The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 03-28-2018, 08:26 AM
The Patriot's Avatar
The Patriot The Patriot is offline
Senior Member
 

Join Date: Jun 2002
Posts: 1,386,283
Default SB18-085: Vulnerability Summary for the Week of March 19, 2018

SB18-085: Vulnerability Summary for the Week of March 19, 2018

03-25-2018 09:06 PM

Original release date: March 26, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.2018-03-20not yet calculatedCVE-2018-8873
MISC2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018.2018-03-18not yet calculatedCVE-2018-8765
MISC2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044.2018-03-22not yet calculatedCVE-2018-8896
MISC2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054.2018-03-20not yet calculatedCVE-2018-8874
MISC2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c.2018-03-20not yet calculatedCVE-2018-8875
MISC2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.2018-03-22not yet calculatedCVE-2018-8895
MISC2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108.2018-03-22not yet calculatedCVE-2018-8894
MISC2345_security_guard -- 2345_security_guard
*In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098.2018-03-20not yet calculatedCVE-2018-8876
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.2018-03-24not yet calculatedCVE-2018-8998
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.2018-03-24not yet calculatedCVE-2018-8999
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.2018-03-24not yet calculatedCVE-2018-9000
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.2018-03-24not yet calculatedCVE-2018-9005
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.2018-03-24not yet calculatedCVE-2018-9006
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.2018-03-24not yet calculatedCVE-2018-9007
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.2018-03-24not yet calculatedCVE-2018-9001
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.2018-03-24not yet calculatedCVE-2018-9004
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.2018-03-24not yet calculatedCVE-2018-9002
MISCadvanced_systemcare_ultimate -- advanced_systemcare_ultimate
*In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.2018-03-24not yet calculatedCVE-2018-9003
MISCajaxdiscussion.php -- ajaxdiscussion.php
*I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.2018-03-23not yet calculatedCVE-2018-1000141
MISCalkacon -- opencms
*Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation.2018-03-20not yet calculatedCVE-2018-8811
MISCalkacon -- opencms
*Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.2018-03-20not yet calculatedCVE-2018-8815
MISCamd -- epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobi le_processor_chips
*The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.2018-03-22not yet calculatedCVE-2018-8936
MISC
MISC
MISC
MISCamd -- epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobi le_processor_chips
*The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.2018-03-22not yet calculatedCVE-2018-8930
MISC
MISC
MISC
MISCamd -- epyc_server_processor_chips
*The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.2018-03-22not yet calculatedCVE-2018-8933
MISC
MISC
MISC
MISCamd -- ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chi psThe AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.2018-03-22not yet calculatedCVE-2018-8931
MISC
MISC
MISC
MISCamd -- ryzen_and_ryzen_pro_processor_chips
*The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.2018-03-22not yet calculatedCVE-2018-8932
MISC
MISC
MISC
MISCamd -- ryzen_and_ryzen_pro_processor_chips
*The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.2018-03-22not yet calculatedCVE-2018-8935
MISC
MISC
MISC
MISCamd -- ryzen_and_ryzen_pro_processor_chips
*The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.2018-03-22not yet calculatedCVE-2018-8934
MISC
MISC
MISC
MISCapache -- apache_commons_components
*A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.2018-03-16not yet calculatedCVE-2018-1324
BID
SECTRACK
MLISTapache -- commons-email
*If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).2018-03-20not yet calculatedCVE-2018-1294
MLISTapache -- syncope
*An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can recover sensitive security values using the fiql and orderby parameters.2018-03-20not yet calculatedCVE-2018-1322
MISCapache -- syncope
*An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.2018-03-20not yet calculatedCVE-2018-1321
MISCatlassian -- bitbucket_server


*In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.2018-03-22not yet calculatedCVE-2018-5225
BID
CONFIRMatlassian -- fisheye_and_crucible
*Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.2018-03-22not yet calculatedCVE-2017-18094
CONFIRM
CONFIRMauthentikat-jwt -- authentikat-jwt
*A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.2018-03-17not yet calculatedCVE-2017-18239
MISC
MISC
MISCbeckhoff -- twincat
*Kernal drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.2018-03-23not yet calculatedCVE-2018-7502
BID
MISC
MISCbmc_remedy -- action_request_system
*BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.2018-03-24not yet calculatedCVE-2015-9257
CONFIRMbose -- soundtouch_devices
*Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.2018-03-24not yet calculatedCVE-2017-17749
MISCbose -- soundtouch_devices
*Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.2018-03-24not yet calculatedCVE-2017-17750
MISCbose -- soundtouch_devices
*Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.2018-03-24not yet calculatedCVE-2017-17751
MISCbylancer -- bookme_control_panel
*Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.2018-03-17not yet calculatedCVE-2018-8737
MISCcloud_controller -- cloud_controller
*In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.2018-03-19not yet calculatedCVE-2018-1195
CONFIRMcloud_foundry_foundation -- garden
*In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet.2018-03-19not yet calculatedCVE-2015-5350
CONFIRMcloud_foundry_foundation -- gorouter
*In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.2018-03-19not yet calculatedCVE-2018-1221
CONFIRMcloud_foundry_foundation -- windows_stemcells
*In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.2018-03-19not yet calculatedCVE-2018-1197
CONFIRMcore_ftp_server -- core_ftp_server
*Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.2018-03-20not yet calculatedCVE-2014-1215
BUGTRAQ
MISCcovercms -- covercms
*CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php.2018-03-23not yet calculatedCVE-2018-8957
MISC
MISC
MISCcreditwest_bank -- cms_project
*Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.2018-03-24not yet calculatedCVE-2018-8972
MISCdell -- storage_manager
*In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.2018-03-16not yet calculatedCVE-2017-14384
CONFIRM
BIDdell_emc -- idrac
*Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.2018-03-23not yet calculatedCVE-2018-1211
MISCdell_emc -- idrac
*Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.2018-03-23not yet calculatedCVE-2018-1207
MISC
MISCdell_emc -- networker
*In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.2018-03-19not yet calculatedCVE-2018-1218
FULLDISC
SECTRACKdsmall -- dsmall
*dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.2018-03-22not yet calculatedCVE-2018-8906
MISCdtisqlinstaller.exe -- dtisqlinstaller.exe
*Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.2018-03-19not yet calculatedCVE-2018-5551
MISCdtisqlinstaller.exe -- dtisqlinstaller.exe
*Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".2018-03-19not yet calculatedCVE-2018-5552
MISCeaton -- elcsoft
*In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.2018-03-20not yet calculatedCVE-2018-7511
CONFIRM
BID
MISCelectron -- electron
*Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.2018-03-23not yet calculatedCVE-2018-1000136
MISCelfutils -- elfutils
*elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.2018-03-18not yet calculatedCVE-2018-8769
CONFIRMemc -- data_protection_advisor
*EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).2018-03-16not yet calculatedCVE-2017-8013
FULLDISC
BID
SECTRACKenhavo -- enhavo
*enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.2018-03-20not yet calculatedCVE-2018-8832
MISCexiv2 -- exiv2
*In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.2018-03-24not yet calculatedCVE-2018-8977
MISCexiv2 -- exiv2
*In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.2018-03-24not yet calculatedCVE-2018-8976
MISCf5 -- big-ip
*In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.2018-03-22not yet calculatedCVE-2018-5504
SECTRACK
CONFIRMf5 -- big-ip
*On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.2018-03-22not yet calculatedCVE-2018-5502
SECTRACK
CONFIRMf5 -- big-ip
*SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.2018-03-19not yet calculatedCVE-2014-4024
XF
CONFIRMf5 -- big-ip
*On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.2018-03-22not yet calculatedCVE-2018-5509
SECTRACK
CONFIRMf5 -- big-ip
*On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP.2018-03-22not yet calculatedCVE-2018-5505
SECTRACK
CONFIRMf5 -- big-ip
*On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action.2018-03-22not yet calculatedCVE-2018-5503
SECTRACK
CONFIRMflafla -- arsenol
*Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0534
JVNflafla -- arsenol
*Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi.2018-03-22not yet calculatedCVE-2018-0536
JVNfortinet -- fortiweb
*An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 and above under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. A fix is scheduled in upcoming FortiWeb v6.1.0.2018-03-20not yet calculatedCVE-2017-14191
BID
CONFIRMfrog_cms -- frog_cms
*An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.2018-03-22not yet calculatedCVE-2014-4912
EXPLOIT-DBfunctions.php -- functions.php
*I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.2018-03-23not yet calculatedCVE-2018-1000138
MISC
MISCgeneral_electric -- centricity_pacs_ra1000_devices
*GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14008
BID
MISCgeneral_electric -- gemnet_license_server
*GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14004
MISCgeneral_electric -- infinia_and_infinia_with_hawkeye_4_medical_imaging _systems
*GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14002
BID
MISCgeneral_electric -- xeleris_medical_imaging_systems
*GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14006
MISCgentoo -- collectd
*The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).2018-03-18not yet calculatedCVE-2017-18240
BID
CONFIRM
GENTOOgeutebruck -- ip_camerasUnauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.2018-03-22not yet calculatedCVE-2018-7532
BID
MISCgeutebruck -- ip_cameras
*A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans.2018-03-22not yet calculatedCVE-2018-7516
BID
MISCgeutebruck -- ip_cameras
*A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.2018-03-22not yet calculatedCVE-2018-7524
BID
MISCgeutebruck -- ip_cameras
*An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords.2018-03-22not yet calculatedCVE-2018-7520
BID
MISCgeutebruck -- ip_cameras
*An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.2018-03-22not yet calculatedCVE-2018-7528
BID
MISCgeutebruck -- ip_cameras
*A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.2018-03-22not yet calculatedCVE-2018-7512
BID
MISCgitlab -- community_and_enterprise_editions
*Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.2018-03-21not yet calculatedCVE-2018-3710
CONFIRM
MISC
CONFIRM
MISC
DEBIANgitlab -- community_and_enterprise_editions
*Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.2018-03-21not yet calculatedCVE-2017-0914
CONFIRM
MISCgitlab -- community_and_enterprise_editions
*GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.2018-03-22not yet calculatedCVE-2017-0920
CONFIRM
MISCgitlab -- community_edition
*Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.2018-03-21not yet calculatedCVE-2017-0924
CONFIRM
MISCgitlab -- community_edition
*Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.2018-03-21not yet calculatedCVE-2017-0915
CONFIRM
MISC
DEBIANgitlab -- community_edition
*Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.2018-03-21not yet calculatedCVE-2017-0917
CONFIRM
MISC
DEBIANgitlab -- community_edition
*Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.2018-03-21not yet calculatedCVE-2017-0926
CONFIRM
CONFIRM
DEBIANgitlab -- community_edition
*Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.2018-03-21not yet calculatedCVE-2017-0918
CONFIRM
MISC
DEBIANgitlab -- community_edition
*Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.2018-03-21not yet calculatedCVE-2017-0927
CONFIRM
CONFIRMgitlab -- community_edition
*Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.2018-03-21not yet calculatedCVE-2017-0916
CONFIRM
MISC
DEBIANgitlab -- community_edition
*Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.2018-03-21not yet calculatedCVE-2017-0923
CONFIRM
MISCgitlab -- enterprise_edition
*Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.2018-03-21not yet calculatedCVE-2017-0925
CONFIRM
CONFIRM
DEBIANgitlab -- enterprise_edition
*Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.2018-03-21not yet calculatedCVE-2017-0922
CONFIRM
MISCgitlab -- gitlab
*The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.2018-03-24not yet calculatedCVE-2018-8971
MISCgnome -- networkmanager
*GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.2018-03-20not yet calculatedCVE-2018-1000135
BID
CONFIRM
CONFIRM
CONFIRMgnu -- binutils
*The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.2018-03-22not yet calculatedCVE-2018-8945
MISCwire.com*-- wire_application_for_android
*The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.2018-03-22not yet calculatedCVE-2018-8909
MISCgrav_cms -- grav_cms
*Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.2018-03-19not yet calculatedCVE-2018-5233
MLIST
MISCgundam_cult_qqq -- qqq_systems
*Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi.2018-03-22not yet calculatedCVE-2018-0537
JVNgundam_cult_qqq -- qqq_systems
*Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0538
JVNgundam_cult_qqq -- qqq_systems
*QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0539
JVNheimdal_security -- heimdal_pro_and_heimdal_free_and_heimdal_corp
*A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.2018-03-22not yet calculatedCVE-2018-5349
MISCheimdal_security -- heimdal_pro
*An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerablity is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.2018-03-22not yet calculatedCVE-2018-5731
MISChisayuki_nomura -- tiny_ftp_daemon
*Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0541
JVNhuawei -- fusionsphere_openstack
*Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation.2018-03-20not yet calculatedCVE-2017-8187
CONFIRMhuawei -- hg532
*Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.2018-03-20not yet calculatedCVE-2017-17215
CONFIRM
BIDhuawei -- iptv_stb
*Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free.2018-03-20not yet calculatedCVE-2017-8176
MISC
CONFIRMhuawei -- mate_9_pro_smartphones
*Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.2018-03-20not yet calculatedCVE-2017-17320
CONFIRMhuawei -- multiple_devices
*DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.2018-03-23not yet calculatedCVE-2017-15326
CONFIRMhuawei -- multiple_smartphones
*Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal.2018-03-20not yet calculatedCVE-2017-17306
CONFIRMhuawei -- p9_smartphones
*Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.2018-03-20not yet calculatedCVE-2017-17319
CONFIRMhuawei -- smartphones_with_vns-l21autc555b141_software
*Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal.2018-03-20not yet calculatedCVE-2017-17307
CONFIRMibm -- data_server_driver_for_jdbc_and_sqlj
*IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.2018-03-22not yet calculatedCVE-2017-1677
CONFIRM
BID
MISCibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.2018-03-22not yet calculatedCVE-2018-1448
CONFIRM
MISCibm -- db2_for_linux_and_unix_and_windows
*IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.2018-03-22not yet calculatedCVE-2017-1571
CONFIRM
MISCibm -- gskit
*IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.2018-03-22not yet calculatedCVE-2018-1427
CONFIRM
MISCibm -- gskit
*IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.2018-03-22not yet calculatedCVE-2018-1428
CONFIRM
MISCibm -- gskit
*IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.2018-03-22not yet calculatedCVE-2018-1426
CONFIRM
MISCibm -- ibm_connections
*Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.2018-03-20not yet calculatedCVE-2015-7458
CONFIRM
XFibm -- ibm_connections
*Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.2018-03-20not yet calculatedCVE-2015-7459
CONFIRM
XFibm -- ibm_connections
*Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.2018-03-20not yet calculatedCVE-2015-7460
CONFIRM
XFibm -- ibm_connections
*XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.2018-03-20not yet calculatedCVE-2015-7461
CONFIRM
XFibm -- ibm_jazz_foundation
*IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379.2018-03-23not yet calculatedCVE-2017-1655
CONFIRM
BID
MISCibm -- ibm_jazz_foundation
*IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006.2018-03-23not yet calculatedCVE-2017-1762
CONFIRM
BID
MISCibm -- ibm_jazz_foundation
*IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127.2018-03-23not yet calculatedCVE-2017-1629
CONFIRM
BID
MISCibm -- ibm_jazz_foundation
*IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.2018-03-23not yet calculatedCVE-2017-1524
CONFIRM
BID
MISCibm -- ibm_jazz_foundation
*IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221.2018-03-20not yet calculatedCVE-2015-7449
CONFIRM
XFibm -- mq_appliance
*IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077.2018-03-23not yet calculatedCVE-2018-1429
CONFIRM
BID
SECTRACK
MISCibm -- predictive_solutions_foundation
*IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.2018-03-22not yet calculatedCVE-2016-9711
CONFIRM
MISCibm -- rational_collaborative_lifecycle_management
*IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.2018-03-23not yet calculatedCVE-2017-1602
CONFIRM
BID
MISCibm -- tivoli_monitoring_v6
*IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.2018-03-22not yet calculatedCVE-2017-1789
CONFIRM
MISCibm -- websphere_application_server_9
*IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031.2018-03-22not yet calculatedCVE-2017-1788
CONFIRM
MISCidentityserver -- identityserver4
*IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.2018-03-22not yet calculatedCVE-2018-8899
MISC
MISC
MISC
MISCimagemagick -- imagemagick
*WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.2018-03-20not yet calculatedCVE-2018-8804
CONFIRMimagemagick -- imagemagick
*The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.2018-03-23not yet calculatedCVE-2018-8960
MISCintel -- sgx_sdk
*Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.2018-03-20not yet calculatedCVE-2018-3626
BID
CONFIRMintel -- software_guard_extensions_platform_software_compon ent
*An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator.2018-03-20not yet calculatedCVE-2017-5736
BID
CONFIRMinvision_power_board -- invision_power_board
*SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.2018-03-20not yet calculatedCVE-2014-4928
MISCjboss -- enterprise_application_platform_and_application_se rverThe Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed.2018-03-19not yet calculatedCVE-2014-3626
CONFIRMjoyent_smartos -- joyent_smartos
*This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106.2018-03-19not yet calculatedCVE-2018-1171
CONFIRM
MISCjoyplus-cms -- joyplus-cms
*joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter.2018-03-18not yet calculatedCVE-2018-8767
MISCjoyplus-cms -- joyplus-cms
*joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.2018-03-18not yet calculatedCVE-2018-8766
MISCjungo_connectivity -- driverwizard_windriver
*windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file.2018-03-20not yet calculatedCVE-2018-8821
MISCjupyter_notebook -- jupyter_notebook
*In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.2018-03-18not yet calculatedCVE-2018-8768
CONFIRMk_okada -- vix
*Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-03-22not yet calculatedCVE-2018-0540
JVNkagaminokuni -- php_2chbbs
*Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0535
JVNkamailio -- kamailio
*A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.2018-03-20not yet calculatedCVE-2018-8828
MISC
MISC
DEBIANkentico -- kentico
*Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.2018-03-23not yet calculatedCVE-2017-17736
MISCkentico -- kentico
*Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.2018-03-19not yet calculatedCVE-2018-6842
MISCkentico -- kentico
*Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.2018-03-19not yet calculatedCVE-2018-6843
MISClibav -- libav
*The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.2018-03-22not yet calculatedCVE-2017-18242
MISClibav -- libav
*The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file.2018-03-23not yet calculatedCVE-2017-18245
MISClibav -- libav
*The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file.2018-03-23not yet calculatedCVE-2017-18247
MISClibav -- libav
*The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.2018-03-22not yet calculatedCVE-2017-18244
MISClibav -- libav
*The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file.2018-03-23not yet calculatedCVE-2017-18246
MISClibav -- libav
*The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.2018-03-22not yet calculatedCVE-2017-18243
MISClibevt -- libevt
*The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size.2018-03-17not yet calculatedCVE-2018-8754
MISClibming -- libming
*In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.2018-03-24not yet calculatedCVE-2018-9009
MISClibming -- libming
*In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8961
MISClibming -- libming
*In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8962
MISClibming -- libming
*In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8964
MISClibming -- libming
*In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-20not yet calculatedCVE-2018-8807
MISClibming -- libming
*In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8963
MISClibming -- libming
*In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file.2018-03-20not yet calculatedCVE-2018-8806
MISClibressl -- libressl
*The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.2018-03-24not yet calculatedCVE-2018-8970
MISC
MISC
MISClibtiff -- libtiff
*In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.2018-03-22not yet calculatedCVE-2018-8905
MISC
MISClinux -- linux_kernel
*A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.2018-03-16not yet calculatedCVE-2018-1068
BID
CONFIRM
CONFIRM
CONFIRM
MLIST
MLISTlinux -- linux_kernel
*fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.2018-03-21not yet calculatedCVE-2017-18241
MISC
MISClinux -- linux_kernel
*Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.2018-03-20not yet calculatedCVE-2018-8822
BID
CONFIRMlunarnight -- laboratory_webproxy
*Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0542
JVNmalwarebytes -- anti-malware_consumer_version
*A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.2018-03-21not yet calculatedCVE-2016-10717
MISC
MISC
MISC
MISC
MISCmaradns -- maradns
*Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error.2018-03-20not yet calculatedCVE-2014-2031
CONFIRM
MLIST
SECTRACK
CONFIRM
XFmaradns -- maradns
*Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation.2018-03-20not yet calculatedCVE-2014-2032
CONFIRM
MLIST
BID
SECTRACK
CONFIRM
XFmeco -- usb_memory_stick_with_fingerprint_mecoziolsamde601 _devices
*An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.2018-03-22not yet calculatedCVE-2017-16242
MISC
MISC
MISC
MISCmicro_focus -- netiq_edirectory
*Addresses denial of service attack to eDirectory versions prior to 9.1.2018-03-21not yet calculatedCVE-2018-1346
BID
CONFIRMmicro_focus -- netiq_imanager
*The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.2018-03-21not yet calculatedCVE-2018-1347
BID
CONFIRMmicro_focus -- netiq_imanager
*NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.2018-03-21not yet calculatedCVE-2018-1345
CONFIRMmicro_focus -- netiq_imanager
*Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.12018-03-21not yet calculatedCVE-2018-1344
CONFIRMmikrotik -- routeros_smb
*A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.2018-03-19not yet calculatedCVE-2018-7445
FULLDISC
BID
MISC
EXPLOIT-DBmisp -- misp
*In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.2018-03-23not yet calculatedCVE-2018-8948
CONFIRMmisp -- misp
*An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.2018-03-23not yet calculatedCVE-2018-8949
CONFIRMncr -- s1_dispenser_controller
*Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.2018-03-20not yet calculatedCVE-2017-17668
CONFIRMncr -- s2_dispenser_controller
*Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.2018-03-20not yet calculatedCVE-2018-5717
CONFIRMnessus -- nessus
*When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.2018-03-20not yet calculatedCVE-2018-1141
SECTRACK
CONFIRMnetpbm -- netpbm
*The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.2018-03-24not yet calculatedCVE-2018-8975
MISCnetwide_assembler -- netwide_assembler
*Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.2018-03-20not yet calculatedCVE-2018-8883
MISCnetwide_assembler -- netwide_assembler
*Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.2018-03-20not yet calculatedCVE-2018-8881
MISCnetwide_assembler -- netwide_assembler
*Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.2018-03-20not yet calculatedCVE-2018-8882
MISComron -- cx-supervisor
*In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets.2018-03-21not yet calculatedCVE-2018-7515
BID
MISComron -- cx-supervisor
*In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability.2018-03-21not yet calculatedCVE-2018-7517
BID
MISComron -- cx-supervisor
*In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.2018-03-21not yet calculatedCVE-2018-7519
BID
MISComron -- cx-supervisor
*In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.2018-03-21not yet calculatedCVE-2018-7521
BID
MISComron -- cx-supervisor
*In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.2018-03-21not yet calculatedCVE-2018-7523
BID
MISComron -- cx-supervisor
*In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.2018-03-21not yet calculatedCVE-2018-7525
BID
MISComron -- cx-supervisor
*In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.2018-03-21not yet calculatedCVE-2018-7513
BID
MISCopen_web_analytics -- open_web_analytics
*Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.2018-03-20not yet calculatedCVE-2014-1457
CONFIRM
BID
XF
MISCopenbuildservice -- openbuildservice
*In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.2018-03-20not yet calculatedCVE-2011-3178
CONFIRM
CONFIRMopencart -- opencart
*The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.2018-03-20not yet calculatedCVE-2014-3990
MISC
MISC
FULLDISC
BUGTRAQ
BID
CONFIRMopendaylight -- opendaylight
*OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.2018-03-16not yet calculatedCVE-2018-1078
MISC
CONFIRMopenscape_development_service -- openscape_development_service
*SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2018-03-19not yet calculatedCVE-2014-2652
CONFIRMopmantek -- open-audit_professional
*Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.2018-03-22not yet calculatedCVE-2018-8903
MISCotcms -- otcms
*OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.2018-03-24not yet calculatedCVE-2018-8973
MISCowncloud -- owncloud
*Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.2018-03-20not yet calculatedCVE-2014-1665
MISC
BID
XF
MISC
EXPLOIT-DBphilips -- intellispace_cardiovascular_application
*Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information.2018-03-20not yet calculatedCVE-2018-5438
BID
MISC
CONFIRMphpok -- phpok
*PHPOK 4.8.338 has an arbitrary file upload vulnerability.2018-03-22not yet calculatedCVE-2018-8944
MISCphpshe -- phpshe
*There is a SQL injection in the PHPSHE 1.6 userbank parameter.2018-03-22not yet calculatedCVE-2018-8943
MISCpivotal -- gemfire
*The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.2018-03-16not yet calculatedCVE-2016-9880
BID
CONFIRMpivotal -- pivotal_application_service
*Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.2018-03-16not yet calculatedCVE-2018-1200
BID
CONFIRMpivotal -- spring_batch_admin
*Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.2018-03-21not yet calculatedCVE-2018-1229
BID
CONFIRMpivotal -- spring_batch_admin
*Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.2018-03-21not yet calculatedCVE-2018-1230
BID
CONFIRMpivotal -- spring_boot
*Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.2018-03-19not yet calculatedCVE-2018-1196
CONFIRMprague -- smart_phones
*The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.2018-03-23not yet calculatedCVE-2017-15325
CONFIRMqos.ch_slf4j -- qos.ch_slf4j
*org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.2018-03-20not yet calculatedCVE-2018-8088
MISC
MISC
MISCradare2 -- radare2
*In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.2018-03-20not yet calculatedCVE-2018-8808
MISCradare2 -- radare2
*In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.2018-03-20not yet calculatedCVE-2018-8809
MISCradare2 -- radare2
*In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.2018-03-20not yet calculatedCVE-2018-8810
MISCradosgw -- radosgw
*In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.2018-03-19not yet calculatedCVE-2018-7262
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
FEDORArsyslog_librelp -- rsyslog_librelp
*rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.2018-03-23not yet calculatedCVE-2018-1000140
MISC
MISCseafile *-- seafile_server_and_server_professional_edition
*Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.2018-03-19not yet calculatedCVE-2014-5443
MLIST
BID
XF
CONFIRM
CONFIRMsecurebrain_corporation -- installer_of_phishwall_client_firefox_and_chrome_e dition_for_windows
*Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-03-22not yet calculatedCVE-2018-0552
JVN
CONFIRMsiemans -- simatic_and_sinumerik_and_profinet_io
*A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions), SIMATIC S7-400 H V6 (All versions), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions), SINUMERIK 840D sl (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected.2018-03-20not yet calculatedCVE-2018-4843
BID
CONFIRMsiemans -- simatic_wincc_oa_ui_for_android_and__simatic_wincc _oa_ui_for_ios
*A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.2018-03-20not yet calculatedCVE-2018-4844
BID
CONFIRMsqlite -- sqlite
*In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.2018-03-16not yet calculatedCVE-2018-8740
BID
MISC
MISC
MISC
MISCsquirrelmail -- squirrelmail
*A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.2018-03-17not yet calculatedCVE-2018-8741
MISC
SECTRACK
MISC
MISC
MISCstable.php -- stable.php
*I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user.2018-03-23not yet calculatedCVE-2018-1000139
MISC
MISCsynology -- photo_station
*Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.2018-03-22not yet calculatedCVE-2017-16771
CONFIRMsynology -- photo_station
*Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.2018-03-22not yet calculatedCVE-2017-16772
CONFIRMtenda -- ac15_router
*A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.2018-03-20not yet calculatedCVE-2018-5768
MISCtenda -- ac15_router
*An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in.2018-03-20not yet calculatedCVE-2018-5770
MISCtruecrypt -- truecrypt
*The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.2018-03-19not yet calculatedCVE-2014-2884
MLIST
MISCtruecrypt -- truecrypt
*Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.2018-03-19not yet calculatedCVE-2014-2885
MLIST
MISCubiquiti_networks -- edgeos
*Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.2018-03-22not yet calculatedCVE-2017-0935
CONFIRM
MISCubiquiti_networks -- edgeos
*Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.2018-03-22not yet calculatedCVE-2017-0932
CONFIRM
MISCubiquiti_networks -- edgeos
*Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.2018-03-22not yet calculatedCVE-2017-0933
CONFIRM
MISCubiquiti_networks -- edgeos
*Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.2018-03-22not yet calculatedCVE-2017-0934
CONFIRM
MISCucopia -- wireless_appliance_devices
*Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.2018-03-22not yet calculatedCVE-2017-17743
MISCunboundid -- ldap_sdk_for_java
*UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldap...f1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.2018-03-16not yet calculatedCVE-2018-1000134
BID
CONFIRMusers.php -- users.php
*I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.2018-03-23not yet calculatedCVE-2018-1000137
MISCwampserver -- wampserver
*Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.2018-03-19not yet calculatedCVE-2018-8732
MISCwestern_bridge -- cobub_razor


*Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.2018-03-18not yet calculatedCVE-2018-8770
MISCwindows_optimization_master -- windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003.2018-03-24not yet calculatedCVE-2018-8994
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007.2018-03-24not yet calculatedCVE-2018-8996
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004.2018-03-24not yet calculatedCVE-2018-8997
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010.2018-03-24not yet calculatedCVE-2018-8990
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002.2018-03-24not yet calculatedCVE-2018-8995
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009.2018-03-24not yet calculatedCVE-2018-8991
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.2018-03-24not yet calculatedCVE-2018-8993
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005.2018-03-24not yet calculatedCVE-2018-8992
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006.2018-03-24not yet calculatedCVE-2018-8989
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008.2018-03-24not yet calculatedCVE-2018-8988
MISCwindows_optimization_master -- windows_optimization_master
*In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000.2018-03-22not yet calculatedCVE-2018-8904
MISCwordpress -- wordpress
*Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.2018-03-19not yet calculatedCVE-2014-2274
MISC
CONFIRMwordpress -- wordpress
*A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.2018-03-19not yet calculatedCVE-2018-7422
MISC
MISCwordpress -- wordpress
*Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.2018-03-19not yet calculatedCVE-2014-2674
MISCwordpress -- wordpress
*Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.2018-03-19not yet calculatedCVE-2014-2550
XF
MISC
CONFIRMwordpress -- wordpress
*Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php.2018-03-19not yet calculatedCVE-2014-2675
MISCwordpress -- wordpress
*Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.2018-03-19not yet calculatedCVE-2014-2297
BUGTRAQxiuno_bbs -- xiuno_bbs
*Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.2018-03-22not yet calculatedCVE-2018-8942
MISCyii -- yii
*The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.2018-03-21not yet calculatedCVE-2018-7269
CONFIRMyii -- yii
*Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.2018-03-21not yet calculatedCVE-2018-8073
CONFIRMyii -- yii
*Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.2018-03-21not yet calculatedCVE-2018-8074
CONFIRMyxcms -- yxcms
*Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbo ok.php or protected\apps\default\view\mobile\extend_guestboo k.php in an index.php?r=default/column/index&col=guestbook request.2018-03-20not yet calculatedCVE-2018-8805
MISCyxcms -- yxcms
*protected\apps\member\controller\shopcarControlle r.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.2018-03-19not yet calculatedCVE-2018-8761
MISCyzmcms -- yzmcms
*Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.2018-03-18not yet calculatedCVE-2018-8756
MISC
MISCzarafa -- zarafa_collaboration_platform
*Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.2018-03-19not yet calculatedCVE-2014-5450
FEDORA
FEDORA
MLIST
BID
CONFIRM
XFzzcms -- zzcms
*An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.2018-03-24not yet calculatedCVE-2018-8966
MISCzzcms -- zzcms
*An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-03-24not yet calculatedCVE-2018-8965
MISCzzcms -- zzcms
*An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.2018-03-24not yet calculatedCVE-2018-8967
MISCzzcms -- zzcms
*An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-03-24not yet calculatedCVE-2018-8968
MISCzzcms -- zzcms
*An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-03-24not yet calculatedCVE-2018-8969
@#684#Back to top
This product is provided subject to this Notification and this Privacy & Use policy.




More...
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 07:20 AM.


Powered by vBulletin, Jelsoft Enterprises Ltd.