|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB18-134: Vulnerability Summary for the Week of May 7, 2018
SB18-134: Vulnerability Summary for the Week of May 7, 2018
05-14-2018 04:17 AM Original release date: May 14, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info389-ds-base -- 389-ds-base *389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.2018-05-09not yet calculatedCVE-2018-1089 BID REDHAT CONFIRMabcm2ps -- abcm2ps *Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-06not yet calculatedCVE-2018-10771 MISC MISCabsolute_software -- computrace_agent *Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted.2018-05-11not yet calculatedCVE-2009-5150 MISCabsolute_software -- computrace_agent *The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes.2018-05-11not yet calculatedCVE-2009-5151 MISCabsolute_software -- computrace_agent *Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file.2018-05-11not yet calculatedCVE-2009-5152 MISCadmin-cli -- admin-cli *admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.2018-05-11not yet calculatedCVE-2016-8627 REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRMadvantech -- webaccess *Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.2018-05-09not yet calculatedCVE-2017-5175 BID MISCalps -- pointing-device_driver *An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.2018-05-09not yet calculatedCVE-2018-10828 MISC EXPLOIT-DBapache -- derby *In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.2018-05-07not yet calculatedCVE-2018-1313 BID MLISTbibutils -- bibutils *NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml.2018-05-07not yet calculatedCVE-2018-10775 MISCbibutils -- bibutils *NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml.2018-05-07not yet calculatedCVE-2018-10773 MISCbibutils -- bibutils *Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.2018-05-07not yet calculatedCVE-2018-10774 MISCbitpie -- bitpie *The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).2018-05-08not yet calculatedCVE-2018-10812 MISCbrave -- brave *A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element.2018-05-08not yet calculatedCVE-2018-10799 MISCbrave -- brave *A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second.2018-05-08not yet calculatedCVE-2018-10798 MISCcsp -- mysql_user_manager *CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.2018-05-05not yet calculatedCVE-2018-10757 MISC MISC EXPLOIT-DBd-link -- dir-629-b1_devices *The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.2018-05-12not yet calculatedCVE-2018-10996 MISCd-link -- dir-868l_devices *CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.2018-05-09not yet calculatedCVE-2018-10957 MISCdell_emc -- unity_operating_environment *Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.2018-05-08not yet calculatedCVE-2018-1239 FULLDISC BIDdevicelock -- plug_and_play_auditor *DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).2018-05-10not yet calculatedCVE-2018-10655 MISC MISC EXPLOIT-DBeasy_hosting_control_panel -- easy_hosting_control_panel *Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.2018-05-11not yet calculatedCVE-2018-6362 MISC MISCeasy_hosting_control_panel -- easy_hosting_control_panel *Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt.2018-05-11not yet calculatedCVE-2018-6619 MISC MISCeasy_hosting_control_panel -- easy_hosting_control_panel *Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.2018-05-11not yet calculatedCVE-2018-6361 MISC MISCeasy_hosting_control_panel -- easy_hosting_control_panel *Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage.2018-05-11not yet calculatedCVE-2018-6618 MISC MISCeasy_hosting_control_panel -- easy_hosting_control_panel *Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.2018-05-11not yet calculatedCVE-2018-6458 MISC MISCeasy_hosting_control_panel -- easy_hosting_control_panel *Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.2018-05-11not yet calculatedCVE-2018-6617 MISC MISCethereum -- aurora_dao_token *The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack.2018-05-08not yet calculatedCVE-2018-10705 MISCethereum -- koreashow_token *An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.2018-05-10not yet calculatedCVE-2018-10973 MISCethereum -- social_chain_tokenAn integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue.2018-05-10not yet calculatedCVE-2018-10706 MISCexiv2 -- exiv2 *An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.2018-05-12not yet calculatedCVE-2018-10998 MISCexiv2 -- exiv2 *An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.2018-05-12not yet calculatedCVE-2018-10999 MISCexiv2 -- exiv2 *Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.2018-05-07not yet calculatedCVE-2018-10780 MISCexiv2 -- exiv2 *In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.2018-05-09not yet calculatedCVE-2018-10958 MISCexiv2 -- exiv2 *The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.2018-05-06not yet calculatedCVE-2018-10772 MISCfastweb -- fastgate_0.00.47_devices *Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.2018-05-11not yet calculatedCVE-2018-6023 MISC EXPLOIT-DBfortinet -- fortiwlc *The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.2018-05-08not yet calculatedCVE-2017-17540 BID CONFIRMfortinet -- fortiwlc *The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.2018-05-08not yet calculatedCVE-2017-17539 BID CONFIRMfoxconn_electronics -- femto_ap-fc4064-t_ap_gt_b38_5.8.3lb15-w47_lteCross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser.2018-05-09not yet calculatedCVE-2018-9111 MISCfoxconn_electronics -- femto_ap-fc4064-t_ap_gt_b38_5.8.3lb15-w47_lte *A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies.2018-05-09not yet calculatedCVE-2018-9112 MISCfree_lossless_image_format -- free_lossless_image_format *An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.2018-05-10not yet calculatedCVE-2018-10972 MISCfree_lossless_image_format -- free_lossless_image_format *An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file.2018-05-10not yet calculatedCVE-2018-10971 MISCfreebsd -- freebsdIn FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.2018-05-08not yet calculatedCVE-2018-6921 BID CONFIRMfreebsd -- freebsd *In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.2018-05-08not yet calculatedCVE-2018-6920 BID CONFIRMfrog_cms -- frog_cms *An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.2018-05-08not yet calculatedCVE-2018-10806 MISCgnu -- gnu_wget *GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.2018-05-06not yet calculatedCVE-2018-0494 BID SECTRACK MISC MLIST MISC MISC MISC UBUNTU UBUNTU DEBIAN EXPLOIT-DBgoogle -- android *In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289.2018-05-10not yet calculatedCVE-2017-6289 BID CONFIRMgoogle -- android *In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246.2018-05-10not yet calculatedCVE-2018-6246 CONFIRMgoogle -- android *In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-69377364. Reference: N-CVE-2017-6293.2018-05-10not yet calculatedCVE-2017-6293 BID CONFIRMgoogle -- android *In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254.2018-05-10not yet calculatedCVE-2018-6254 CONFIRMhaproxy -- haproxy *An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.2018-05-09not yet calculatedCVE-2018-10184 CONFIRM CONFIRMhawtio -- hawtio *hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.2018-05-08not yet calculatedCVE-2017-2594 BID CONFIRM CONFIRMhuawei -- hirouter-cd20_and_ws5200_home_gateway_products *Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.2018-05-10not yet calculatedCVE-2018-7933 CONFIRMhuawei -- ibmc_products *Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.2018-05-10not yet calculatedCVE-2018-7941 CONFIRMhuawei -- mate_10_and_mate_10_pro_smart_phones *Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.2018-05-10not yet calculatedCVE-2018-7940 CONFIRMhwinfo -- amd64_kernel_driver *HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.2018-05-09not yet calculatedCVE-2018-8060 MISChwinfo -- amd64_kernel_driver *HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write.2018-05-09not yet calculatedCVE-2018-8061 MISCibm -- cognos_analytics *IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.2018-05-07not yet calculatedCVE-2018-1413 CONFIRM BID SECTRACK XFibm -- websphere_application_server *IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.2018-05-04not yet calculatedCVE-2017-1743 CONFIRM BID SECTRACK XFicewarp -- icewarp_mail_server *Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.2018-05-08not yet calculatedCVE-2015-1503 MISC EXPLOIT-DB MISCimagemagick -- imagemagick *ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.2018-05-08not yet calculatedCVE-2018-10804 MISCimagemagick -- imagemagick *ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.2018-05-08not yet calculatedCVE-2018-10805 MISCimpinj -- speedway_connect_r420_rfid_reader *An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions.2018-05-11not yet calculatedCVE-2018-5304 MISCimpinj -- speedway_connect_r420_rfid_reader *An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user.2018-05-11not yet calculatedCVE-2018-5303 MISCintel -- integrated_performance_primitives_cryptography_lib rary *Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 do not properly ensure constant execution time.2018-05-10not yet calculatedCVE-2018-3617 CONFIRMintel -- nuc_kits *Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).2018-05-10not yet calculatedCVE-2018-3612 CONFIRMintel -- wireless-ac_products *DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.2018-05-10not yet calculatedCVE-2018-3649 CONFIRMjasper -- jasper *There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.2018-05-04not yet calculatedCVE-2018-9154 MISCjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.2018-05-08not yet calculatedCVE-2018-1000176 CONFIRMjenkins -- jenkins *An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.2018-05-08not yet calculatedCVE-2018-1000174 CONFIRMjenkins -- jenkins *A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.2018-05-08not yet calculatedCVE-2018-1000177 CONFIRMjenkins -- jenkins *A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.2018-05-08not yet calculatedCVE-2018-1000173 CONFIRMjenkins -- jenkins *Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.2018-05-08not yet calculatedCVE-2017-2606 BID CONFIRM CONFIRM CONFIRMjenkins -- jenkins *A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.2018-05-08not yet calculatedCVE-2018-1000175 CONFIRMjenkins -- jenkins *Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.2018-05-08not yet calculatedCVE-2017-2611 BID CONFIRM CONFIRM CONFIRMjenkins -- jenkins *Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.2018-05-10not yet calculatedCVE-2017-2601 BID CONFIRM CONFIRM CONFIRMkde_project -- kwallet *kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.2018-05-08not yet calculatedCVE-2018-10380 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMkongtop -- dvr_devices *KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.2018-05-08not yet calculatedCVE-2018-10734 MISC MISC MISClantech -- ids_2102 *In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).2018-05-04not yet calculatedCVE-2018-8869 BID MISClantech -- ids_2102 *In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).2018-05-04not yet calculatedCVE-2018-8865 BID MISClenovo -- system_update *MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.2018-05-04not yet calculatedCVE-2018-9063 BID CONFIRMlibgxps -- libgxps *There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.2018-05-06not yet calculatedCVE-2018-10767 MISClibnghttp2 -- libnghttp2 *nghttp2 version >= 1.10.0 and nghttp2 = 1.31.1.2018-05-08not yet calculatedCVE-2018-1000168 CONFIRMlibtiff -- libtiff *TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.2018-05-08not yet calculatedCVE-2018-10801 MISClibtiff -- libtiff *TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.2018-05-07not yet calculatedCVE-2018-10779 MISC BIDlibtiff -- libtiff *The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.2018-05-09not yet calculatedCVE-2018-10963 MISCliferay -- liferay *Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI.2018-05-07not yet calculatedCVE-2018-10795 MISClilypond -- lilypond *lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.2018-05-11not yet calculatedCVE-2018-10992 MISClinux -- linux_kernel *Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.2018-05-10not yet calculatedCVE-2018-1130 CONFIRM CONFIRM MLIST MISClinux -- linux_kernel *The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.2018-05-09not yet calculatedCVE-2018-10940 MISC MISC MISClinux -- linux_kernel *Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.2018-05-10not yet calculatedCVE-2018-1118 CONFIRMlitecart -- litecart *LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.2018-05-09not yet calculatedCVE-2018-10827 MISCmicrosoft -- .net_and_.net_core *A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.2018-05-09not yet calculatedCVE-2018-0765 BID SECTRACK CONFIRMmicrosoft -- .net *A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.2018-05-09not yet calculatedCVE-2018-1039 BID SECTRACK CONFIRMmicrosoft -- azure *A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.2018-05-09not yet calculatedCVE-2018-8119 BID CONFIRMmicrosoft -- chakracore_and_internet_explorer_and_edge *An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-8145 BID SECTRACK CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.2018-05-09not yet calculatedCVE-2018-8179 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0945 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.2018-05-09not yet calculatedCVE-2018-8139 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8137 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-0943 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-8133 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8128 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0953 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-8130 BID SECTRACK CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.2018-05-09not yet calculatedCVE-2018-8177 BID CONFIRMmicrosoft -- edge_and_chakracore *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0946 BID SECTRACK CONFIRMmicrosoft -- edge *A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.2018-05-09not yet calculatedCVE-2018-8112 BID SECTRACK CONFIRMmicrosoft -- edge *An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.2018-05-09not yet calculatedCVE-2018-8123 BID SECTRACK CONFIRMmicrosoft -- edge *An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.2018-05-09not yet calculatedCVE-2018-1021 BID SECTRACK CONFIRMmicrosoft -- edge *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0951 BID SECTRACK CONFIRMmicrosoft -- exchange_serverAn elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.2018-05-09not yet calculatedCVE-2018-8152 BID SECTRACK CONFIRMmicrosoft -- exchange_server *An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.2018-05-09not yet calculatedCVE-2018-8151 BID SECTRACK CONFIRMmicrosoft -- exchange_server *A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.2018-05-09not yet calculatedCVE-2018-8154 BID SECTRACK CONFIRMmicrosoft -- exchange_server *An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.2018-05-09not yet calculatedCVE-2018-8159 BID SECTRACK CONFIRMmicrosoft -- exchange_server *A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.2018-05-09not yet calculatedCVE-2018-8153 BID SECTRACK CONFIRMmicrosoft -- infopath *A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath.2018-05-09not yet calculatedCVE-2018-8173 BID SECTRACK CONFIRMmicrosoft -- internet_explorer_and_chakracore_and_edge *A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0954 BID SECTRACK CONFIRMmicrosoft -- internet_explorer_and_edgeAn information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.2018-05-09not yet calculatedCVE-2018-1025 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8122 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0955 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8114 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.2018-05-09not yet calculatedCVE-2018-8126 BID SECTRACK CONFIRMmicrosoft -- multiple_products *A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-0824 BID SECTRACK CONFIRMmicrosoft -- multiple_products *A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.2018-05-09not yet calculatedCVE-2018-8178 BID SECTRACK CONFIRMmicrosoft -- multiple_products *A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-1022 BID SECTRACK CONFIRMmicrosoft -- office_and_excel *An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.2018-05-09not yet calculatedCVE-2018-8163 BID SECTRACK CONFIRMmicrosoft -- office_and_excel *A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.2018-05-09not yet calculatedCVE-2018-8148 BID SECTRACK CONFIRMmicrosoft -- office_and_excel *A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.2018-05-09not yet calculatedCVE-2018-8147 BID SECTRACK CONFIRMmicrosoft -- office_and_excel *A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148.2018-05-09not yet calculatedCVE-2018-8162 BID SECTRACK CONFIRMmicrosoft -- office_and_word_and_sharepoint *A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.2018-05-09not yet calculatedCVE-2018-8161 BID SECTRACK CONFIRMmicrosoft -- office_and_word *An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.2018-05-09not yet calculatedCVE-2018-8160 BID SECTRACK CONFIRMmicrosoft -- office *A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.2018-05-09not yet calculatedCVE-2018-8157 BID SECTRACK CONFIRMmicrosoft -- office *A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161.2018-05-09not yet calculatedCVE-2018-8158 BID SECTRACK CONFIRMmicrosoft -- office *A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.2018-05-09not yet calculatedCVE-2018-8150 BID SECTRACK CONFIRMmicrosoft -- sharepoint_and_project_server *An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.2018-05-09not yet calculatedCVE-2018-8156 BID SECTRACK CONFIRMmicrosoft -- sharepoint_and_project_server *An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156.2018-05-09not yet calculatedCVE-2018-8168 BID SECTRACK CONFIRMmicrosoft -- sharepoint_server_and_sharepoint *An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168.2018-05-09not yet calculatedCVE-2018-8149 BID SECTRACK CONFIRMmicrosoft -- sharepoint *An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.2018-05-09not yet calculatedCVE-2018-8155 BID SECTRACK CONFIRMmicrosoft -- windowsAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141.2018-05-09not yet calculatedCVE-2018-8127 BID SECTRACK CONFIRMmicrosoft -- windowsA remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8136 BID SECTRACK CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166.2018-05-09not yet calculatedCVE-2018-8164 BID CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.2018-05-09not yet calculatedCVE-2018-8120 BID SECTRACK CONFIRMmicrosoft -- windowsA remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-0959 BID SECTRACK CONFIRMmicrosoft -- windows_scripting_host *A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132.2018-05-09not yet calculatedCVE-2018-0854 BID SECTRACK CONFIRMmicrosoft -- windows *A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132.2018-05-09not yet calculatedCVE-2018-0958 BID SECTRACK CONFIRMmicrosoft -- windows *A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-0961 BID SECTRACK CONFIRMmicrosoft -- windows *An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8134 BID SECTRACK CONFIRMmicrosoft -- windows *A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129.2018-05-09not yet calculatedCVE-2018-8132 BID SECTRACK CONFIRMmicrosoft -- windows *A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8174 CONFIRMmicrosoft -- windows *An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164.2018-05-09not yet calculatedCVE-2018-8166 BID CONFIRMmicrosoft -- windows *An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8170 BID SECTRACK CONFIRMmicrosoft -- windows *A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132.2018-05-09not yet calculatedCVE-2018-8129 BID SECTRACK CONFIRMmicrosoft -- windows *An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127.2018-05-09not yet calculatedCVE-2018-8141 BID SECTRACK CONFIRMmicrosoft -- windows *An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166.2018-05-09not yet calculatedCVE-2018-8124 BID SECTRACK CONFIRMmicrosoft -- windows *An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8165 BID CONFIRMmicrosoft -- windows *An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8167 BID CONFIRMmodbuspal -- modbuspal *ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.2018-05-11not yet calculatedCVE-2018-10832 MISC EXPLOIT-DBmp3gain -- mp3gain *The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact.2018-05-07not yet calculatedCVE-2018-10776 MISCmp3gain -- mp3gain *Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409.2018-05-07not yet calculatedCVE-2018-10778 MISCmp3gain -- mp3gain *Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-07not yet calculatedCVE-2018-10777 MISCmultiple_vendors -- os_kernels *A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.2018-05-08not yet calculatedCVE-2018-8897 MISC MISC MISC BID SECTRACK SECTRACK SECTRACK SECTRACK SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT MISC MISC MISC MISC MISC CONFIRM MISC UBUNTU DEBIAN MISC CONFIRM MISC MISCmybb -- mybb *The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.2018-05-11not yet calculatedCVE-2018-10580 MISC EXPLOIT-DBmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14474 MISCmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14479 MISCmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14478 MISCmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14477 MISCmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14475 MISCmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14480 MISCmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14476 MISCmysql -- multi-master_replication_manager *In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14481 MISCopmantek -- open-audit_community *Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.2018-05-09not yet calculatedCVE-2018-10314 MISC EXPLOIT-DBphilips -- brilliance_ct_kiosk_environment *Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.2018-05-04not yet calculatedCVE-2018-8861 BID MISC CONFIRMphilips -- brilliance_ct_scanners *Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system.2018-05-04not yet calculatedCVE-2018-8853 BID MISC CONFIRMphilips -- brilliance_ct_software *Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.2018-05-04not yet calculatedCVE-2018-8857 BID MISC CONFIRMpivotal -- application_service *Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.2018-05-11not yet calculatedCVE-2018-1278 CONFIRMpivotal -- greenplum_command_center *Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.2018-05-11not yet calculatedCVE-2018-1280 CONFIRMpivotal -- spring-integration-zip *Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.2018-05-11not yet calculatedCVE-2018-1261 CONFIRMpivotal -- spring_cloud_sso_connector *Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.2018-05-07not yet calculatedCVE-2018-1256 CONFIRMpivotal -- spring_data_commons *Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.2018-05-11not yet calculatedCVE-2018-1259 CONFIRMpivotal -- spring_security_oauth *Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.2018-05-11not yet calculatedCVE-2018-1260 CONFIRMpivotal – spring_framework *Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.2018-05-11not yet calculatedCVE-2018-1257 CONFIRMpivotal – spring_security_and_spring_framework *Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.2018-05-11not yet calculatedCVE-2018-1258 CONFIRMpoppler -- poppler *The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.2018-05-10not yet calculatedCVE-2017-18267 CONFIRMpoppler -- poppler *There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.2018-05-06not yet calculatedCVE-2018-10768 MISCpostgresql -- postgresql *postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.2018-05-10not yet calculatedCVE-2018-1115 CONFIRM CONFIRMprestashop -- prestashop *modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.2018-05-09not yet calculatedCVE-2018-8824 MISCprestashop -- prestashop *modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.2018-05-09not yet calculatedCVE-2018-10942 MISCprosody -- prosody *Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module.2018-05-09not yet calculatedCVE-2017-18265 MISC MISC MISC MISC DEBIANpulse_secure -- pulse_connect_securePulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.2018-05-10not yet calculatedCVE-2018-9849 CONFIRMpuppet -- puppet_enterprise_console *A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.2018-05-08not yet calculatedCVE-2018-6510 CONFIRMpuppet -- puppet_enterprise_console *A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.2018-05-08not yet calculatedCVE-2018-6511 CONFIRMpython-oslo-middleware -- python-oslo-middleware *python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).2018-05-08not yet calculatedCVE-2017-2592 CONFIRM REDHAT REDHAT BID CONFIRM CONFIRM MISC CONFIRM MISC MISC MISCquassel -- quassel *A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.2018-05-08not yet calculatedCVE-2018-1000178 CONFIRM MISC MLIST DEBIANquassel -- quassel *A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.2018-05-08not yet calculatedCVE-2018-1000179 CONFIRM DEBIANred_lion -- controls_sixnet-managed_industrial_switches_and_automationdirect_s tride-managed_ethernet_switches *A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.2018-05-09not yet calculatedCVE-2016-9335 MISCrockwell_automation -- factorytalk_activation_products *Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.2018-05-11not yet calculatedCVE-2017-6015 BID MISC MISCrsa -- authentication_manager *RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application.2018-05-08not yet calculatedCVE-2018-1247 FULLDISC BID SECTRACKrsa -- authentication_manager *RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains.2018-05-08not yet calculatedCVE-2018-1248 FULLDISC BID SECTRACKruibaby/halo -- ruibaby/halo *ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.2018-05-12not yet calculatedCVE-2018-11012 MISCruibaby/halo -- ruibaby/halo *ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.2018-05-12not yet calculatedCVE-2018-11011 MISCsap -- enterprise_financial_services *SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.2018-05-09not yet calculatedCVE-2018-2419 BID CONFIRM MISCsap -- identity_management *SAP Identity Management 8.0 does not sufficiently validate an XML document accepted from an untrusted source.2018-05-09not yet calculatedCVE-2018-2416 BID CONFIRM MISCsap -- identity_management *Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.2018-05-09not yet calculatedCVE-2018-2417 BID CONFIRM MISCsap -- internet_graphics_server_and_rfc_listener *SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.2018-05-09not yet calculatedCVE-2018-2423 BID CONFIRM MISCsap -- internet_graphics_server_portwatcher *SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.2018-05-09not yet calculatedCVE-2018-2422 BID CONFIRM MISCsap -- internet_graphics_server_portwatcher *SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.2018-05-09not yet calculatedCVE-2018-2421 BID CONFIRM MISCsap -- internet_graphics_server *SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.2018-05-09not yet calculatedCVE-2018-2420 BID CONFIRM MISCsap -- maxdb_odbc_driver *SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.2018-05-09not yet calculatedCVE-2018-2418 BID CONFIRM MISCsap -- netweaver_application_server_java_web_container_an d_http_service *SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.2018-05-09not yet calculatedCVE-2018-2415 BID CONFIRM MISCsdcms -- sdcms *An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.2018-05-12not yet calculatedCVE-2018-11004 MISCseveralnines -- clustercontrol *Severalnines ClusterControl before 1.6.0-4699 allows XSS.2018-05-08not yet calculatedCVE-2018-10817 MISCshanghai -- 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014.2018-05-08not yet calculatedCVE-2018-10796 MISCshanghai -- 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550.2018-05-09not yet calculatedCVE-2018-10954 MISCshanghai -- 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104.2018-05-10not yet calculatedCVE-2018-10975 MISCshanghai -- 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873.2018-05-08not yet calculatedCVE-2018-10809 MISC MISC EXPLOIT-DBshanghai -- 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548.2018-05-09not yet calculatedCVE-2018-10955 MISCshanghai -- 2345_security_guard *In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050.2018-05-10not yet calculatedCVE-2018-10976 MISCshanghai -- 2345_security_guard *In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100.2018-05-10not yet calculatedCVE-2018-10974 MISCshanghai -- 2345_security_guard *In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4.2018-05-10not yet calculatedCVE-2018-10977 MISCshanghai -- 2345_security_guard *In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.2018-05-09not yet calculatedCVE-2018-10830 MISCshanghai -- 2345_security_guard *An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered.2018-05-09not yet calculatedCVE-2018-10962 MISCshanghai -- 2345_security_guard *In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088.2018-05-09not yet calculatedCVE-2018-10952 MISCshanghai -- 2345_security_guard *In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C.2018-05-09not yet calculatedCVE-2018-10953 MISCshenzhen_anni -- 5_in_1_xvr_devices *download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.2018-05-09not yet calculatedCVE-2018-10770 MISC MISCsilex_technology_and_ge_healthcare -- silex_technology_sd-320an_and_ge_healthcare_mobilelink_geh_320an *Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.2018-05-09not yet calculatedCVE-2018-6021 MISCsilex_technology_and_ge_healthcare -- silex_technology_sx-500_and_ge_healthcare_mobilelink_geh_500 *In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.2018-05-09not yet calculatedCVE-2018-6020 MISCsynology -- calendar *Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.2018-05-10not yet calculatedCVE-2018-8915 CONFIRMsynology -- drive *Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.2018-05-10not yet calculatedCVE-2018-8910 CONFIRMsynology -- media_server *SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.2018-05-10not yet calculatedCVE-2018-8914 CONFIRMsynology -- note_station *Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.2018-05-09not yet calculatedCVE-2018-8911 CONFIRMsynology -- note_station *Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.2018-05-09not yet calculatedCVE-2018-8912 CONFIRMvecna -- vgo_robot *In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network.2018-05-09not yet calculatedCVE-2018-8860 BID MISCvecna -- vgo_robot *In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.2018-05-09not yet calculatedCVE-2018-8866 BID MISCvesta -- control_panel *An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.2018-05-06not yet calculatedCVE-2018-10686 MISC MISCwildfly -- wildfly *An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution.2018-05-09not yet calculatedCVE-2018-10682 MISCxdg-utils -- xdg-utils *The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.2018-05-10not yet calculatedCVE-2017-18266 MISC MISC MISC MISCxen -- xen *An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.2018-05-10not yet calculatedCVE-2018-10982 CONFIRM CONFIRMxen -- xen *An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.2018-05-10not yet calculatedCVE-2018-10981 CONFIRM CONFIRMyxcms -- yxcms *An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.2018-05-12not yet calculatedCVE-2018-11003 MISCz-nomp -- z-nomp *Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies.2018-05-09not yet calculatedCVE-2018-10831 MISC MISCzimbra -- collaboration_suite *mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.2018-05-09not yet calculatedCVE-2018-10950 MISCzimbra -- collaboration_suite *mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.2018-05-09not yet calculatedCVE-2018-10951 MISCzimbra -- collaboration_suite *mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.2018-05-09not yet calculatedCVE-2018-10949 MISCzoho_manageengine -- netflow_analyzer *Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.2018-05-10not yet calculatedCVE-2018-10803 CONFIRMzoho_manageengine -- servicedesk_plus *An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.2018-05-11not yet calculatedCVE-2018-7248 MISC @#719#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
Sponsored Links |
|