|
|
|||||||
| Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
  |
|
|
Thread Tools | Display Modes |
|
#1
03-06-2018, 07:22 AM
|
||||
|
||||
SB18-064: Vulnerability Summary for the Week of February 26, 2018
SB18-064: Vulnerability Summary for the Week of February 26, 2018
03-04-2018 09:48 PM Original release date: March 05, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infowireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.2018-02-235.0CVE-2018-7321 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.2018-02-235.0CVE-2018-7322 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.2018-02-235.0CVE-2018-7323 BID CONFIRM CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.2018-02-235.0CVE-2018-7324 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.2018-02-235.0CVE-2018-7325 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.2018-02-235.0CVE-2018-7326 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.2018-02-235.0CVE-2018-7327 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.2018-02-235.0CVE-2018-7328 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.2018-02-235.0CVE-2018-7329 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.2018-02-235.0CVE-2018-7330 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.2018-02-235.0CVE-2018-7331 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.2018-02-235.0CVE-2018-7332 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.2018-02-235.0CVE-2018-7333 BID CONFIRM CONFIRM @#54#Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoalibaba_clone_script_project -- alibaba_clone_scriptCross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.2018-02-233.5CVE-2018-6867 EXPLOIT-DBgroupon_clone_script_project -- groupon_clone_scriptCross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.2018-02-233.5CVE-2018-6868 EXPLOIT-DBlearning_and_examination_management_system_script_ project -- learning_and_examination_management_system_scriptC ross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.2018-02-233.5CVE-2018-6866 @#60#Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3cx*-- 3cx *On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.2018-03-03not yet calculatedCVE-2018-7654 MISC MISCxpdfreader -- acroform *Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7453 MISCactivepdf*-- activepdf *The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.2018-02-28not yet calculatedCVE-2018-7264 FULLDISCadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handless TIFF data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4916 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4915 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4913 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4914 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.2018-02-27not yet calculatedCVE-2018-4910 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.2018-02-27not yet calculatedCVE-2018-4911 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4908 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4909 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4912 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.2018-02-27not yet calculatedCVE-2018-4872 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4905 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4899 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4883 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data related to graphic object image attributes. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4906 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4904 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4901 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4900 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4903 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4902 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4907 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4889 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4895 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS font processing. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4894 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that parses TIFF metadata. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4897 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4896 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4891 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack.2018-02-27not yet calculatedCVE-2018-4890 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4893 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4888 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to handling of bitmap rectangles. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4886 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Unicode mapping module that is invoked when processing Enhanced Metafile Format (EMF) data (during image conversion). A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4887 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4898 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of Enhanced Metafile Format processing engine (within the image conversion module). A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4885 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contains a malformed JBIG2 stream. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4892 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data that embeds an image in the bitmap (BMP) file format. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4884 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that reads bitmap image file (BMP) data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4881 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4882 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the conversion module that reads U3D data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4880 BID SECTRACK CONFIRMadobe*-- acrobat_reader *An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4879 BID SECTRACK CONFIRMadobe*-- experience_manager *Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.2018-02-27not yet calculatedCVE-2018-4875 BID SECTRACK CONFIRMadobe*-- experience_manager *Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.2018-02-27not yet calculatedCVE-2018-4876 BID SECTRACK CONFIRMamazon*-- music_player *This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.2018-03-01not yet calculatedCVE-2018-1169 MISCgnu -- binutils *The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.2018-03-02not yet calculatedCVE-2018-7642 MISC MISCapache -- tomcat *The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.2018-02-28not yet calculatedCVE-2018-1304 BID SECTRACK MISCapache -- tomcat *Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.2018-02-23not yet calculatedCVE-2018-1305 BID SECTRACK MISCapache*-- geode *When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.2018-02-25not yet calculatedCVE-2017-15696 MISCapache*-- geode *In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.2018-02-27not yet calculatedCVE-2017-15692 MLISTapache*-- geode *In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.2018-02-27not yet calculatedCVE-2017-15693 MLISTapache*-- james *Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.2018-02-27not yet calculatedCVE-2012-3536 MISC MISCapache*-- openmeetings *In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.2018-02-28not yet calculatedCVE-2018-1286 MLISTapache*-- traffic_server *There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.2018-02-27not yet calculatedCVE-2017-7671 MLIST DEBIANapache*-- traffic_server *There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.2018-02-27not yet calculatedCVE-2017-5660 MLIST DEBIANapache*-- xerces-c_xml_parser_library *In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.2018-03-01not yet calculatedCVE-2017-12627 MLIST CONFIRMasanhamayesh_cms*-- asanhamayesh_cms *SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.2018-02-26not yet calculatedCVE-2018-7463 MISCaxxonsoft_client -- axxon_next *AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.2018-02-27not yet calculatedCVE-2018-7467 MISCblackcat_development -- blackcat_cms *Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.2018-02-28not yet calculatedCVE-2015-5079 MISC BUGTRAQ MISCblue_river -- mura_cms *Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.2018-02-26not yet calculatedCVE-2018-7486 MISCbonitasoft -- bonita_bpmMultiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.2018-02-28not yet calculatedCVE-2015-3898 MISC BUGTRAQ MISCsuse -- linux_enterprise_software_development_kit_and_open suse_leap *The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.2018-03-01not yet calculatedCVE-2017-14804 SUSE SUSE SUSEcitrix*-- netscaler *Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.2018-03-01not yet calculatedCVE-2018-5314 BID SECTRACK CONFIRMcimg -- cimg *An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.2018-03-01not yet calculatedCVE-2018-7587 MISCcimg -- cimg *An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.2018-03-01not yet calculatedCVE-2018-7589 MISC MISCcimg -- cimg *An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.2018-03-02not yet calculatedCVE-2018-7640 MISCcimg -- cimg *An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.2018-03-02not yet calculatedCVE-2018-7639 MISCcimg -- cimg *An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.2018-03-02not yet calculatedCVE-2018-7637 MISCcimg -- cimg *An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.2018-03-02not yet calculatedCVE-2018-7638 MISCcimg -- cimg *An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.2018-03-01not yet calculatedCVE-2018-7588 MISC MISCcimg -- cimg *An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.2018-03-02not yet calculatedCVE-2018-7641 MISCcms_made_simple -- cms_made_simple *Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.2018-02-26not yet calculatedCVE-2018-7448 MISC MISC EXPLOIT-DBcomforte*-- swap *comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used on HPE NonStop systems and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.2018-02-28not yet calculatedCVE-2018-6653 CONFIRMconcrete5*-- concrete5 *An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.2018-02-26not yet calculatedCVE-2017-18195 MISC MISC MISC EXPLOIT-DBsuse -- linux_enterprise_server_for_sap *In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.2018-03-01not yet calculatedCVE-2017-9270 CONFIRM SUSE CONFIRMdayrui*-- finecms *controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '' character.2018-02-25not yet calculatedCVE-2018-7476 MISC MISCdesign_science -- mathtype *A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6638 MISC MISCdesign_science -- mathtype *An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6639 MISC MISCdesign_science -- mathtype *An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6641 MISC MISCdesign_science -- mathtype *A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6640 MISC MISCpegasystems -- pega_platform_designer_studio *An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.2018-02-27not yet calculatedCVE-2017-17478 CONFIRMflexense -- disksavvy_enterprise* *A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.2018-02-27not yet calculatedCVE-2018-6481 MISC MISC EXPLOIT-DB MISCdovecot*-- dovecot *A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.2018-03-02not yet calculatedCVE-2017-15130 MLIST CONFIRM DEBIAN MLISTdovecot*-- dovecot *A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.2018-03-02not yet calculatedCVE-2017-14461 MISC DEBIAN MLISTdrupal*-- drupal *In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.2018-03-01not yet calculatedCVE-2017-6931 MISCdrupal*-- drupal *In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.2018-03-01not yet calculatedCVE-2017-6926 MISCdrupal*-- drupal *A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.2018-03-01not yet calculatedCVE-2017-6929 MLIST DEBIAN MISCdrupal*-- drupal *Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.2018-03-01not yet calculatedCVE-2017-6932 MLIST DEBIAN MISCdrupal*-- drupal *In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().2018-03-01not yet calculatedCVE-2017-6930 MISCdrupal*-- drupal *Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.2018-03-01not yet calculatedCVE-2017-6928 MLIST DEBIAN MISCdrupal*-- drupal *Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.2018-03-01not yet calculatedCVE-2017-6927 BID MLIST DEBIAN MISCdualdesk*-- dualdesk *Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500.2018-03-03not yet calculatedCVE-2018-7583 EXPLOIT-DBgnu -- binutils *The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.2018-03-02not yet calculatedCVE-2018-7643 MISCgnu -- binutils *The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.2018-02-28not yet calculatedCVE-2018-7568 MISCgnu -- binutils *dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.2018-02-28not yet calculatedCVE-2018-7569 MISCgnu -- binutils *The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.2018-02-28not yet calculatedCVE-2018-7570 MISC MISCenalean -- tuleap *An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.2018-03-01not yet calculatedCVE-2018-7634 CONFIRMexponent_cms*-- exponent_cms* *In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.2018-03-03not yet calculatedCVE-2017-18213 MISC MISCf5 -- big-ip *On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.2018-03-01not yet calculatedCVE-2017-6154 CONFIRMf5 -- big-ip *Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).2018-03-01not yet calculatedCVE-2017-6150 CONFIRMf5 -- big-ip *In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.2018-03-01not yet calculatedCVE-2018-5501 CONFIRMf5 -- big-ip *On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.2018-03-01not yet calculatedCVE-2018-5500 CONFIRMfasterxml_jackson-databind*-- fasterxml_jackson-databind *FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.2018-02-26not yet calculatedCVE-2018-7489 CONFIRMffmpeg*-- ffmpeg *The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.2018-02-28not yet calculatedCVE-2018-7557 CONFIRMfoxit*-- mobilepdf *A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this.2018-02-26not yet calculatedCVE-2017-16813 CONFIRMfoxit*-- mobilepdf *A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files.2018-02-26not yet calculatedCVE-2017-16814 CONFIRMfreexl*-- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.2018-02-23not yet calculatedCVE-2018-7439 MISC MISC MLIST DEBIANfreexl*-- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.2018-02-23not yet calculatedCVE-2018-7435 MISC MISC MLIST DEBIANfreexl*-- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.2018-02-23not yet calculatedCVE-2018-7437 MISC MISC MLIST DEBIANfreexl*-- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.2018-02-23not yet calculatedCVE-2018-7438 MISC MISC MLIST DEBIANfreexl*-- freexl *An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.2018-02-23not yet calculatedCVE-2018-7436 MISC MISC MLIST DEBIANftpshell -- ftpshell *An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.2018-03-01not yet calculatedCVE-2018-7573 MISCgnu*-- libcdio *print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.2018-02-24not yet calculatedCVE-2017-18198 CONFIRM BID CONFIRMgnu*-- libcdio *An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.2018-02-26not yet calculatedCVE-2017-18201 BID CONFIRMgnu*-- libcdio *realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.2018-02-24not yet calculatedCVE-2017-18199 CONFIRM BID CONFIRMhoosk*-- hoosk *CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.2018-03-01not yet calculatedCVE-2018-7590 MISCvolkswagen -- customer_link_app_and_htc_customer-link_bridge *This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264.2018-03-01not yet calculatedCVE-2018-1170 MISCtenda -- ac9_devices *Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.2018-03-01not yet calculatedCVE-2018-7561 MISCibm*-- bigfix_platform *IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.2018-02-28not yet calculatedCVE-2016-0291 CONFIRM XFibm*-- bigfix_platform *Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.2018-02-28not yet calculatedCVE-2016-0295 CONFIRM XFibm*-- daeja_viewone_professional *IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435.2018-02-27not yet calculatedCVE-2018-1399 CONFIRM MISCibm*-- publishing_engine *IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.2018-03-02not yet calculatedCVE-2017-1787 CONFIRM MISCibm*-- security_guardium_big_data_intelligence *IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.2018-02-27not yet calculatedCVE-2018-1372 CONFIRM MISCibm*-- security_guardium_big_data_intelligence *IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773.2018-03-02not yet calculatedCVE-2018-1373 CONFIRM BID MISCibm*-- security_guardium_big_data_intelligence *IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778.2018-02-26not yet calculatedCVE-2018-1377 CONFIRM MISCibm*-- security_guardium_big_data_intelligence *IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818.2018-02-26not yet calculatedCVE-2017-1774 CONFIRM MISCibm*-- security_guardium_big_data_intelligence *IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.2018-02-27not yet calculatedCVE-2018-1425 CONFIRM MISCibm*-- spectrum_scale *IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.2018-03-02not yet calculatedCVE-2017-1654 CONFIRM MISCibm*-- tririga_application_platform *IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382.2018-02-28not yet calculatedCVE-2016-0299 CONFIRM XFibm*-- websphere_portal *IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.2018-02-27not yet calculatedCVE-2018-1416 CONFIRM BID MISCicinga*-- icinga *An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.2018-02-27not yet calculatedCVE-2018-6535 CONFIRM CONFIRMicinga*-- icinga *An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.2018-02-27not yet calculatedCVE-2018-6532 CONFIRMicinga*-- icinga *An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).2018-02-27not yet calculatedCVE-2018-6533 CONFIRMicinga*-- icinga *An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.2018-02-27not yet calculatedCVE-2018-6534 CONFIRMimagemagick -- imagemagick *In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.2018-03-01not yet calculatedCVE-2017-18210 MISCimagemagick -- imagemagick *In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.2018-03-01not yet calculatedCVE-2017-18211 MISCimagemagick -- imagemagick *In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.2018-03-01not yet calculatedCVE-2017-18209 MISCimagemagick*-- imagemagick *The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).2018-02-23not yet calculatedCVE-2018-7443 MISC MLISTimagemagick*-- imagemagick *An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.2018-02-25not yet calculatedCVE-2018-7470 CONFIRMsam2p*-- sam2p *There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-26not yet calculatedCVE-2018-7487 MISCwondercms*-- wondercms *In index.php in WonderCMS 2.4.0, remote attackers can delete arbitrary files via directory traversal.2018-02-27not yet calculatedCVE-2018-7172 MISCinput-bmp.ci*-- input-bmp.ci *There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7554 MISC MISCinvt_studio*-- invt_studio *INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.2018-02-25not yet calculatedCVE-2018-7472 MISCjerryscript*-- jerryscript *An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.2018-03-01not yet calculatedCVE-2017-18212 MISCxpdfreader -- xpdf *An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7455 MISCxpdfreader -- xpdf *A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7452 MISCkingview*-- kingview *KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations.2018-02-25not yet calculatedCVE-2018-7471 MISClibtiff*-- libtiff *A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)2018-02-24not yet calculatedCVE-2018-7456 MISC MISClibzypp*-- libzypp *In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.2018-03-01not yet calculatedCVE-2017-7436 CONFIRM SUSE CONFIRMlibzypp*-- libzypp *In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.2018-03-01not yet calculatedCVE-2017-7435 CONFIRM SUSE CONFIRMlibzypp*-- libzypp *In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.2018-03-01not yet calculatedCVE-2017-9269 CONFIRM SUSE CONFIRMlimesurvey*-- limesurvey *LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.2018-02-28not yet calculatedCVE-2018-7556 CONFIRMlinux*-- linux_kernel *The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.2018-03-01not yet calculatedCVE-2017-18208 MISC MISC MISClinux*-- linux_kernel *In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.2018-02-23not yet calculatedCVE-2017-15829 BID CONFIRMlinux*-- linux_kernel *In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.2018-02-23not yet calculatedCVE-2017-15820 BID CONFIRMlinux*-- linux_kernel *The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.2018-03-02not yet calculatedCVE-2018-1066 MISC MISC MISC MISClinux*-- linux_kernel *The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.2018-03-02not yet calculatedCVE-2018-1065 MISC MISC MISC MISC MISClinux*-- linux_kernel *The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.2018-02-27not yet calculatedCVE-2017-18204 MISC BID MISC MISClinux*-- linux_kernel *In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.2018-02-23not yet calculatedCVE-2017-14884 BID CONFIRMlinux*-- linux_kernel *In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.2018-02-23not yet calculatedCVE-2017-15817 BID CONFIRMlinux*-- linux_kernel *A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.2018-02-26not yet calculatedCVE-2018-7492 MISC BID MISC MISC MISC MISC MISClinux*-- linux_kernel *The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.2018-02-27not yet calculatedCVE-2017-18203 MISC MISC MISClinux*-- linux_kernel *The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.2018-02-25not yet calculatedCVE-2017-18200 CONFIRM CONFIRMlinux*-- linux_kernel *The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.2018-02-27not yet calculatedCVE-2017-18202 MISC BID MISC MISClinux*-- linux_kernel* *In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.2018-02-23not yet calculatedCVE-2017-17767 BID CONFIRMlinux*-- linux_kernel* *In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.2018-02-23not yet calculatedCVE-2017-17765 BID CONFIRMlinux*-- linux_kernel* *In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.2018-02-23not yet calculatedCVE-2017-17764 BID CONFIRMlinux*-- linux_kernel *The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.2018-02-25not yet calculatedCVE-2018-7480 MISC MISCpolicycoreutils*-- policycoreutils *Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.2018-03-02not yet calculatedCVE-2018-1063 CONFIRMlyadmin*-- lyadmin *lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.2018-02-27not yet calculatedCVE-2018-7547 MISCsam2p*-- sam2p *There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7552 MISC MISCmicro_focus*-- operations_orchestration_software *Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.2018-03-01not yet calculatedCVE-2018-6490 CONFIRM MISCmicrosoft*-- identity_manager *Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."2018-02-26not yet calculatedCVE-2018-0908 BID CONFIRMmicrosoft*-- safenet_authentication_service_end_user_software_t ools_for_windows *SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7596 MISC MISC CONFIRMmicrosoft*-- safenet_authentication_service_for_ad_fs_agent *SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7963 MISC MISC CONFIRMgemalto*-- safenet_authentication_service_for_citrix_web_inte rface_agent *SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7967 MISC MISC CONFIRMgemalto*-- safenet_authentication_service_for_outlook_web_app _agent *SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7962 MISC MISC CONFIRMgemalto*-- safenet_authentication_service_iis_agent *SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7597 MISC MISC CONFIRMgemalto*-- safenet_authentication_service_remote_web_workplac e_agent *SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7961 MISC MISC CONFIRMgemalto*-- safenet_authentication_service_token_validator_pro xy_agent *SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7598 MISC MISC CONFIRMgemalto -- safenet_authentication_service_windows_logon_agent *SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966.2018-03-02not yet calculatedCVE-2015-7965 MISC MISC CONFIRMgemalto*-- safenet_authentication_service_windows_logon_agent *SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965.2018-03-02not yet calculatedCVE-2015-7966 MISC MISC CONFIRMgemalto*-- safenet_authetication_service_for_nps_agent *SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7964 MISC MISC CONFIRMmicrosoft*-- windows *An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.2018-02-26not yet calculatedCVE-2018-7249 MISCmicrosoft*-- windows *An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.2018-02-26not yet calculatedCVE-2018-7250 MISCsam2p*-- sam2p *There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7551 MISC MISCopenjpeg*-- openjpeg *An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.2018-03-02not yet calculatedCVE-2018-7648 MISC MISCmicro_focus -- netiq_access_manager *Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.2018-03-02not yet calculatedCVE-2017-14801 CONFIRMmicro_focus -- netiq_access_manager *A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.2018-03-01not yet calculatedCVE-2017-14800 CONFIRMmicro_focus -- netiq_edirectory_pki *The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.2018-03-02not yet calculatedCVE-2017-7429 CONFIRM CONFIRM CONFIRMmicro_focus -- netiq_edirectory *NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.2018-03-02not yet calculatedCVE-2017-9285 CONFIRM CONFIRM CONFIRMmicro_focus -- netiq_identity_manager *NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.2018-03-02not yet calculatedCVE-2017-9279 CONFIRM CONFIRMmicro_focus -- netiq_identity_manager *The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.2018-03-01not yet calculatedCVE-2017-7426 CONFIRMmicro_focus -- netiq_identity_manager *Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.2018-03-02not yet calculatedCVE-2017-9280 CONFIRM CONFIRMmicro_focus -- netiq_identity_manager *In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.2018-03-02not yet calculatedCVE-2017-7434 CONFIRM CONFIRMmicro_focus -- netiq_access_manager *A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.2018-03-02not yet calculatedCVE-2017-7419 CONFIRM CONFIRMmicro_focus -- netiq_access_manager *A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.2018-03-01not yet calculatedCVE-2017-14799 CONFIRMmicro_focus -- netiq_identity_manager *The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.2018-03-02not yet calculatedCVE-2017-9278 CONFIRM CONFIRMmicro_focus -- netiq_imanager *NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.2018-03-02not yet calculatedCVE-2017-5189 CONFIRM CONFIRMmicro_focus -- netiq_privileged_account_manager *NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.2018-03-02not yet calculatedCVE-2017-7438 CONFIRM CONFIRMnode.js*-- node.js *index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.2018-03-03not yet calculatedCVE-2018-7651 CONFIRM CONFIRM CONFIRMmicro_focus*-- novell_access_manager_admin_console_and_idp_server s *Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.2018-03-02not yet calculatedCVE-2017-14802 CONFIRMmicro_focus*-- novell_access_manager_imanager *Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.2018-03-02not yet calculatedCVE-2017-9276 CONFIRMmicro_focus*-- novell_edirectory *In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.2018-03-02not yet calculatedCVE-2017-9267 CONFIRMmicro_focus -- novell_edirectory *The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.2018-03-02not yet calculatedCVE-2017-9277 CONFIRM CONFIRM CONFIRMmicrosoft -- windows *An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.2018-02-28not yet calculatedCVE-2018-6947 EXPLOIT-DB EXPLOIT-DB MISC CONFIRM CONFIRM CONFIRMsuse -- linux_enterprise_software_development_kit *A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.2018-03-01not yet calculatedCVE-2017-9274 CONFIRM SUSE CONFIRMopen_build_service*-- open_build_service* *In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).2018-03-01not yet calculatedCVE-2017-9268 CONFIRM CONFIRMopen_buildservice*-- open_buildservice *The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.2018-03-01not yet calculatedCVE-2017-5188 CONFIRM CONFIRM CONFIRMopen_buildservice*-- open_buildservice *In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.2018-03-02not yet calculatedCVE-2015-0796 CONFIRM CONFIRMsuse*-- opensuse_leap *The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.2018-03-01not yet calculatedCVE-2017-9286 CONFIRM SUSE CONFIRMparallels*-- remote_application_server *In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences.2018-02-28not yet calculatedCVE-2017-9447 MISCphpscriptsmall.com*-- entrepreneur_job_portal_script *PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).2018-02-28not yet calculatedCVE-2018-7469 MISCphpscriptsmall.com*-- school_management_script *SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.2018-02-28not yet calculatedCVE-2018-7477 EXPLOIT-DBphp*-- php *In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.2018-03-01not yet calculatedCVE-2018-7584 CONFIRM BID CONFIRM CONFIRMphpscriptsmall.com*-- schools_alert_management_script *SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.2018-02-23not yet calculatedCVE-2018-6859 MISC EXPLOIT-DBpiwigo*-- piwigo *Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.2018-02-24not yet calculatedCVE-2018-6883 MISC MISCpiwigo*-- piwigo *ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.2018-02-25not yet calculatedCVE-2017-9426 MISC EXPLOIT-DB MISCpiwigo*-- piwigo *The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.2018-02-25not yet calculatedCVE-2017-9425 MISC EXPLOIT-DB MISCpostgresql -- postgresql *A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.2018-03-02not yet calculatedCVE-2018-1058 CONFIRM CONFIRMpostgresql*-- postgresql *A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.2018-03-01not yet calculatedCVE-2017-14798 SUSE CONFIRM CONFIRMprestashop*-- prestashop *In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values.2018-02-26not yet calculatedCVE-2018-7491 MISC MISCpurevpn*-- purevpn *An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking.2018-02-25not yet calculatedCVE-2018-7484 MISC MISCqemu -- qemu *The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.2018-03-01not yet calculatedCVE-2018-7550 BID CONFIRM MLISTred_hat*-- satellite_6 *When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.2018-02-27not yet calculatedCVE-2017-15136 CONFIRMruby -- ruby *In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.2018-02-26not yet calculatedCVE-2017-16229 MISC MISCsam2p*-- sam2p *There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7553 MISC MISCsap*-- basis *ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.2018-03-01not yet calculatedCVE-2018-2367 BID CONFIRM CONFIRMsap*-- crm *SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.2018-03-01not yet calculatedCVE-2018-2380 BID CONFIRM CONFIRMsap*-- netweaver_portal *SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2018-03-01not yet calculatedCVE-2018-2365 BID CONFIRM CONFIRMsap*-- netweaver_system_landscape_directory *SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.2018-03-01not yet calculatedCVE-2018-2368 BID CONFIRM CONFIRMsegger -- embos/ip_ftp_server *SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.2018-03-03not yet calculatedCVE-2018-7449 EXPLOIT-DBshibboleth*-- service_provider *Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.2018-02-27not yet calculatedCVE-2018-0489 BID SECTRACK MLIST CONFIRM DEBIANsynology*-- surveillance_station *File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.2018-02-27not yet calculatedCVE-2017-16770 CONFIRMsynology*-- surveillance_station *Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.2018-02-27not yet calculatedCVE-2017-16767 CONFIRMtestlink*-- testlink *install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.2018-02-25not yet calculatedCVE-2018-7466 MISCunisys*-- clearpath_mcp_systems *The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.2018-02-26not yet calculatedCVE-2018-5762 CONFIRMunixodbc*-- unixodbc *The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.2018-02-26not yet calculatedCVE-2018-7485 BID MISCuwsgi*-- uwsgi* *uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.2018-02-26not yet calculatedCVE-2018-7490 CONFIRMvesta_control_panel -- vesta_control_panel *Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.2018-02-28not yet calculatedCVE-2015-4117 CONFIRM EXPLOIT-DB MISCred_hat*--cloudforms *A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.2018-02-28not yet calculatedCVE-2017-12191 REDHAT CONFIRM389-ds-base*-- 389-ds-base* *A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.2018-03-01not yet calculatedCVE-2017-15134 BID REDHAT CONFIRM MISCwireless_ip_camera_360 -- wireless_ip_camera_360_devices *An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.2018-02-26not yet calculatedCVE-2017-11634 MISCwireless_ip_camera_360 -- wireless_ip_camera_360_devices *An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.2018-02-26not yet calculatedCVE-2017-11635 MISCwireless_ip_camera_360 -- wireless_ip_camera_360_devices *An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.2018-02-26not yet calculatedCVE-2017-11632 MISCwireless_ip_camera_360 -- wireless_ip_camera_360_devices *An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.2018-02-26not yet calculatedCVE-2017-11633 MISCwireshark*-- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.2018-02-23not yet calculatedCVE-2018-7420 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.2018-02-23not yet calculatedCVE-2018-7419 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.2018-02-23not yet calculatedCVE-2018-7417 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.2018-02-23not yet calculatedCVE-2018-7418 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.2018-02-23not yet calculatedCVE-2018-7337 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.2018-02-23not yet calculatedCVE-2018-7334 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.2018-02-23not yet calculatedCVE-2018-7336 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.2018-02-23not yet calculatedCVE-2018-7335 BID CONFIRM CONFIRM CONFIRMwireshark*-- wireshark *In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.2018-02-23not yet calculatedCVE-2018-7320 BID CONFIRM CONFIRM CONFIRMwordpress*-- wordpress *The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.2018-03-02not yet calculatedCVE-2018-7433 MISCwordpress*-- wordpress *In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.2018-03-01not yet calculatedCVE-2018-7586 CONFIRMwowza_media_systems -- wowza_streaming_engine *An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager ) causing script injection and/or reflection via a crafted HTTP request.2018-03-01not yet calculatedCVE-2018-7049 MISC MISCwowza_media_systems -- wowza_streaming_engine *An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.2018-03-01not yet calculatedCVE-2018-7048 MISC MISCwowza_media_systems -- wowza_streaming_engine *An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).2018-03-01not yet calculatedCVE-2018-7047 MISC MISCxen*-- xen *An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.2018-02-27not yet calculatedCVE-2018-7542 CONFIRMxen*-- xen *An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.2018-02-27not yet calculatedCVE-2018-7541 CONFIRMxen*-- xen *An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.2018-02-27not yet calculatedCVE-2018-7540 CONFIRMxpdf*-- xpdf *A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7454 MISCyzmcms*-- yzmcms *\application\admin\controller\update_urls.class.p hp in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.2018-03-01not yet calculatedCVE-2018-7579 MISCyzmcms*-- yzmcms *YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.2018-02-25not yet calculatedCVE-2018-7479 MISCzonemaster*-- zonemaster_web_gui *lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.2018-03-03not yet calculatedCVE-2018-7652 CONFIRM CONFIRM CONFIRM CONFIRMzsh*-- zsh *In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.2018-02-27not yet calculatedCVE-2017-18205 MISCzsh*-- zsh *In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.2018-02-27not yet calculatedCVE-2014-10071 MISCzsh*-- zshIn params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.2018-02-27not yet calculatedCVE-2018-7549 MISCzsh*-- zsh *In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.2018-02-27not yet calculatedCVE-2018-7548 MISCzsh*-- zsh *In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.2018-02-27not yet calculatedCVE-2014-10072 MISCzsh*-- zsh *In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.2018-02-27not yet calculatedCVE-2017-18206 MISCzsh*-- zsh *zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.2018-02-27not yet calculatedCVE-2014-10070 MISC MISCzsh*-- zsh *In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.2018-02-27not yet calculatedCVE-2016-10714 MISCzypper*-- zypper *The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.2018-03-01not yet calculatedCVE-2017-9271 CONFIRM @#740#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... 
|
| Sponsored Links |
     |
Linear Mode
