipa *Ipa before version 4.4.0-14 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.2018-03-13not yet calculatedCVE-2016-9575 REDHAT BID CONFIRMinversoft -- prime-jwt *inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227.2018-03-13not yet calculatedCVE-2018-1000125 CONFIRM CONFIRMios_keychain -- ios_keychain *Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf.2018-03-13not yet calculatedCVE-2018-1000123 CONFIRMiredmail -- iredmail *iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.2018-03-13not yet calculatedCVE-2018-1000072 MISC MISCjasper -- jasper *JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.2018-03-12not yet calculatedCVE-2016-9600 REDHAT CONFIRMjasper -- jasper *JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.2018-03-09not yet calculatedCVE-2016-9591 BID REDHAT CONFIRM GENTOO DEBIANjboss -- resteasy *JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.2018-03-09not yet calculatedCVE-2016-9606 REDHAT REDHAT BID SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT CONFIRMjenkins -- jenkins *A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.2018-03-13not yet calculatedCVE-2018-1000108 CONFIRMjenkins -- jenkins *An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.2018-03-13not yet calculatedCVE-2018-1000111 CONFIRMjenkins -- jenkins *An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.2018-03-13not yet calculatedCVE-2018-1000107 CONFIRMjenkins -- jenkins *An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.2018-03-13not yet calculatedCVE-2018-1000106 CONFIRMjenkins -- jenkins *A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.2018-03-13not yet calculatedCVE-2018-1000104 CONFIRMjenkins -- jenkins *An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.2018-03-13not yet calculatedCVE-2018-1000112 CONFIRMjenkins -- jenkins *An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.2018-03-13not yet calculatedCVE-2018-1000105 CONFIRMjenkins -- jenkins *An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.2018-03-13not yet calculatedCVE-2018-1000110 CONFIRMjenkins -- jenkins *A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript2018-03-13not yet calculatedCVE-2018-1000113 CONFIRMjenkins -- jenkins *An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.2018-03-13not yet calculatedCVE-2018-1000114 CONFIRMjolokia -- jolokia *An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.2018-03-14not yet calculatedCVE-2018-1000129 CONFIRM CONFIRMjolokia -- jolokia *A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.2018-03-14not yet calculatedCVE-2018-1000130 CONFIRMjoomla! -- joomla! *In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.2018-03-14not yet calculatedCVE-2018-8045 BID SECTRACK CONFIRMjoyplus-cms -- joyplus-cms *joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.2018-03-14not yet calculatedCVE-2018-8717 MISCjpxstream -- jpxstream *The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8106 MISCjpxstream -- jpxstream *The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8105 MISCjpxstream -- jpxstream *The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8100 MISCjpxstream -- jpxstream *The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8107 MISCjpxstream -- jpxstream *The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8101 MISCkadnode -- kadnode *KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution.2018-03-13not yet calculatedCVE-2018-1000091 MISCkeepkey -- keepkey *Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.2018-03-14not yet calculatedCVE-2018-6875 CONFIRMkingsoft -- wps_office_free *Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.2018-03-12not yet calculatedCVE-2018-6400 FULLDISCkontena -- kontena *server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /code#code= in a URI.2018-03-15not yet calculatedCVE-2018-8728 MISC MISC MISCkubernetes -- kubernetes *In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.2018-03-13not yet calculatedCVE-2017-1002102 REDHAT CONFIRMkubernetes -- kubernetes *In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.2018-03-13not yet calculatedCVE-2017-1002101 REDHAT CONFIRMlibevt -- libevt *The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size.2018-03-17not yet calculatedCVE-2018-8754 MISClibgit2 -- libgit2 *Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.2018-03-13not yet calculatedCVE-2018-8099 CONFIRM CONFIRMlibgit2 -- libgit2 *Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.2018-03-13not yet calculatedCVE-2018-8098 CONFIRM CONFIRM CONFIRMlibtiff -- libtiff *LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.2018-03-11not yet calculatedCVE-2014-8129 MISC MISC APPLE APPLE MLIST REDHAT REDHAT CONFIRM CONFIRM MISC BID SECTRACK CONFIRM GENTOO DEBIANlibtiff -- libtiff *Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.2018-03-11not yet calculatedCVE-2016-5314 CONFIRM SUSE SUSE SUSE SUSE MLIST MLIST MLIST CONFIRM BID BID CONFIRM CONFIRM GENTOO DEBIANlibtiff -- libtiff *The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.2018-03-11not yet calculatedCVE-2014-8130 CONFIRM APPLE APPLE MLIST REDHAT REDHAT CONFIRM CONFIRM MISC BID SECTRACK CONFIRM CONFIRM GENTOOlibvips -- libvips *In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.2018-03-09not yet calculatedCVE-2018-7998 MISC MISC MLISTlinux -- linux_kernel *The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).2018-03-10not yet calculatedCVE-2018-8043 MISC MISClinux -- linux_kernel *The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.2018-03-15not yet calculatedCVE-2017-18232 MISC BID MISClinux -- linux_kernel *In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.2018-03-11not yet calculatedCVE-2017-18224 MISC BID MISClinux -- linux_kernel *A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.2018-03-16not yet calculatedCVE-2018-1068 CONFIRM CONFIRM CONFIRM MLIST MLISTlinux -- linux_kernel *Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.2018-03-13not yet calculatedCVE-2018-8087 MISC MISCmemcached -- memcached *memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.2018-03-13not yet calculatedCVE-2018-1000127 CONFIRM CONFIRM CONFIRMmercurial -- mercurial *Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.2018-03-14not yet calculatedCVE-2018-1000132 CONFIRMmicrosoft -- .net_core_and_powershell_core *.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".2018-03-14not yet calculatedCVE-2018-0875 BID SECTRACK REDHAT CONFIRMmicrosoft -- asp.net_core *ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.2018-03-14not yet calculatedCVE-2018-0808 BID SECTRACK CONFIRMmicrosoft -- asp.net_core *ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0787 BID SECTRACK CONFIRM CONFIRMmicrosoft -- chakracore_and_windows_10 *ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0936 BID SECTRACK CONFIRMmicrosoft -- chakracore_and_windows_10 *ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0930 BID CONFIRMmicrosoft -- chakracore *ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0925 BID CONFIRMmicrosoft -- sharepoint_enterprise_server *Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0917 BID SECTRACK CONFIRMmicrosoft -- sharepoint_foundation_2013_sp1_and_ sharepoint_enterprise_server_2016 *Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944.2018-03-14not yet calculatedCVE-2018-0947 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0900 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0811 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0901 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0895 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0896 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka "Win32k Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0977 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0897 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0899 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0904 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.2018-03-14not yet calculatedCVE-2018-0926 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0898 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0814 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0894 BID SECTRACK CONFIRMmicrosoft -- windows_kernel *The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0813 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0876 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.2018-03-14not yet calculatedCVE-2018-0924 BID SECTRACK CONFIRMmicrosoft -- windows *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0929 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0919 BID SECTRACK CONFIRMmicrosoft -- windows *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0932 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0944 BID SECTRACK CONFIRMmicrosoft -- windows *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0942 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.2018-03-14not yet calculatedCVE-2018-0891 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0911 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0910 BID SECTRACK CONFIRMmicrosoft -- windows *Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902.2018-03-14not yet calculatedCVE-2018-0884 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass".2018-03-14not yet calculatedCVE-2018-0907 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936.2018-03-14not yet calculatedCVE-2018-0937 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0893 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0909 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0879 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".2018-03-14not yet calculatedCVE-2018-0903 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".2018-03-14not yet calculatedCVE-2018-0922 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0889 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0914 BID SECTRACK CONFIRMmicrosoft -- windows *The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882.2018-03-14not yet calculatedCVE-2018-0880 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0915 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0913 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0916 BID SECTRACK CONFIRMmicrosoft -- windows *The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."2018-03-12not yet calculatedCVE-2016-9952 CONFIRM CONFIRMmicrosoft -- windows *Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0921 BID SECTRACK CONFIRMmicrosoft -- windows *Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0983 BID SECTRACK CONFIRMmicrosoft -- windows *The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".2018-03-14not yet calculatedCVE-2018-0885 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924.2018-03-14not yet calculatedCVE-2018-0941 BID SECTRACK CONFIRMmicrosoft -- windows *Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0868 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0940 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0933 BID SECTRACK CONFIRMmicrosoft -- windows *Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0878 BID SECTRACK CONFIRMmicrosoft -- windows *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925.2018-03-14not yet calculatedCVE-2018-0935 BID SECTRACK CONFIRMmicrosoft -- windows *The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880.2018-03-14not yet calculatedCVE-2018-0882 BID SECTRACK CONFIRMmicrosoft -- windows *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0927 BID SECTRACK CONFIRMmicrosoft -- windows *The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".2018-03-14not yet calculatedCVE-2018-0886 BID SECTRACK MISC CONFIRMmicrosoft -- windows *Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0923 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891.2018-03-14not yet calculatedCVE-2018-0939 BID SECTRACK CONFIRMmicrosoft -- windows *Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0912 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0931 BID CONFIRMmicrosoft -- windows *The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884.2018-03-14not yet calculatedCVE-2018-0902 BID SECTRACK CONFIRMmicrosoft -- windows *The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0877 BID SECTRACK CONFIRMmicrosoft -- windows *The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.2018-03-12not yet calculatedCVE-2016-9953 CONFIRM CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0934 BID SECTRACK CONFIRMmicrosoft -- windows *The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816.2018-03-14not yet calculatedCVE-2018-0817 BID SECTRACK CONFIRMmicrosoft -- windows *Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability".2018-03-14not yet calculatedCVE-2018-0883 BID SECTRACK CONFIRMmicrosoft -- windows *The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0881 BID SECTRACK CONFIRMmicrosoft -- windows *The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0888 BID SECTRACK CONFIRMmicrosoft -- windows *The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817.2018-03-14not yet calculatedCVE-2018-0815 BID SECTRACK CONFIRMmicrosoft -- windows *The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817.2018-03-14not yet calculatedCVE-2018-0816 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0874 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0872 BID SECTRACK CONFIRMmicrosoft -- windows *ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0873 BID SECTRACK CONFIRMmitel -- connect_onsite *A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.2018-03-14not yet calculatedCVE-2018-5782 CONFIRM CONFIRMmitel -- connect_onsite *A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.2018-03-14not yet calculatedCVE-2018-5779 CONFIRM CONFIRMmitel -- connect_onsite *A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.2018-03-14not yet calculatedCVE-2018-5781 CONFIRM CONFIRMmitel -- connect_onsite *A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.2018-03-14not yet calculatedCVE-2018-5780 CONFIRM CONFIRMmitel -- mitel_st *A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.2018-03-13not yet calculatedCVE-2017-16251 CONFIRM CONFIRMmitel -- mitel_st *A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.2018-03-13not yet calculatedCVE-2017-16250 CONFIRM CONFIRMnetiq -- access_manager *A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.2018-03-14not yet calculatedCVE-2018-7678 BID CONFIRMnetiq -- access_manager *A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.2018-03-14not yet calculatedCVE-2018-7677 BID CONFIRMnpr -- visuals_team_pym.js *NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/bl...rc/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later.2018-03-13not yet calculatedCVE-2018-1000086 MISC MISC MISCopendaylight -- opendaylight *OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.2018-03-16not yet calculatedCVE-2018-1078 CONFIRMosisoft -- pi_web_api *A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.2018-03-14not yet calculatedCVE-2018-7500 BID MISCosisoft -- pi_web_api *A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.2018-03-14not yet calculatedCVE-2018-7508 BID MISCosisoft – pi_data_archive *An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server.2018-03-14not yet calculatedCVE-2018-7531 BID MISCosisoft – pi_data_archive *A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server.2018-03-14not yet calculatedCVE-2018-7529 BID MISCosisoft – pi_data_archive *An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system.2018-03-14not yet calculatedCVE-2018-7533 BID MISCosisoft – pi_vision *A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting.2018-03-14not yet calculatedCVE-2018-7504 BID MISCosisoft – pi_vision *An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure.2018-03-14not yet calculatedCVE-2018-7496 BID MISCovirt -- ovirt *oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.2018-03-12not yet calculatedCVE-2018-1000095 MISC MISCpanda -- global_protection *Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.2018-03-12not yet calculatedCVE-2018-6322 FULLDISCpanda -- global_protection *Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.2018-03-12not yet calculatedCVE-2018-6321 FULLDISCparamiko -- paramiko *transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.2018-03-13not yet calculatedCVE-2018-7750 CONFIRM CONFIRM CONFIRMpitchfork -- pitchfork *Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2.2018-03-16not yet calculatedCVE-2018-1000133 CONFIRM CONFIRM CONFIRM CONFIRM MISCpivotal -- concourse *Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source project has been registered by an unknown actor, and is therefore no longer the official website for Concourse CI. The new official domain is concourse-ci.org. At approximately 4 am EDT on March 7, 2018 the Concourse OSS team began receiving reports that the Concourse domain was not responding. The Concourse OSS team discovered, upon investigation with both the original and the new domain registrars, that the originating domain registrar had made the domain available for purchase. This was done despite the domain being renewed by the Concourse OSS team through August 2018. For a customer to be affected, they would have needed to access a download from a "concourse-dot-ci" domain web site after March 6, 2018 18:00:00 EST. Accessing that domain is NOT recommended by Pivotal. Anyone who had been using that domain should immediately begin using the concourse-ci.org domain instead. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub.2018-03-13not yet calculatedCVE-2018-1227 CONFIRMpivotal -- gemfire_for_pivotal_cloud_foundry *The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.2018-03-16not yet calculatedCVE-2016-9880 BID CONFIRMpivotal -- pivotal_application_service *Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.2018-03-16not yet calculatedCVE-2018-1200 BID CONFIRMpiwigo -- piwigo *Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.2018-03-16not yet calculatedCVE-2014-4613 OSVDB MISC CONFIRM CONFIRM MLIST MLIST EXPLOIT-DB BIDqcms -- qcms *QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.2018-03-12not yet calculatedCVE-2018-8069 MISCqcms -- qcms *QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.2018-03-12not yet calculatedCVE-2018-8070 MISCqemu -- qemu *Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.2018-03-12not yet calculatedCVE-2018-7858 MLIST BID CONFIRM MLISTqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer overflow and then leads to potential heap overwrite.2018-03-16not yet calculatedCVE-2017-15831 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access.2018-03-15not yet calculatedCVE-2017-14882 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution.2018-03-16not yet calculatedCVE-2017-18065 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow.2018-03-16not yet calculatedCVE-2017-18055 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for nlo_event in wma_nlo_match_evt_handler(), which is received from firmware, leads to potential out of bound memory access.2018-03-15not yet calculatedCVE-2017-18063 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read.2018-03-15not yet calculatedCVE-2017-18056 BID CONFIRMqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas().2018-03-16not yet calculatedCVE-2017-18061 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service.2018-03-15not yet calculatedCVE-2017-14878 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18058 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18057 CONFIRM MISCqualcomm -- android *In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow.2018-03-15not yet calculatedCVE-2017-17773 BID CONFIRMqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.2018-03-16not yet calculatedCVE-2017-14889 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.2018-03-15not yet calculatedCVE-2017-18067 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition.2018-03-16not yet calculatedCVE-2018-3561 CONFIRMqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will overflow the allocated buffer.2018-03-15not yet calculatedCVE-2016-10393 BID CONFIRMqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing UTF event in wma_process_utf_event().2018-03-16not yet calculatedCVE-2017-18062 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.2018-03-15not yet calculatedCVE-2017-18068 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.2018-03-15not yet calculatedCVE-2017-15815 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur.2018-03-16not yet calculatedCVE-2017-14887 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().2018-03-16not yet calculatedCVE-2017-18066 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.2018-03-16not yet calculatedCVE-2017-15834 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2018-03-16not yet calculatedCVE-2017-15814 CONFIRMqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which represents the sum of all the peer_stats->num_rates. The current behavior in this function is to validate only the num_rates of the first peer stats (peer_stats->num_rates) against WMA_SVC_MSG_MAX_SIZE, but not the sum of all the peer's num_rates (num_rates) which may lead to a buffer overflow when the firmware buffer is copied in to the allocated buffer (peer_stats) as the size for the memory allocation - link_stats_results_size is based on num_rates.2018-03-15not yet calculatedCVE-2017-14885 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18053 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18051 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device.2018-03-16not yet calculatedCVE-2018-3560 CONFIRMqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs.2018-03-16not yet calculatedCVE-2017-11082 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18052 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18059 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.2018-03-16not yet calculatedCVE-2017-18054 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is received from firmware leads to potential buffer overflow.2018-03-15not yet calculatedCVE-2017-18064 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread.2018-03-15not yet calculatedCVE-2017-18069 BID CONFIRMqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.2018-03-16not yet calculatedCVE-2017-15833 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18060 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API.2018-03-16not yet calculatedCVE-2017-11074 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite.2018-03-15not yet calculatedCVE-2017-15821 BID CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.2018-03-16not yet calculatedCVE-2017-15830 CONFIRM MISCqualcomm -- android *In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18050 CONFIRM MISCred_hat -- enterprise_linux *curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.2018-03-12not yet calculatedCVE-2017-2628 REDHAT BID CONFIRMred_hat -- jboss_enterprise_application_platform *Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.2018-03-09not yet calculatedCVE-2016-9585 BID CONFIRMred_hat -- keycloakRed Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.2018-03-12not yet calculatedCVE-2016-8629 REDHAT BID SECTRACK REDHAT REDHAT CONFIRMred_hat -- keycloakRed Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.2018-03-12not yet calculatedCVE-2017-2585 REDHAT BID SECTRACK REDHAT REDHAT CONFIRMred_hat -- openshift_enterpriseRed Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.2018-03-09not yet calculatedCVE-2018-1069 BID CONFIRMred_hat -- wildfly *Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.2018-03-12not yet calculatedCVE-2016-9589 REDHAT REDHAT REDHAT REDHAT REDHAT BID REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT CONFIRMroundcube -- roundcube *roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.2018-03-13not yet calculatedCVE-2018-1000071 MISC MISCruby -- ruby *RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000079 MISC MISC MISCruby -- ruby *RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000077 MISC MISCruby -- ruby *RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000078 MISC MISCruby -- ruby *RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000073 MISC MISCruby -- ruby *RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000076 MISC MISCruby -- ruby *RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000074 MISC MISCruby -- ruby *RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000075 MISC MISCsamba -- samba *All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.2018-03-13not yet calculatedCVE-2018-1050 BID SECTRACK CONFIRM CONFIRM UBUNTU DEBIAN CONFIRMsamba -- samba *On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).2018-03-13not yet calculatedCVE-2018-1057 BID SECTRACK CONFIRM CONFIRM UBUNTU DEBIAN CONFIRM CONFIRMsamba -- samba *Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.2018-03-12not yet calculatedCVE-2017-2619 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM CONFIRM DEBIAN EXPLOIT-DB CONFIRMsap -- business_client *Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.2018-03-14not yet calculatedCVE-2018-2398 BID CONFIRM CONFIRMsap -- business_objects_business_intelligence_platform *In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.2018-03-14not yet calculatedCVE-2018-2397 BID CONFIRM CONFIRMsap -- business_process_automation_by_redwood *SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability.2018-03-14not yet calculatedCVE-2018-2401 BID CONFIRM CONFIRMsap -- business_process_automation_by_redwood *SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.2018-03-14not yet calculatedCVE-2018-2366 BID CONFIRM CONFIRMsap -- business_process_automation_by_redwood *Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted.2018-03-14not yet calculatedCVE-2018-2400 BID CONFIRM CONFIRMsap -- hana *In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.2018-03-14not yet calculatedCVE-2018-2402 BID CONFIRM CONFIRMsap -- process_monitoring_infrastructure *Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.2018-03-14not yet calculatedCVE-2018-2399 BID CONFIRM CONFIRMschedmd -- slurm *SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.2018-03-15not yet calculatedCVE-2018-7033 CONFIRM CONFIRMschneider_electric -- somove_and_dtm_software *A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.2018-03-09not yet calculatedCVE-2018-7239 BID MISC CONFIRMsecurenvoy -- securmail *Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.2018-03-14not yet calculatedCVE-2018-7705 FULLDISC EXPLOIT-DB MISCsecurenvoy -- securmail *Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.2018-03-14not yet calculatedCVE-2018-7706 FULLDISC EXPLOIT-DB MISCsecurenvoy -- securmail *SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.2018-03-14not yet calculatedCVE-2018-7702 FULLDISC EXPLOIT-DB MISCsecurenvoy -- securmail *SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.2018-03-14not yet calculatedCVE-2018-7704 FULLDISC EXPLOIT-DB MISCsecurenvoy -- securmail *Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.2018-03-14not yet calculatedCVE-2018-7707 FULLDISC EXPLOIT-DB MISCsecurenvoy -- securmail *Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.2018-03-14not yet calculatedCVE-2018-7701 FULLDISC EXPLOIT-DB MISCsecurenvoy -- securmail *Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.2018-03-14not yet calculatedCVE-2018-7703 FULLDISC EXPLOIT-DB MISCservicenow_itsm -- servicenow_itsm *ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do).2018-03-15not yet calculatedCVE-2018-8720 MISCsharutils -- sharutils *Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..2018-03-12not yet calculatedCVE-2018-1000097 BUGTRAQspacewalk -- spacewalk *Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.2018-03-14not yet calculatedCVE-2018-1077 CONFIRMspice-gtk -- spice-gtk *A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.2018-03-14not yet calculatedCVE-2017-12194 BID CONFIRMspring_security -- spring_security *Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.2018-03-16not yet calculatedCVE-2018-1199 CONFIRMsqlite -- sqlite *In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.2018-03-16not yet calculatedCVE-2018-8740 MISC MISC MISC MISCsquirrelmail -- squirrelmailA directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.2018-03-17not yet calculatedCVE-2018-8741 MISC MISC MISC MISCsuse -- portus *The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.2018-03-11not yet calculatedCVE-2018-8059 MISCteluu_pjsip -- teluu_pjsip *Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.2018-03-12not yet calculatedCVE-2018-1000098 MISC MISCteluu_pjsip -- teluu_pjsip *Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.2018-03-12not yet calculatedCVE-2018-1000099 MISC MISC MISCtextpattern -- textpattern *textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.2018-03-13not yet calculatedCVE-2018-1000090 MISCtextpattern_cms -- textpattern_cms *An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.2018-03-14not yet calculatedCVE-2018-7474 FULLDISC EXPLOIT-DBtiny-json-http -- tiny-json-http *brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks.2018-03-12not yet calculatedCVE-2018-1000096 MISCtitanhq -- webtitan_gateway *TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.2018-03-12not yet calculatedCVE-2017-18227 MISC MISC MISCtrend_micro -- email_encryption_gateway *A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.2018-03-15not yet calculatedCVE-2018-6229 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.2018-03-15not yet calculatedCVE-2018-6222 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.2018-03-15not yet calculatedCVE-2018-6230 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.2018-03-15not yet calculatedCVE-2018-6227 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.2018-03-15not yet calculatedCVE-2018-6223 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.2018-03-15not yet calculatedCVE-2018-6219 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.2018-03-15not yet calculatedCVE-2018-6225 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.2018-03-15not yet calculatedCVE-2018-6228 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.2018-03-15not yet calculatedCVE-2018-6220 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.2018-03-15not yet calculatedCVE-2018-6224 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.2018-03-15not yet calculatedCVE-2018-6221 CONFIRM MISC EXPLOIT-DBtrend_micro -- email_encryption_gateway *Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.2018-03-15not yet calculatedCVE-2018-6226 CONFIRM MISC EXPLOIT-DBtrend_micro -- smart_protection_server *A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.2018-03-15not yet calculatedCVE-2018-6231 CONFIRM MISCunboundid -- ldap_sdk *UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldap...f1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.2018-03-16not yet calculatedCVE-2018-1000134 CONFIRMunitrends -- unitrends_backups *It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.2018-03-14not yet calculatedCVE-2018-6328 CONFIRM CONFIRMunitrends -- unitrends_backups *It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.2018-03-14not yet calculatedCVE-2018-6329 CONFIRM CONFIRMvmware -- workstation_and_fusion *VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.2018-03-15not yet calculatedCVE-2018-6957 SECTRACK CONFIRMvpn_unlimited -- vpn_unlimited *VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.2018-03-16not yet calculatedCVE-2018-8739 MISCweblog_expert -- web_server_enterprise *WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.2018-03-09not yet calculatedCVE-2018-7582 MISC MISC EXPLOIT-DBweblog_expert -- web_server_enterprise *\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.2018-03-09not yet calculatedCVE-2018-7581 MISC MISC EXPLOIT-DBwebmin -- webmin *An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request.2018-03-14not yet calculatedCVE-2018-8712 MISCwestern_bridge_cobub_razor -- western_bridge_cobub_razor *A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.2018-03-11not yet calculatedCVE-2018-8057 MISC MISCwestern_bridge_cobub_razor -- western_bridge_cobub_razor *Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.2018-03-11not yet calculatedCVE-2018-8056 MISC MISCwicket -- jquery *In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.2018-03-12not yet calculatedCVE-2017-15719 CONFIRM CONFIRMwolfcms -- wolfcms *WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the "Create New File" and "Create New Directory" input box from 'files'.2018-03-13not yet calculatedCVE-2018-1000087 MISC MISCwolfcms -- wolfcms *WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name .2018-03-13not yet calculatedCVE-2018-1000084 MISCwordpress -- wordpress *A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack.2018-03-14not yet calculatedCVE-2018-8711 MISC MISC MISCwordpress -- wordpress *Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.2018-03-14not yet calculatedCVE-2018-1000131 MISC CONFIRM MISCwordpress -- wordpress *Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.2018-03-15not yet calculatedCVE-2018-8729 MISC MISC MISC MISCwordpress -- wordpress *A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.2018-03-14not yet calculatedCVE-2018-8710 MISC MISC MISCxpdf -- xpdf *The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8103 MISCxpdf -- xpdf *The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8104 MISCxpdf -- xpdf *The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8102 MISCyzmcms -- yzmcms *YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.2018-03-13not yet calculatedCVE-2018-8078 MISCzenmate -- zenmate *ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker.2018-03-15not yet calculatedCVE-2018-8076 MISCzoho -- manageengine_desktop_central *Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.2018-03-15not yet calculatedCVE-2018-8722 CONFIRMzoho -- manageengine_eventlog_analyzer *Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen2018-03-15not yet calculatedCVE-2018-8721 BID CONFIRMzoho -- manageengine_eventlog_analyzer *Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-03-13not yet calculatedCVE-2018-7405 CONFIRM CONFIRMzsh -- zsh *zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.2018-03-09not yet calculatedCVE-2018-1071 BID @#1122#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
Sponsored Links |
|