Wednesday, February 28, 2018

USN-3579-2: LibreOffice regression

Ubuntu Security Notice USN-3579-2

28th February, 2018

libreoffice regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10

Summary

USN-3579-1 caused a regression in LibreOffice.

Software description

  • libreoffice - Office productivity suite

Details

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was
no longer possible for LibreOffice to open documents from certain
locations outside of the user's home directory. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that =WEBSERVICE calls in a document could be used to
read arbitrary files. If a user were tricked in to opening a specially
crafted document, a remote attacker could exploit this to obtain sensitive
information. (CVE-2018-6871)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
libreoffice-common 1:5.4.5-0ubuntu0.17.10.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make
all the necessary changes.

References

LP: 1751005



from Ubuntu Security Notices http://ift.tt/2COr4tw

You can use a ​VPN to battle ISP net neutrality abuse

Apple Moves iCloud Data and Encryption Keys for Chinese Users to China


Apple has finally agreed to open a new Chinese data center next month to comply with the country's latest controversial data protection law.

Apple will now move the cryptographic keys of its Chinese iCloud users in data centers run by a state-owned company called Cloud Big Data Industrial Development Co, despite concerns from human rights activists.

In 2017, China passed a

Cybersecurity Law

that requires "critical information infrastructure operators" to store Chinese users' data within the country's borders, which likely forced Apple to partner with the new Chinese data center.

And the icing on the cake is that Chinese government already has legislation called National Security Law, passed in 2015, which gives police the authority to demand companies help them bypass encryption or other security tools to access personal data.

This is the first time when Apple is going to store encryption keys required to unlock iCloud accounts of its users outside the United States.

In theory, Chinese law enforcement agencies won't have to ask US courts for compelling Apple to give them access to the Chinese users’ data.

Instead, they'll simply use their legal system to demand access to cryptographic keys required to unlock iCloud accounts stored within their nation, making it far easier to access users’ data, such as messages, emails, and photos.

However, Apple has said the company alone would have access to the iCloud encryption keys and that Chinese authorities will have no backdoor into its data troves.

Apple said the company had not given any of its customers account information to Chinese authorities despite receiving 176 requests from 2013 to 2017,

Reuters

reported, though all requests were made before the new cybersecurity laws took effect.

If Apple thinks it would comply with one law, i.e., storing users data in China, but could stand without complying with other stringent Chinese regulations, then the company should reconsider its decision.

The company has severely been implementing various aspects of Chinese laws in recent months for its regional operations in the most populated country.

Last year, Apple controversially

removed VPN apps

from its official App Store in China to comply with Chinese cyberspace regulations, making it harder for internet users to bypass its Great Firewall.

Earlier last year, Apple removed the New York Times (NYT) app from its Chinese App Store because the app was in "violation of local regulations."



from The Hacker News http://ift.tt/2CsN0Pl

CannibalRAT targets Brazil

A Simple Bug Revealed Admins of Facebook Pages — Find Out How


Facebook Page admins are only publicly displayed if admins have chosen to feature their profiles.

However, there are some situations where you might want to contact the Facebook page admins or want to find out who is the owner of a Facebook page.

Egyptian security researcher Mohamed A. Baset has discovered a severe information disclosure vulnerability in Facebook that could have allowed anyone to expose Facebook page administrator profiles, which is otherwise not supposed to be public information.

Baset claimed to have discovered the vulnerability in less than 3 minutes without any kind of testing or proof of concepts, or any other type of time-consuming processes.

In a

blog post

, Baset said he found the vulnerability, which he described as a "logical error," after receiving an invitation to like a particular Facebook page on which he had previously liked a post.

Facebook has introduced a feature for page admins wherein they can send Facebook invitations to users asking them if they wished to like their page after liking a post, and a few days later, these interacted users may receive an email reminding them of the invitation.

After Baset received one such email invite, he simply opened "show original" drop-down menu option in email. Looking at the email's source code, he noticed that it included the page administrator's name, admin ID and other details.

The researcher then immediately reported the issue to the Facebook Security Team through its Bugcrowd bug bounty program. The company acknowledged the bug and awarded Baset $2,500 for his findings.

"We were able to verify that under some circumstances page invitations sent to non-friends would inadvertently reveal the name of the page admin which sent them," Facebook said. "We've address the root cause here, and future emails will not contain that information."

Facebook has now patched this information disclosure issue.



from The Hacker News http://ift.tt/2HRhxWj

IBM Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench

A Struts vulnerability affects IBM InfoSphere Metadata Workbench.

CVE(s): CVE-2017-15707

Affected product(s) and affected version(s):

The following product, running on all supported platforms, is affected:
IBM InfoSphere Metadata Workbench: version 9.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013436
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135718

The post IBM Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2GRFOdz

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Invalid Account Lockout vulnerability (CVE-2018-1373)

IBM Security Guardium Big Data Intelligence (SonarG) has addressed the following vulnerability

CVE(s): CVE-2018-1373

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013750
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137773

The post IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Invalid Account Lockout vulnerability (CVE-2018-1373) appeared first on IBM PSIRT Blog.

Affected IBM Security Guardium Big Data Intelligence (SonarG) Affected Versions
IBM Security Guardium Big Data Intelligence (SonarG) 3.1


from IBM Product Security Incident Response Team http://ift.tt/2CrmUMo

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server

There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

CVE(s): CVE-2017-10345, CVE-2017-10295, CVE-2017-10281, CVE-2017-10350, CVE-2017-10347, CVE-2017-10349, CVE-2017-10348, CVE-2017-10357, CVE-2017-10355, CVE-2017-10293, CVE-2017-10356, CVE-2017-10388, CVE-2017-10285, CVE-2017-10346, CVE-2016-10165

Affected product(s) and affected version(s):

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 9.1, 11.3 and 11.5
IBM InfoSphere Information Server on Cloud: version 11.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013543
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133774
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133729
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133720
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133779
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133776
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133778
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133777
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133786
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133727
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133785
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133813
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133723
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133775
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127028

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2GQME2O

The Power of Logging in Incident Response

A deep dive into logging as an often-overlooked but powerful tool for incident detection and response

“Lack of instrumentation or insufficient logging” is often a phrase used on incident response reports. During incident response activities, this isn’t a phrase you want to see, since lack of logging inhibits your organization’s ability to conclusively determine root cause analysis.

As a team leader on Cisco Security Incident Response Services team, I work with a wide-range of organizations, from small-medium businesses to some of the largest and most complex environments across the globe. Many organizations today still fail at adequate logging across the enterprise, impeding their ability to perform intelligent-driven incident response tasks. This is in spite of the fact that the importance of logging is something that is constantly communicated in blogs, talks, IR reports, and even boardrooms!  I’ll say it again: Log sources are critical to intelligent incident response.

Thankfully, there are free and cost-for sufficient logging on your endpoints. Remember, an attacker’s technique is only as sophisticated as it needs to be to carryout Actions on Objectives in your network. An attacker isn’t going to drop a 0-day[1] when there are many ways to gain a foothold in an organization’s network. PowerShell is an effective, secure way of managing your network’s Windows infrastructure. Unfortunately, PowerShell attacks are prevalent and a very effective way for an attacker to execute arbitrary code on your endpoints.

PowerShell Logging

Why PowerShell? PowerShell is native, supported across most versions of Windows, and offers full access to Windows Management Instrumentation (WMI). Finally, many organizations are not logging PowerShell, which means you have the ingredients for the perfect storm.

We recommend customers turn on Module Logging, Script Block Logging, and Transcription Logging via Group Policy Object (GPO). The Microsoft PowerShell team highlights these advantages and many security features for the Blue Team.

In the event Mimikatz[2] harvests credentials in your Windows environment, you’ll have a detection mechanism (+1: blue team), but also plaintext credentials and hashes likely dumped to your event logs (+1: red team, but -1: blue team). Without logging or an endpoint detection and response (EDR) solution in place, you won’t be able to detect a memory (RAM) only credential harvesting attack via PowerShell. As a defender, it is critical to understand and manage risk to capabilities and business requirements.

A centralized logging solution is highly recommended for PowerShell and Sysmon logging. In addition to centralized logging, you’ll also need to tune/manage your configuration and deployment due to the additional logging requirements needed to detect and respond to a PowerShell attack.

Sysmon

System Monitor (Sysmon) is another tool freely available from Microsoft. When our Cisco Security Incident Response Services team is working with organizations to develop a robust incident response plan, we’ll recommend PowerShell Logging and Sysmon capabilities as a baseline for any endpoint detection.

While I was drafting this blog post, this Twitter thread caught my attention, as “Swift” walked folks through this “real-life” attack against a user in a series of Tweets highlighting Sysmon, PowerShell logging, and GPOs! “Swift” also updated the Sysmon Config here. Another reason why defenders should download, configure, and deploy Sysmon now!

AMP for Endpoints

If you have an EDR solution like Cisco Advanced Malware Protection (AMP) for Endpoints, you have yet another mechanism for detecting a PowerShell attack. In a recent lab exercise, we tested our PowerShell attack on the victim workstation without AMP for Endpoints and a second test with AMP for Endpoints, which did block Mimikatz from harvesting credentials from our victim workstation during lab testing.

Within our Cisco AMP for Endpoints console, we enabled command line capture (Policies > Advanced Settings), Block (Network), and Exploit Prevention (see Figure 1 below), which did block Mimikatz from successfully harvesting our lab user’s credentials, confirmed through PowerShell Transcription logging.

Figure 1: AMP for Endpoint Console (Policies: Exploit Prevention)

From a rapid incident response perspective, two powerful features within the Cisco AMP for Endpoints console are Device Trajectory and File Trajectory. Device Trajectory provides visibility into events that occurred leading up to and following a compromise, including parent processes, connections to remote hosts, and unknown files that may have been download by malware. In Figure 2 below, we can see the Encoded PowerShell command indicator of compromise (IOC) that was blocked by AMP for Endpoints. Retrospectively, we can also see powershell.exe, which is benign. However, a seasoned incident responder understands temporal proximity and would hypothesize that a benign portable executable (powershell.exe) may have been used to pivot, bypass AV, and/or download malware.

Figure 2: AMP for Endpoints Console (Device Trajectory)

Based upon the logs (PowerShell and Sysmon), and our EDR solution (Cisco AMP for Endpoints), we would want to get a RAM dump of this compromised endpoint for forensic analysis to pursue root cause in our incident response investigation.

Memory Forensics

During the incident response process, memory forensic analysis of infected endpoints is a common activity for your incident response team. This capability is critical to detection and response. For this “fileless” (no binary written to disk) PowerShell attack where you lack logging and visibility, memory forensics is your only option on the endpoint. Do you have this capability?

During this exercise, I used Volatility (An Advanced Memory Forensics Framework) to perform memory forensic analysis to detect Invoke-Mimikatz PowerShell script running in memory. Using the Volatility’s yarascan plugin and the Mimikatz yara[3] rule (kiwi_passwords.yar), I executed the following command:

Below (Figure 3) is the command output snippet identifying the lsadump module of mimikatz running in svchost.exe:

Figure 3: YARA: Mimikatz Detection (lsadump rule)

In summary, PowerShell logging, Sysmon, an EDR solution such as Cisco AMP for Endpoints, and a memory forensics capability are vital processes to efficient incident response. This multi-layered approach allows for detection and response, but more importantly if one capability fails (i.e. event logs are overwritten, due to size, cleared by an attacker, etc.) you have another mechanism to detect (i.e. PowerShell logging, EDR solution, Memory Forensic analysis) a common PowerShell attack.

If you have an in-house capability, fantastic! Definitely make sure you are using logging to its full potential.  If you are looking to augment your incident response capabilities, please consider leveraging our team. We stand ready to assist your organization maneuver treacherous waters during an incident and also those calm seas with our proactive Incident Response services portfolio.

Do you have detections in place for PowerShell attacks? I’d love to hear your success stories and what you are doing to detect PowerShell attacks. Please leave a comment, or feel free to reach out to me on Twitter @brgarnett or via PGP.

 

[1] Zero-Day Vulnerability: https://en.wikipedia.org/wiki/Zero-day_(computing)

[2] Mimikatz: https://github.com/gentilkiwi/mimikatz

[3] YARA: http://yara.readthedocs.io/en/v3.7.0/index.html

 

 

Tags:



from Cisco Blog » Security http://ift.tt/2t2kCj1

GDPR: Two thirds of organisations aren't prepared for the 'right to be forgotten'

Hit by ransomware? This new free decryption tool for GandCrab might help

What is malware? Everything you need to know about viruses, trojans and malicious software

Facebook patches admin information leak vulnerability

Intel's Spectre fix for Broadwell and Haswell chips has finally landed

Memcached Servers Abused for Massive Amplification DDoS Attacks


Cybercriminals have figured out a way to abuse widely-used

Memcached

servers to launch over 51,000 times powerful DDoS attacks than their original strength, which could result in knocking down of major websites and Internet infrastructure.

In recent days, security researchers at

Cloudflare

,

Arbor Networks

, and Chinese security firm

Qihoo 360

noticed that hackers are now abusing "Memcached" to amplify their DDoS attacks by an unprecedented factor of 51,200.

Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory and has been designed to work with a large number of open connections. Memcached server runs over TCP or UDP port 11211.

The Memcached application has been designed to speed up dynamic web applications by reducing stress on the database that helps administrators to increase performance and scale web applications. It's widely used by thousands of websites, including Facebook, Flickr, Twitter, Reddit, YouTube, and Github.

Dubbed

Memcrashed

by Cloudflare, the attack apparently abuses unprotected Memcached servers that have UDP enabled in order to deliver DDoS attacks 51,200 times their original strength, making it the most prominent amplification method ever used in the wild so far.

How Memcrashed DDoS Amplification Attack Works?

Like other

amplification methods

where hackers send a small request from a spoofed IP address to get a much larger response in return, Memcrashed amplification attack also works by sending a forged request to the targeted server (vulnerable UDP server) on port 11211 using a spoofed IP address that matches the victim's IP.

According to the researchers, just a few bytes of the request sent to the vulnerable server can trigger the response of tens of thousands of times bigger.

"15 bytes of request triggered 134KB of response. This is amplification factor of 10,000x! In practice we've seen a 15-byte request result in a 750kB response (that's a 51,200x amplification)," Cloudflare says.

According to the researchers, most of the Memcached servers being abused for amplification DDoS attacks are hosted at

OVH

, Digital Ocean, Sakura and other small hosting providers.

In total, researchers have seen only 5,729 unique source IP addresses associated with vulnerable Memcached servers, but they are "expecting to see much larger attacks in future, as Shodan reports 88,000 open Memcached servers." Cloudflare says.

"At peak we've seen 260Gbps of inbound UDP memcached traffic. This is massive for a new amplification vector. But the numbers don't lie. It's possible because all the reflected packets are very large," Cloudflare says.

Arbor Networks noted that the Memcached priming queries used in these attacks could also be directed towards TCP port 11211 on abusable Memcached servers.

But TCP is not currently considered a high-risk Memcached reflection/amplification vector because TCP queries cannot be reliably spoofed.

The popularly known DDoS amplification attack vectors that we reported in the past include

poorly secured domain name system

(DNS) resolution servers, which amplify volumes by about 50 times, and

network time protocol

(NTP), which increases traffic volumes by nearly 58 times.

Mitigation: How to Fix Memcached Servers?

One of the easiest ways to prevent your Memcached servers from being abused as reflectors is firewalling, blocking or rate-limiting UDP on source port 11211.

Since Memcached listens on INADDR_ANY and runs with UDP support enabled by default, administrators are advised to disable UDP support if they are not using it.

The attack size potentially created by Memcached reflection cannot be easily defended against by Internet Service Providers (ISPs), as long as IP spoofing is permissible on the internet.



from The Hacker News http://ift.tt/2CqaULg

Tuesday, February 27, 2018

AEC 'satisfied' with security risks absorbed ahead of the 2016 election

​Purism adds open-source security firmware to its Linux laptop line

When It Comes To Data Breach Preparedness, Companies Are Looking To the Top

The cost of a data breach in the U.S. hit an all-time high in 2017 at $7.35 million. Along with financial repercussions, data breaches can result in millions of private and sensitive information compromised, affecting not just the breached company but also all individuals whose personal data may have been stolen.

Data breach protection and preparation requires support and active involvement from the top and an informed C-suite is an integral part of a data breach response plan from review to execution. However, a surprising number of executives are not actively engaged in such preparations. According to “The Fifth Annual Study: Is Your Company Ready for a Big Data Breach?,” sponsored by Experian Data Breach Resolution and conducted by the Ponemon Institute, less than half (48 percent) of organizations feel confident that C-suite executives are prepared to deal with a breach. When it comes to a company’s board of directors, respondents were even less confident (just 39 percent).

With an increase in data breaches affecting companies of all sizes, it’s more important than ever that executives and those in the C-suite be involved in all security measures and response plans. However, not only did the study find that few executives or board members participate in high-level reviews of data protection and privacy practices, but many may be avoiding responsibility overall in breach preparedness.

Organizations look to leadership to make data breach preparedness a continuing priority for the entire company. In fact, 80 percent of respondents believe that data breach response plans need increased participation and greater oversight from senior executives. But, with only 36 percent of respondents indicating that the board understands specific security threats facing their organization, this gap continues to leave companies vulnerable to attack.

Data breaches can cost companies more than financial losses; they also threaten an organization’s reputation and customer trust. By increasing their role in data breach preparedness, an organization’s leadership can maximize the effectiveness of a data breach response plan and minimize the fallout from a cyberattack. Company leadership can set forth a culture of cybersecurity and data breach preparedness; it’s in the best interest of everyone that they act on this responsibility.

For more, download the full study here.

The post When It Comes To Data Breach Preparedness, Companies Are Looking To the Top appeared first on Data Breach Resolution.



from Data Breach Resolution http://ift.tt/2HQBwo1

Amazon boosts its home security portfolio with acquisition of Ring


Ring, a company best known for its video doorbell, has been acquired by Amazon, ZDNet can confirm.

The acquisition was first reported by Geekwire. A formal announcement isn't expected at this time.

"Ring is committed to our mission to reduce crime in neighborhoods by providing effective yet affordable home security tools to our Neighbors that make a positive impact on our homes, our communities, and the world," A Ring spokesperson said in a statement to ZDNet. "We'll be able to achieve even more by partnering with an inventive, customer-centric company like Amazon. We look forward to being a part of the Amazon team as we work toward our vision for safer neighborhoods."

The purchase for Amazon follows a purchase of another home security company, Blink. It also comes after the company introduced its first home security camera, Amazon Cloud Cam.

"Ring's home security products and services have delighted customers since day one. We're excited to work with this talented team and help them in their mission to keep homes safe and secure," an Amazon spokesperson said in a statement to ZDNet.

Ring's product lineup includes several different cameras, with various power options. In January, the company announced its complete home security system, Ring Alarm, was finally close to shipping after a lengthy delay. The company also announced it had acquired Mr. Beams at that time.

Amazon's interest in home security makes sense as it looks to expand the reach and potential of its smart speaker and home automation lineup.



from Latest Topic for ZDNet in... http://ift.tt/2CrctIQ

Sophisticated Android malware spies on smartphones users and runs up their phone bill too

​Splunk is buying security automation company Phantom for $350m

ICSJWG Call for Abstracts

Curiosity, Exploration and Community – How I Paved my Own Path to a Cybersecurity Career


I like to say that I didn’t really choose a career in cybersecurity – it chose me. The field naturally suits my personality, which has always been safety conscious. My cybersecurity journey began at Georgia Tech Research Institute, where my work exposed me to the challenges of using electronic systems to secure physical spaces. Intrigued, I wanted to build on that insight, so after graduation I looked for a job in the embedded systems space that would keep me on my toes. It didn’t occur to me that the expansive field of cybersecurity largely intersects with embedded systems.

When I first joined Cisco, my experience was making secure embedded systems, not breaking them. I had to drastically change my point-of-view tobecome an effective vulnerability researcher of Cisco products. I started by learning secure coding best practices and anything unique to Cisco product code.  Coming from a developer’s mindset, I also wanted to know how Cisco products worked—the intended product functionality and the underlying implementation. Next, I immersed myself in the latest research to further understand the current state of network security and common issues with networking products. A lesson that transferred from my time in academia to my time in industry is that research is often built from prior work. As I studied up on the continually changing threat landscape, I realized cybersecurity had the challenges I was looking for.

Now in my eighth year at Cisco, I am senior security researcher in the Security & Trust Organization. Utilizing my embedded systems background, I study the hardware and firmware of Cisco’s products for security vulnerabilities. I use this knowledge to make recommendations on improving product security taking into account the delicate balance of usability and security. My work has a direct effect on keeping our products, and thereby our customers, more secure.

Along my professional journey, my reporting chain has supported my growth. With my manager’s guidance, I have further developed my career by attending trainings and conferences. The Women in Cybersecurity initiative (WiCyS) founded by Dr. Ambareen Siraj hosts my favorite conference each year. Each WiCyS conference provides both technical and personal development with an incredibly positive and supportive atmosphere.

At my first WiCyS conference in 2015, I was inspired by Dr. Lorrie Cranor’s password research; but this conference was also where I first learned about “imposter syndrome” that frequently affects women working in STEM fields. The wise Dr. Tracy Camp offered us some great tips on coping with this self-doubt phenomenon. I kept following authentication-related research and gave my first conference presentation on password managers later that year at the Grace Hopper Celebration of Women in Computing!

Cyber threats move fast, and things have changed dramatically since I entered the InfoSec workforce. High profile hacks have popularized—and glamorized—the profession, so entry level jobs are now more competitive. Today there are also many degrees in information security, more robust and thorough than the elective track available when I was in college. Because these new degrees concentrate on tools and processes, knowing how the underlying technology works is more important than ever.

Still, it will take a lot to solve the cyber talent shortage. In my opinion, businesses can truly help by being more open to different worker backgrounds and training those looking to make a switch into information security. Infosec degrees and certifications are very recent, so the credentialed talent pool is rather small. Creativity and problem-solving skills are the most essential to have; everything else can be taught.

My advice to anyone, but especially women, who are considering a career in cybersecurity? There are many cybersecurity conferences and networking events available. Find one that welcomes you and actively participate. Keep an open mind and take a lot of notes. Ask questions. Network meaningfully. When it comes to conferences, you get out as much as you put in. And when you’ve paved your own path to the cybersecurity field, help others find their way.

Tags:



from Cisco Blog » Security http://ift.tt/2BTzSl0

IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a Public disclosed vulnerability from Apache Struts vulnerability (CVE-2017-15707)

IBM Security Guardium Database Activity Monitor has addressed the following vulnerability

CVE(s): CVE-2017-15707

Affected product(s) and affected version(s):

IBM Security Guardium Database Activity Monitor V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013305
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135718

The post IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a Public disclosed vulnerability from Apache Struts vulnerability (CVE-2017-15707) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2EVEuK7

IBM Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 )

IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability. IBM Security Guardium has addressed the following vulnerability.

CVE(s): CVE-2017-7525

Affected product(s) and affected version(s):

IBM Security Guardium V 10.1.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012547
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134639

The post IBM Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 ) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BTMc4B

IBM Security Bulletin: Potential hard-coded password vulnerability affects Rational Publishing Engine

An undisclosed hard-coded password vulnerability affects Rational Publishing Engine.

CVE(s): CVE-2017-1787

Affected product(s) and affected version(s):

Rational Publishing Engine 2.1.2
Rational Publishing Engine 6.0.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013961
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137022

The post IBM Security Bulletin: Potential hard-coded password vulnerability affects Rational Publishing Engine appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2EVEda3

SAML protocol bug put single sign-on accounts at risk

Avalanche botnet mastermind? Wanted cybercrime suspect has just been arrested

IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements (CVE-2017-1654)

A vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements (CVE-2017-1654).

CVE(s): CVE-2017-1654

Affected product(s) and affected version(s):

IBM Spectrum Scale V5.0.0

IBM Spectrum Scale V4.2.3.0 thru V4.2.3.6

IBM Spectrum Scale V4.2.2.0 thru V4.2.2.3

IBM Spectrum Scale V4.2.1.0 thru V4.2.1.2

IBM Spectrum Scale V4.2.0.0 thru V4.2.0.4

IBM Spectrum Scale V4.1.1.0 thru V4.1.1.18

IBM General Parallel File System V4.1.0.0 thru V4.1.0.8

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010869
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133378

The post IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements (CVE-2017-1654) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2GKyDUv

Hacker Who Never Hacked Anyone Gets 33-Month Prison Sentence


A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been

sentenced

to serve almost three years in prison.

Taylor Huddleston, 26, of Hot Springs, Arkansas,

pleaded guilty

in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called

NanoCore

, to hackers for $25.

Huddleston was arrested in March, almost two months before the FBI raided his house in Hot Springs, Arkansas and left with his computers after 90 minutes, only to return eight weeks later with handcuffs.

This case is a rare example of the US Department of Justice (DOJ) charging someone not for actively using malware to hack victims' computers, but for developing and selling it to other cybercriminals.

Huddleston admitted to the court that he created his software knowing it would be used by other cybercriminals to break the law.

He initially started developing NanoCore in late 2012 with a motive to offer a low-budget remote management software for schools, IT-conscious businesses, and parents who desired to monitor their children's activities on the web.

However, Huddleston marketed and sold the NanoCore RAT for $25 in underground hacking forums that were extremely popular with cybercriminals around the world from January 2014 to February 2016. He then sold ownership of NanoCore to a third-party in 2016.

NanoCore RAT happens to be popular among cybercriminals on underground hacking forums and has been linked to intrusions in at least ten countries. Among the victims was a high-profile assault on Middle Eastern energy firms in 2015.

Huddleston also agreed with prosecutors that NanoCore RAT and available third-party plugins offered a full set of features including:

  • Stealing sensitive information from victim computers, such as passwords, emails, and instant messages.
  • Remotely activating and controlling connected webcams on the victims' computers in order to spy on them.
  • Ability to view, delete, and download files.
  • Locking infected PCs and holding them to ransom.
  • Using infected PCs to launch distributed denial of service (DDoS) attacks on websites and similar services.

In July plea, Huddleston also took responsibility for creating and operating a software licensing system called "Net Seal" that was used by another suspect, Zachary Shames, to sell thousands of copies of Limitless keylogger.

Shames used Net Seal to infect 3,000 people that were, in turn, used it to infect 16,000 computers, according to the DoJ.

In his guilty plea, Huddleston admitted that he intended his products to be used maliciously.

Besides the 33-month prison sentence handed down by judges on Friday, Huddleston also gets two years of supervised release.



from The Hacker News http://ift.tt/2F5PeVD

diskAshur2 and datAshur Pro, First Take: Secure but pricey mobile drives

Phone-Cracking Firm Found a Way to Unlock Any iPhone Model


Remember the infamous encryption fight between Apple and the FBI for

unlocking an iPhone

belonging to a terrorist behind the San Bernardino mass shooting that took place two years ago?

After Apple refused to help the feds access data on the locked iPhone, the FBI eventually paid over a million dollar to a third-party company for unlocking the shooter's iPhone 5c.

Now, it appears that the federal agency will not have to fight Apple over unlocking iPhones since the Israeli mobile forensics firm

Cellebrite

has reportedly figured out a way to unlock almost any iPhone in the market, including the latest iPhone X.

Cellebrite

, a major security contractor to the United States law enforcement agencies, claims to have a new hacking tool for unlocking pretty much every iPhone running iOS 11 and older versions, Forbes reports.

In its own literature [

PDF

] "Advanced Unlocking and Extraction Services," Cellebrite says its services can break the security of "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11."

Citing anonymous sources, the publication

reported

that Cellebrite could also unlock the iPhone 8, and since the security across Apple's newest iPhone devices worked in much the same way, the company can break the security of the iPhone X as well.

Besides Apple's devices, Cellebrite can also break into Google Android-powered smartphones from Samsung (Galaxy and Note series), Alcatel, Google Nexus, HTC, Huawei, LG, Motorola, ZTE and many more.

"Cellebrite Advanced Unlocking Services is the industry's only solution for overcoming many types of complex locks on market-leading devices," Cellebrite literature explains. 
"This can determine or disable the PIN, pattern, password screen locks or passcodes on the latest Apple iOS and Google Android devices."

Last November, the Department of Homeland Security reportedly managed to get into an iPhone X owned by a suspect in an arms trafficking case, probably with the help of a Cellebrite-trained specialist.

However, a warrant discovered by Forbes does not mention the method or technology used by law enforcement to hack into the iPhone X.

Founded in 1999, Cellebrite provides digital forensics tools and software for mobile phones to its customers, which also includes the US government.

One of its main products is the Universal Forensic Extraction Device (UFED) that claims to help investigators extract all data and passwords from mobile phones.

While the Cellebrite's iPhone hacking tool has the potential to affect hundreds of millions of Apple users, Apple also rolls out software updates and patches on a regular basis.

So users are advised to keep their devices up-to-date, as its hard to say if the company's hacks work on the latest updates of iOS 11.

Neither Cellebrite nor Apple immediately commented on the latest report.



from The Hacker News http://ift.tt/2CKQXun

Monday, February 26, 2018

Digital Transformation Agency wants its cybersecurity team back

Australian Home Affairs thinks its IT is safe because it has a cybermoat

Who Wasn’t Responsible for Olympic Destroyer?

Importing Pcap into Security Onion

Within the last week, Doug Burks of Security Onion (SO) added a new script that revolutionizes the use case for his amazing open source network security monitoring platform.

I have always used SO in a live production mode, meaning I deploy a SO sensor sniffing a live network interface. As the multitude of SO components observe network traffic, they generate, store, and display various forms of NSM data for use by analysts.

The problem with this model is that it could not be used for processing stored network traffic. If one simply replayed the traffic from a .pcap file, the new traffic would be assigned contemporary timestamps by the various tools observing the traffic.

While all of the NSM tools in SO have the independent capability to read stored .pcap files, there was no unified way to integrate their output into the SO platform.

Therefore, for years, there has not been a way to import .pcap files into SO -- until last week!

Here is how I tested the new so-import-pcap script. First, I made sure I was running Security Onion Elastic Stack Release Candidate 2 (14.04.5.8 ISO) or later. Next I downloaded the script using wget from https://github.com/Security-Onion-Solutions/securityonion-elastic/blob/master/usr/sbin/so-import-pcap.

I continued as follows:

richard@so1:~$ sudo cp so-import-pcap /usr/sbin/

richard@so1:~$ sudo chmod 755 /usr/sbin/so-import-pcap

I tried running the script against two of the sample files packaged with SO, but ran into issues with both.

richard@so1:~$ sudo so-import-pcap /opt/samples/10k.pcap

so-import-pcap

Please wait while...
...creating temp pcap for processing.
mergecap: Error reading /opt/samples/10k.pcap: The file appears to be damaged or corrupt
(pcap: File has 263718464-byte packet, bigger than maximum of 262144)
Error while merging!

I checked the file with capinfos.

richard@so1:~$ capinfos /opt/samples/10k.pcap
capinfos: An error occurred after reading 17046 packets from "/opt/samples/10k.pcap": The file appears to be damaged or corrupt.
(pcap: File has 263718464-byte packet, bigger than maximum of 262144)

Capinfos confirmed the problem. Let's try another!

richard@so1:~$ sudo so-import-pcap /opt/samples/zeus-sample-1.pcap

so-import-pcap

Please wait while...
...creating temp pcap for processing.
mergecap: Error reading /opt/samples/zeus-sample-1.pcap: The file appears to be damaged or corrupt
(pcap: File has 1984391168-byte packet, bigger than maximum of 262144)
Error while merging!

Another bad file. Trying a third!

richard@so1:~$ sudo so-import-pcap /opt/samples/evidence03.pcap

so-import-pcap

Please wait while...
...creating temp pcap for processing.
...setting sguild debug to 2 and restarting sguild.
...configuring syslog-ng to pick up sguild logs.
...disabling syslog output in barnyard.
...configuring logstash to parse sguild logs (this may take a few minutes, but should only need to be done once)...done.
...stopping curator.
...disabling curator.
...stopping ossec_agent.
...disabling ossec_agent.
...stopping Bro sniffing process.
...disabling Bro sniffing process.
...stopping IDS sniffing process.
...disabling IDS sniffing process.
...stopping netsniff-ng.
...disabling netsniff-ng.
...adjusting CapMe to allow pcaps up to 50 years old.
...analyzing traffic with Snort.
...analyzing traffic with Bro.
...writing /nsm/sensor_data/so1-eth1/dailylogs/2009-12-28/snort.log.1261958400

Import complete!

You can use this hyperlink to view data in the time range of your import:
https://localhost/app/kibana#/dashboard/94b52620-342a-11e7-9d52-4f090484f59e?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2009-12-28T00:00:00.000Z',mode:absolute,to:'2009-12-29T00:00:00.000Z'))

or you can manually set your Time Range to be:
From: 2009-12-28    To: 2009-12-29


Incidentally here is the capinfos output for this trace.

richard@so1:~$ capinfos /opt/samples/evidence03.pcap
File name:           /opt/samples/evidence03.pcap
File type:           Wireshark/tcpdump/... - pcap
File encapsulation:  Ethernet
Packet size limit:   file hdr: 65535 bytes
Number of packets:   1778
File size:           1537 kB
Data size:           1508 kB
Capture duration:    171 seconds
Start time:          Mon Dec 28 04:08:01 2009
End time:            Mon Dec 28 04:10:52 2009
Data byte rate:      8814 bytes/s
Data bit rate:       70 kbps
Average packet size: 848.57 bytes
Average packet rate: 10 packets/sec
SHA1:                34e5369c8151cf11a48732fed82f690c79d2b253
RIPEMD160:           afb2a911b4b3e38bc2967a9129f0a11639ebe97f
MD5:                 f8a01fbe84ef960d7cbd793e0c52a6c9
Strict time order:   True

That worked! Now to see what I can find in the SO interface.

I accessed the Kibana application and changed the timeframe to include those in the trace.


Here's another screenshot. Again I had to adjust for the proper time range.


Very cool! However, I did not find any IDS alerts. This made me wonder if there was a problem with alert processing. I decided to run the script on a new .pcap:

richard@so1:~$ sudo so-import-pcap /opt/samples/emerging-all.pcap

so-import-pcap

Please wait while...
...creating temp pcap for processing.
...analyzing traffic with Snort.
...analyzing traffic with Bro.
...writing /nsm/sensor_data/so1-eth1/dailylogs/2010-01-27/snort.log.1264550400

Import complete!

You can use this hyperlink to view data in the time range of your import:
https://localhost/app/kibana#/dashboard/94b52620-342a-11e7-9d52-4f090484f59e?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2010-01-27T00:00:00.000Z',mode:absolute,to:'2010-01-28T00:00:00.000Z'))

or you can manually set your Time Range to be:
From: 2010-01-27    To: 2010-01-28

When I searched the interface for NIDS alerts (after adjusting the time range), I found results:


The alerts show up in Sguil, too!



This is a wonderful development for the Security Onion community. Being able to import .pcap files and analyze them with the standard SO tools and processes, while preserving timestamps, makes SO a viable network forensics platform.

This thread in the mailing list is covering the new script.

I suggest running on an evaluation system, probably in a virtual machine. I did all my testing on Virtual Box. Check it out! 
Copyright 2003-2016 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and http://ift.tt/1fDn3pG)


from TaoSecurity http://ift.tt/2otrKQz

Going for the gold in identity protection: Ensuring data security when attending major events

All eyes are currently on the 2018 Winter Olympics in Pyeongchang, South Korea. Whether you’re lucky enough to experience the events in person or cheering from the comfort of your home, this is an opportune time to think about how to protect your personal information while in large crowds or public spaces, which are some of the most popular areas for identity thieves to exploit. It’s also a good time to consider the risks specifically facing travelers; of the 15 million Americans impacted by identity theft in 2016, 33 percent of this fraud took place when people were traveling.

One of the biggest challenges at major public events like the Olympics is that attendees encounter risks frequently without even knowing it. To stay protected, here are four precautions to help keep you from losing valuable documents or unknowingly giving access to your personal information:

  • Avoid using ATMs in highly trafficked, unfamiliar locations. With so many people around you, it can be difficult to keep your PIN number protected and out of sight.
  • Keep your credit cards and all forms of ID in either a money belt, an RFID-blocking wallet or a document protector to foil pickpockets or other thieves with fast hands.
  • Be wary of using shared or unsecured internet connections. Major events like the Olympics often create free public Wi-Fi networks at their biggest venues. Attendees should resist the urge to connect to public networks as they can pose increased cyberthreats. Consider purchasing a portable router to set up a Wi-Fi hotspot while traveling.
  • Before you leave, consider deleting sensitive apps containing financial information or those which allow you to access your home, car or other connected devices. Keep your mobile phone on you at all times and consider limiting how often you take your phone out. Most cell phones host a wealth of personal information, so it’s best to be overly cautious in the unfortunate event that your phone is lost or stolen.
  • Resist the temptation to share your location or agenda while away from home. By sharing these details, you’re alerting potential criminals to your whereabouts, making it easier for them to commit a crime. Wait to post on social media until you have returned from your trip.

With the above precautions, you can experience the energy in the crowd and the excitement of the event, knowing you’ve taken the necessary steps to help keep your information secure.

The post Going for the gold in identity protection: Ensuring data security when attending major events appeared first on Data Breach Resolution.



from Data Breach Resolution http://ift.tt/2t4Epyr

USN-3584-1: sensible-utils vulnerability

Ubuntu Security Notice USN-3584-1

26th February, 2018

sensible-utils vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

sensible-utils could be made to run programs as your login if it opened a malicious URL.

Software description

  • sensible-utils - Utilities for sensible alternative selection

Details

Gabriel Corona discovered that sensible-utils incorrectly validated strings
when launcher a browser with the sensible-browser tool. A remote attacker
could possibly use this issue with a specially crafted URL to conduct an
argument injection attack and execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:
sensible-utils 0.0.10ubuntu0.1
Ubuntu 16.04 LTS:
sensible-utils 0.0.9ubuntu0.16.04.1
Ubuntu 14.04 LTS:
sensible-utils 0.0.9ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-17512



from Ubuntu Security Notices http://ift.tt/2BToQfp

SB18-057: Vulnerability Summary for the Week of February 19, 2018

Original release date: February 26, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abb -- microscada
 
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. 2018-02-21 not yet calculated CVE-2018-1168
CONFIRM
MISC
abb -- netcadops_web_application
 
An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. 2018-02-20 not yet calculated CVE-2018-5477
BID
MISC
adobe -- shockwave_player
 
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759. 2018-02-19 not yet calculated CVE-2012-0771
CONFIRM
anchor -- anchor
 
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred. 2018-02-19 not yet calculated CVE-2018-7251
MISC
MISC
apache -- juddi
 
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. 2018-02-19 not yet calculated CVE-2009-4267
CONFIRM
MLIST
apache -- karaf
 
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service. 2018-02-19 not yet calculated CVE-2016-8750
BID
CONFIRM
apache -- oozie
 
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host. 2018-02-19 not yet calculated CVE-2017-15712
BID
MLIST
apache -- qpid
 
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. 2018-02-21 not yet calculated CVE-2015-0203
BID
REDHAT
CONFIRM
MISC
apache -- tomcat
 
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. 2018-02-23 not yet calculated CVE-2018-1305
MISC
apache -- vcl
 
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. 2018-02-21 not yet calculated CVE-2013-0267
CONFIRM
MLIST
apexis -- apm-h803-mpc_software
 
An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege. 2018-02-19 not yet calculated CVE-2017-17101
MISC
apexis -- apm_j601_ws
 
Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors. 2018-02-19 not yet calculated CVE-2014-3972
MISC
apngdis -- apngdis
 
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk. 2018-02-20 not yet calculated CVE-2017-6193
BID
EXPLOIT-DB
EXPLOIT-DB
MISC
apngdis -- apngdis
 
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor. 2018-02-20 not yet calculated CVE-2017-6192
BID
EXPLOIT-DB
EXPLOIT-DB
MISC
apple -- cups
 
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). 2018-02-16 not yet calculated CVE-2017-18190
MISC
MISC
MLIST
armadito -- armadito
 
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters. 2018-02-21 not yet calculated CVE-2018-7289
MISC
asterisk -- asterisk
 
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop). 2018-02-21 not yet calculated CVE-2018-7287
CONFIRM
SECTRACK
CONFIRM
asterisk -- asterisk
 
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. 2018-02-21 not yet calculated CVE-2018-7284
CONFIRM
SECTRACK
asterisk -- asterisk
 
A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist. 2018-02-21 not yet calculated CVE-2018-7285
CONFIRM
SECTRACK
asterisk -- asterisk
 
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. 2018-02-21 not yet calculated CVE-2018-7286
CONFIRM
SECTRACK
CONFIRM
atlassian -- crucible
 
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet. 2018-02-19 not yet calculated CVE-2017-18092
BID
CONFIRM
atlassian -- crucible
 
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review. 2018-02-16 not yet calculated CVE-2017-18089
BID
CONFIRM
atlassian -- crucible
 
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability. 2018-02-19 not yet calculated CVE-2017-18095
CONFIRM
atlassian -- fisheye
 
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. 2018-02-16 not yet calculated CVE-2017-18090
BID
CONFIRM
atlassian -- floodlight_controller
 
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack. 2018-02-21 not yet calculated CVE-2015-6569
CONFIRM
CONFIRM
atlassian -- multiple_products
 
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository. 2018-02-19 not yet calculated CVE-2017-18093
BID
CONFIRM
CONFIRM
atlassian -- multiple_products
 
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup. 2018-02-16 not yet calculated CVE-2017-18091
BID
CONFIRM
CONFIRM
cactus_vpn -- cactus_vpn
 
CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root. 2018-02-21 not yet calculated CVE-2018-7281
MISC

carbon_black -- carbon_black


 
A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions. 2018-02-19 not yet calculated CVE-2016-9568
MISC
cisco -- data_center_analytics_framework
 
A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105. 2018-02-21 not yet calculated CVE-2018-0145
CONFIRM
cisco -- data_center_analytics_framework
 
A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could exploit this vulnerability by persuading a user of the affected application to click a malicious link. A successful exploit could allow the attacker to submit arbitrary requests and take unauthorized actions on behalf of the user. Cisco Bug IDs: CSCvg45114. 2018-02-21 not yet calculated CVE-2018-0146
CONFIRM
cisco -- elastic_services_controller

 
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the web-based service portal of an affected system. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg30884. 2018-02-21 not yet calculated CVE-2018-0130
BID
CONFIRM
cisco -- elastic_services_controller
 
A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal. A successful exploit could allow the attacker to bypass authentication and gain administrator privileges for the web-based service portal of the affected software. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg29809. 2018-02-21 not yet calculated CVE-2018-0121
BID
CONFIRM
cisco -- jabber_client_framework
 
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989. 2018-02-21 not yet calculated CVE-2018-0199
SECTRACK
CONFIRM
cisco -- jabber_client_framework
 
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001. 2018-02-21 not yet calculated CVE-2018-0201
SECTRACK
CONFIRM
cisco -- multiple_products
 
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929. 2018-02-21 not yet calculated CVE-2018-0148
SECTRACK
CONFIRM
cisco -- orime_service_catalog
 
A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh65713. 2018-02-21 not yet calculated CVE-2018-0200
SECTRACK
CONFIRM
cisco -- prime_collaboration_provisioning_tool
 
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by using a brute-force attack (Repeated Bad Login Attempts). A successful exploit could allow the attacker to restrict user access. Manual administrative intervention is required to restore access. Cisco Bug IDs: CSCvd07264. 2018-02-21 not yet calculated CVE-2018-0204
SECTRACK
CONFIRM
cisco -- prime_collaboration_provisioning_tool
 
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by placing a malicious string in the Prime Collaboration Provisioning database. A successful exploit could allow the attacker to access Cisco Prime Collaboration Provisioning by injecting crafted data into the database. Cisco Bug IDs: CSCvd86609. 2018-02-21 not yet calculated CVE-2018-0205
SECTRACK
CONFIRM
cisco -- unified_communications_customer_voice_portal
 
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560. 2018-02-21 not yet calculated CVE-2018-0139
SECTRACK
CONFIRM
cisco -- unified_communications_domain_manager
 
A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964. 2018-02-21 not yet calculated CVE-2018-0124
BID
SECTRACK
CONFIRM
cisco -- unified_communications_manager
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815. 2018-02-21 not yet calculated CVE-2018-0206
SECTRACK
CONFIRM
cisco -- unity_connection
 
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215. 2018-02-21 not yet calculated CVE-2018-0203
SECTRACK
CONFIRM
codeigniter -- codeigniter
 
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. 2018-02-21 not yet calculated CVE-2013-4891
CONFIRM
MISC
CONFIRM
codeigniter -- codeigniter
 
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. 2018-02-21 not yet calculated CVE-2015-5725
CONFIRM
CONFIRM
CONFIRM
CONFIRM
combodo -- itop
 
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. 2018-02-20 not yet calculated CVE-2015-6544
CONFIRM
CONFIRM
MISC
converse.js_inverse.js -- converse.js_inverse.js
 
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen. 2018-02-19 not yet calculated CVE-2018-6591
MISC
d-link -- dir-600m_c1
 
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. 2018-02-21 not yet calculated CVE-2018-6936
MISC
danwin -- danwin_hosting
 
A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. 2018-02-21 not yet calculated CVE-2018-7308
MISC
MISC
datto -- multiple_products
 
Datto ALTO and SIRIS devices have a default VNC password. 2018-02-20 not yet calculated CVE-2015-9254
MISC
datto -- multiple_products
 
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. 2018-02-20 not yet calculated CVE-2015-9256
MISC
datto -- multiple_products
 
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. 2018-02-20 not yet calculated CVE-2015-2081
MISC
datto -- multiple_products
 
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. 2018-02-20 not yet calculated CVE-2015-9255
MISC
dotcms -- dotcms
 
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. 2018-02-19 not yet calculated CVE-2016-10008
MISC
dotcms -- dotcms
 
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. 2018-02-19 not yet calculated CVE-2016-10007
MISC
epic -- mychart
 
SQL injection vulnerability in EPIC MyChart allows remote attackers to execute arbitrary SQL commands via the topic parameter to help.asp. 2018-02-20 not yet calculated CVE-2016-6272
MISC
EXPLOIT-DB
eq-3 -- homematic_ccu2
 
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices. 2018-02-22 not yet calculated CVE-2018-7301
MISC
eq-3 -- homematic_ccu2
 
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. 2018-02-22 not yet calculated CVE-2018-7297
MISC
eq-3 -- homematic_ccu2
 
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of http://ift.tt/164R8MO or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise. 2018-02-22 not yet calculated CVE-2018-7298
MISC
eq-3 -- homematic_ccu2
 
Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. 2018-02-22 not yet calculated CVE-2018-7296
MISC
eq-3 -- homematic_ccu2
 
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. 2018-02-22 not yet calculated CVE-2018-7300
MISC
eq-3 -- homematic_ccu2
 
Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device. 2018-02-22 not yet calculated CVE-2018-7299
MISC
fllight_sim_labs -- fllight_sim_labs
 
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://ift.tt/2C9wC5V if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232. 2018-02-19 not yet calculated CVE-2018-7259
MISC
MISC
MISC
forgerock -- forgerock_am
 
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file. 2018-02-20 not yet calculated CVE-2018-7272
MISC
MISC
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function. 2018-02-23 not yet calculated CVE-2018-7438
MISC
MISC
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function. 2018-02-23 not yet calculated CVE-2018-7436
MISC
MISC
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record. 2018-02-23 not yet calculated CVE-2018-7439
MISC
MISC
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function. 2018-02-23 not yet calculated CVE-2018-7437
MISC
MISC
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function. 2018-02-23 not yet calculated CVE-2018-7435
MISC
MISC

fuji_soft_incorporated -- fs010w

Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-02-23 not yet calculated CVE-2018-0519
JVN
fuji_soft_incorporated -- fs010w
 
Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. 2018-02-23 not yet calculated CVE-2018-0520
JVN
ge -- d60_line_distance_relay_devices
 
A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution. 2018-02-19 not yet calculated CVE-2018-5475
BID
MISC
ge -- d60_line_distance_relay_devices
 
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. 2018-02-19 not yet calculated CVE-2018-5473
BID
MISC
gnu -- binutils
 
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. 2018-02-17 not yet calculated CVE-2018-7208
BID
CONFIRM
gnu -- libcdio
 
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. 2018-02-24 not yet calculated CVE-2017-18199
CONFIRM
CONFIRM
gnu -- libcdio
 
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. 2018-02-24 not yet calculated CVE-2017-18198
CONFIRM
CONFIRM
go -- go
 
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. 2018-02-16 not yet calculated CVE-2018-7187
CONFIRM
google -- android
 
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN. 2018-02-20 not yet calculated CVE-2017-18192
MISC
google -- android
 
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command. 2018-02-20 not yet calculated CVE-2017-16835
MISC
hamayeshnegar_cms -- hamayeshnegar_cms
 
SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter. 2018-02-22 not yet calculated CVE-2017-18194
MISC
hostapd -- hostapd
 
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. 2018-02-21 not yet calculated CVE-2015-5314
CONFIRM
MLIST
UBUNTU
DEBIAN
hostapd -- hostapd
 
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. 2018-02-21 not yet calculated CVE-2015-5315
CONFIRM
MLIST
UBUNTU
DEBIAN
hostapd -- hostapd
 
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange. 2018-02-21 not yet calculated CVE-2015-5316
CONFIRM
MLIST
BID
UBUNTU
DEBIAN
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376. 2018-02-22 not yet calculated CVE-2018-1391
CONFIRM
MISC
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859. 2018-02-21 not yet calculated CVE-2017-1758
CONFIRM
CONFIRM
CONFIRM
MISC
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377. 2018-02-22 not yet calculated CVE-2018-1392
CONFIRM
MISC
ibm -- forms_experience_builder
 
XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088. 2018-02-21 not yet calculated CVE-2016-0369
CONFIRM
XF
ibm -- j9_jvm
 
Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for Java Technology 6.0, 6.1, 7.0, 7.1, and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. 2018-02-22 not yet calculated CVE-2018-1417
SECTRACK
MISC
CONFIRM
ibm -- maximo_anywhere
 
IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132851. 2018-02-21 not yet calculated CVE-2017-1604
CONFIRM
MISC
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821. 2018-02-22 not yet calculated CVE-2018-1415
CONFIRM
MISC
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820. 2018-02-22 not yet calculated CVE-2018-1414
CONFIRM
MISC
ibm -- notes_diagnostics
 
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710. 2018-02-19 not yet calculated CVE-2018-1411
CONFIRM
CONFIRM
MISC
ibm -- notes_diagnostics
 
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708. 2018-02-19 not yet calculated CVE-2018-1409
CONFIRM
CONFIRM
MISC
ibm -- notes_diagnostics
 
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709. 2018-02-19 not yet calculated CVE-2018-1410
CONFIRM
CONFIRM
MISC
ibm -- rhapsody_dm
 
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461. 2018-02-21 not yet calculated CVE-2017-1462
CONFIRM
SECTRACK
MISC
ibm -- security_identity_manager_virtual_appliance
 
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. 2018-02-21 not yet calculated CVE-2016-0351
CONFIRM
XF
ibm -- security_identity_manager_virtual_appliance
 
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072. 2018-02-21 not yet calculated CVE-2016-0367
CONFIRM
XF
ibm -- security_identity_manager_virtual_appliance
 
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071. 2018-02-21 not yet calculated CVE-2016-0366
CONFIRM
XF
ibm -- tririga
 
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784. 2018-02-21 not yet calculated CVE-2016-0343
CONFIRM
XF
ibm -- tririga
 
Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785. 2018-02-21 not yet calculated CVE-2016-0344
XF
CONFIRM
ibm -- tririga
 
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813. 2018-02-21 not yet calculated CVE-2016-0348
XF
ibm -- tririga
 
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786. 2018-02-21 not yet calculated CVE-2016-0345
XF
CONFIRM
idashbboards -- idashboards
 
An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials. 2018-02-17 not yet calculated CVE-2018-7211
MISC
idashbboards -- idashboards
 
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts. 2018-02-17 not yet calculated CVE-2018-7210
MISC
idashbboards -- idashboards
 
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports. 2018-02-17 not yet calculated CVE-2018-7209
MISC
imagemagick -- imagemagick
 
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). 2018-02-23 not yet calculated CVE-2018-7443
MISC
insteon -- insteon_for_hub_android_app
 
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. 2018-02-22 not yet calculated CVE-2017-5250
MISC
insteon -- insteon_hub
 
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. 2018-02-22 not yet calculated CVE-2017-5251
MISC
jenkins -- jenkins
 
An issue was discovered in the Extended Choice Parameter (aka extended-choice-parameter) plugin 0.64 for Jenkins 2.89.3. The PATH_INFO filename is vulnerable to path traversal attacks via ..\ sequences to the /plugin/extended-choice-parameter/js/ URI. 2018-02-20 not yet calculated CVE-2018-6356
MLIST
BID
CONFIRM
joomla! -- joomla! SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. 2018-02-17 not yet calculated CVE-2018-6396
BID
EXPLOIT-DB
joomla! -- joomla! SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. 2018-02-17 not yet calculated CVE-2018-5980
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. 2018-02-17 not yet calculated CVE-2018-7177
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. 2018-02-17 not yet calculated CVE-2018-5989
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. 2018-02-17 not yet calculated CVE-2018-7180
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. 2018-02-22 not yet calculated CVE-2018-7318
EXPLOIT-DB
joomla! -- joomla!
 
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/. 2018-02-22 not yet calculated CVE-2018-7317
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. 2018-02-17 not yet calculated CVE-2018-6584
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. 2018-02-17 not yet calculated CVE-2018-7178
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. 2018-02-17 not yet calculated CVE-2018-7179
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. 2018-02-22 not yet calculated CVE-2018-7314
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. 2018-02-17 not yet calculated CVE-2018-5975
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. 2018-02-17 not yet calculated CVE-2018-5981
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. 2018-02-17 not yet calculated CVE-2018-5983
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. 2018-02-17 not yet calculated CVE-2018-5982
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. 2018-02-17 not yet calculated CVE-2018-5974
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. 2018-02-17 not yet calculated CVE-2018-5970
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. 2018-02-17 not yet calculated CVE-2018-5987
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. 2018-02-17 not yet calculated CVE-2018-6585
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. 2018-02-17 not yet calculated CVE-2018-5971
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. 2018-02-17 not yet calculated CVE-2018-6372
EXPLOIT-DB
joomla! -- joomla!
 
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter. 2018-02-20 not yet calculated CVE-2017-16356
MISC
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. 2018-02-18 not yet calculated CVE-2018-6024
MISC
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. 2018-02-17 not yet calculated CVE-2018-6006
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. 2018-02-17 not yet calculated CVE-2018-6004
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. 2018-02-17 not yet calculated CVE-2018-5991
EXPLOIT-DB
joomla! -- joomla!
 
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action. 2018-02-22 not yet calculated CVE-2018-7316
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter. 2018-02-22 not yet calculated CVE-2018-7313
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. 2018-02-17 not yet calculated CVE-2018-6583
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter. 2018-02-22 not yet calculated CVE-2018-7315
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. 2018-02-17 not yet calculated CVE-2018-6368
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. 2018-02-17 not yet calculated CVE-2018-5990
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. 2018-02-17 not yet calculated CVE-2018-5992
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter. 2018-02-22 not yet calculated CVE-2018-7319
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter. 2018-02-22 not yet calculated CVE-2018-7312
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. 2018-02-17 not yet calculated CVE-2018-6394
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action. 2018-02-17 not yet calculated CVE-2018-6373
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. 2018-02-17 not yet calculated CVE-2018-6005
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. 2018-02-17 not yet calculated CVE-2018-5993
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. 2018-02-17 not yet calculated CVE-2018-6370
EXPLOIT-DB
joomla! -- joomla!
 
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. 2018-02-17 not yet calculated CVE-2018-5994
EXPLOIT-DB
joyent -- smartos
 
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984. 2018-02-21 not yet calculated CVE-2018-1166
CONFIRM
MISC
joyent -- smartos
 
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983. 2018-02-21 not yet calculated CVE-2018-1165
CONFIRM
MISC
juniper -- appformix_agent
 
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: all versions of 2.7; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue. 2018-02-22 not yet calculated CVE-2018-0015
CONFIRM
keyclock -- keycloak
 
It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks. 2018-02-21 not yet calculated CVE-2017-12161
CONFIRM
CONFIRM
leptonica -- leptonica
 
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. 2018-02-23 not yet calculated CVE-2018-7440
MISC
leptonica -- leptonica
 
An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. 2018-02-19 not yet calculated CVE-2018-7247
MISC
leptonica -- leptonica
 
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. 2018-02-23 not yet calculated CVE-2018-7442
MISC
leptonica -- leptonica
 
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. 2018-02-16 not yet calculated CVE-2018-7186
MISC
MISC
MISC
leptonica -- leptonica
 
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. 2018-02-23 not yet calculated CVE-2017-18196
MISC
leptonica -- leptonica

 
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. 2018-02-23 not yet calculated CVE-2018-7441
MISC
libid3tag -- libid3tag
 
id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). 2018-02-20 not yet calculated CVE-2004-2779
MISC
MISC
MISC
libtiff -- libtiff
 
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) 2018-02-24 not yet calculated CVE-2018-7456
MISC
MISC
libvirt -- libvirt
 
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. 2018-02-23 not yet calculated CVE-2018-6764
UBUNTU
MLIST
libvncserver -- libvncserver An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet. 2018-02-19 not yet calculated CVE-2018-7226
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. 2018-02-19 not yet calculated CVE-2018-7225
MISC
BID
MISC
libxml2 -- libxml2
 
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). 2018-02-19 not yet calculated CVE-2017-7375
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRM
DEBIAN
libxml2 -- libxml2
 
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. 2018-02-19 not yet calculated CVE-2017-7376
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
linux -- linux_kernel
 
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. 2018-02-22 not yet calculated CVE-2017-18193
MISC
MISC
linux -- linux_kernel
 
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. 2018-02-20 not yet calculated CVE-2018-7273
BID
MISC
lutron -- quantum_bacnet_integration
 
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device. 2018-02-20 not yet calculated CVE-2018-7276
MISC
mahara -- mahara
 
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present. 2018-02-20 not yet calculated CVE-2017-17455
MISC
CONFIRM
CONFIRM
mahara -- mahara
 
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value. 2018-02-20 not yet calculated CVE-2017-17454
MISC
CONFIRM
CONFIRM
manageengine -- desktop_central_msp
 
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157. 2018-02-18 not yet calculated CVE-2017-16924
MISC
MISC
metinfo -- metinfo
 
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell. 2018-02-20 not yet calculated CVE-2018-7271
MISC
micro_focus -- project_and_portfolio_management_center
 
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) 2018-02-22 not yet calculated CVE-2018-6489
CONFIRM
micro_focus -- universal_cmdb_foundation_software
 
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information. 2018-02-20 not yet calculated CVE-2018-6487
CONFIRM
micro_focus -- universal_cmdb
 
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. 2018-02-22 not yet calculated CVE-2018-6488
CONFIRM
mojoportal -- mojoportal
 
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. 2018-02-23 not yet calculated CVE-2018-7447
MISC
mp4v2 -- mp4v2
 
The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file. 2018-02-23 not yet calculated CVE-2018-7339
MISC
mxgraph -- mxgraph
 
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView. 2018-02-23 not yet calculated CVE-2017-18197
CONFIRM
mybb -- mybb
 
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. 2018-02-21 not yet calculated CVE-2018-7305
MISC
nat_software -- nat32_router
 
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. 2018-02-20 not yet calculated CVE-2018-6940
MISC
MISC
BUGTRAQ
EXPLOIT-DB
nat_software -- nat32_router
 
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS. 2018-02-20 not yet calculated CVE-2018-6941
MISC
MISC
EXPLOIT-DB
netapp -- multiple_products
 
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required. 2018-02-23 not yet calculated CVE-2017-15518
MISC
nippon_telegraph_and_telephone_east_corporation -- flet's_azukeru_backup_tool
 
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-02-16 not yet calculated CVE-2018-0515
MISC
JVN
nippon_telegraph_and_telephone_east_corporation -- flet's_azukeru_backup_tool
 
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-02-16 not yet calculated CVE-2018-0516
MISC
JVN
nonecms -- nonecms
 
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. 2018-02-19 not yet calculated CVE-2018-7219
MISC
nortek -- linear_emerge_e3
 
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. 2018-02-19 not yet calculated CVE-2018-5439
MISC
npm -- npm
 
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue. 2018-02-22 not yet calculated CVE-2018-7408
MISC
MISC
MISC
october_cms -- october_cms
 
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. 2018-02-17 not yet calculated CVE-2018-7198
MISC
EXPLOIT-DB
openstack -- nova
 
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.0.4. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. 2018-02-19 not yet calculated CVE-2017-18191
BID
CONFIRM
CONFIRM
oxid -- eshop_enterprise_edition
 
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used. 2018-02-19 not yet calculated CVE-2018-5763
CONFIRM
oxid-- eshop_community_edition

 
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option. 2018-02-20 not yet calculated CVE-2017-14993
CONFIRM
CONFIRM
oxid-- eshop_community_edition
 
OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order. 2018-02-20 not yet calculated CVE-2017-12415
CONFIRM
CONFIRM
php -- php
 
An issue was discovered in PHP through 7.2.2. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. 2018-02-19 not yet calculated CVE-2015-9253
MISC
MISC
MISC
phpmyadmin -- phpmyadmin
 
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2018-02-21 not yet calculated CVE-2018-7260
BID
CONFIRM
MISC
CONFIRM
phpscriptsmall.com -- alibaba_clone_script
 
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. 2018-02-23 not yet calculated CVE-2018-6867
EXPLOIT-DB
phpscriptsmall.com -- learning_and_examination_management_system_script
 
Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. 2018-02-23 not yet calculated CVE-2018-6866
EXPLOIT-DB
phpscriptsmall.com -- schools_alert_management_script
 
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. 2018-02-23 not yet calculated CVE-2018-6859
MISC
phpscriptsmall.com -- slickdeals_dealnews_groupon_clone_script
 
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. 2018-02-23 not yet calculated CVE-2018-6868
EXPLOIT-DB
piwigo -- piwigo
 
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator. 2018-02-24 not yet calculated CVE-2018-6883
MISC
MISC
pluck -- pluck
 
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. 2018-02-17 not yet calculated CVE-2018-7197
MISC
project_jupyter -- jupyter_hub
 
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.) 2018-02-17 not yet calculated CVE-2018-7206
CONFIRM
quagga -- bgpd The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. 2018-02-19 not yet calculated CVE-2018-5380
CONFIRM
CERT-VN
CONFIRM
MLIST
DEBIAN
quagga -- bgpd
 
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. 2018-02-19 not yet calculated CVE-2018-5381
CONFIRM
CERT-VN
CONFIRM
MLIST
DEBIAN
quagga -- bgpd
 
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. 2018-02-19 not yet calculated CVE-2018-5379
CONFIRM
CERT-VN
BID
CONFIRM
MLIST
DEBIAN
quagga -- bgpd
 
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. 2018-02-19 not yet calculated CVE-2018-5378
CONFIRM
CERT-VN
CONFIRM
DEBIAN
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation. 2018-02-23 not yet calculated CVE-2017-15861
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow. 2018-02-23 not yet calculated CVE-2017-17764
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure. 2018-02-23 not yet calculated CVE-2017-15817
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer. 2018-02-23 not yet calculated CVE-2017-17767
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow. 2018-02-23 not yet calculated CVE-2017-17765
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overread is possible if there are no newlines in an input file. 2018-02-23 not yet calculated CVE-2017-14910
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg. 2018-02-23 not yet calculated CVE-2017-14884
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition. 2018-02-23 not yet calculated CVE-2017-15829
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur. 2018-02-23 not yet calculated CVE-2017-15820
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow. 2018-02-23 not yet calculated CVE-2017-15862
CONFIRM
qualcomm -- android
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur. 2018-02-23 not yet calculated CVE-2017-15860
CONFIRM
radiant_cms -- radiant_cms
 
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields). 2018-02-21 not yet calculated CVE-2018-7261
BUGTRAQ
BID
red hat -- linux
 
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. 2018-02-16 not yet calculated CVE-2018-1049
REDHAT
CONFIRM
reprise -- license_manager
 
An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file. 2018-02-21 not yet calculated CVE-2018-5716
MISC
rle -- protocol_converter_fds-pc/fds-pc-dp
 
An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. 2018-02-20 not yet calculated CVE-2018-7278
MISC
rle -- wi-mgr/fds-wi_routers
 
An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. 2018-02-20 not yet calculated CVE-2018-7277
MISC
samsung -- mobile_devices
 
In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world. 2018-02-20 not yet calculated CVE-2017-10963
MISC
MISC
seagate -- blackarmor_nas

 
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. 2018-02-23 not yet calculated CVE-2014-3206
EXPLOIT-DB
seagate -- blackarmor_nas
 
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. 2018-02-23 not yet calculated CVE-2014-3205
EXPLOIT-DB
shimmie -- shimmie
 
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS. 2018-02-20 not yet calculated CVE-2018-7265
MISC
sinatra -- sinatra
 
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters. 2018-02-18 not yet calculated CVE-2018-7212
MISC
MISC
smartbear -- soapui
 
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. 2018-02-19 not yet calculated CVE-2017-16670
MISC
softonic -- line_for_ios
 
LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-02-23 not yet calculated CVE-2018-0518
JVN
MISC
strongswan -- strongswan
 
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. 2018-02-20 not yet calculated CVE-2018-6459
CONFIRM
symantec -- altris_deployment_solution
 
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. 2018-02-19 not yet calculated CVE-2010-0109
BID
CONFIRM
symantec -- gear_software_cd_dvd_filter_driver
 
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. 2018-02-19 not yet calculated CVE-2011-3477
BID
CONFIRM
synology -- photo_station
 
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. 2018-02-23 not yet calculated CVE-2017-16769
CONFIRM
tejari -- procurement_portal
 
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request. 2018-02-18 not yet calculated CVE-2018-7217
MISC
MISC
tejari -- procurement_portal
 
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. 2018-02-18 not yet calculated CVE-2018-7216
MISC
MISC
MISC
tiki -- tiki
 
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation. 2018-02-21 not yet calculated CVE-2018-7304
MISC
tiki -- tiki
 
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. 2018-02-21 not yet calculated CVE-2018-7302
MISC
tiki -- tiki
 
The Calendar component in Tiki 17.1 allows HTML injection. 2018-02-21 not yet calculated CVE-2018-7303
MISC
tiki -- tiki
 
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. 2018-02-16 not yet calculated CVE-2018-7188
MISC
MISC
trend_micro -- interscan_messaging_security_virtual_appliance
 
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. 2018-02-16 not yet calculated CVE-2018-3609
BID
MISC
MISC
CONFIRM
trend_micro -- user-mode_hooking_module
 
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. 2018-02-16 not yet calculated CVE-2018-6218
BID
JVN
MISC
CONFIRM
twibright_labs -- multiple_products
 
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. 2018-02-23 not yet calculated CVE-2012-6709
MISC
MISC
underbit -- underbit
 
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. 2018-02-20 not yet calculated CVE-2018-7263
MISC
MISC
unisys_stealth -- windows
 
Unisys Stealth Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage. 2018-02-19 not yet calculated CVE-2018-6592
CONFIRM
unixodbc -- unixodbc
 
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. 2018-02-22 not yet calculated CVE-2018-7409
MISC
MISC
userscape -- helpspot
 
An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked. 2018-02-19 not yet calculated CVE-2017-16755
MISC
MISC
MISC
userscape -- helpspot
 
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account. 2018-02-19 not yet calculated CVE-2017-16756
MISC
MISC
MISC
wavpack -- wavpack
 
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. 2018-02-19 not yet calculated CVE-2018-7253
MISC
MISC
MISC
wavpack -- wavpack
 
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. 2018-02-19 not yet calculated CVE-2018-7254
MISC
MISC
MISC
EXPLOIT-DB
wink_labs -- wink
 
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. 2018-02-22 not yet calculated CVE-2017-5249
MISC
wireshark -- wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. 2018-02-23 not yet calculated CVE-2018-7322
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23 not yet calculated CVE-2018-7324
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. 2018-02-23 not yet calculated CVE-2018-7331
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. 2018-02-23 not yet calculated CVE-2018-7336
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. 2018-02-23 not yet calculated CVE-2018-7325
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. 2018-02-23 not yet calculated CVE-2018-7321
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23 not yet calculated CVE-2018-7330
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. 2018-02-23 not yet calculated CVE-2018-7320
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. 2018-02-23 not yet calculated CVE-2018-7334
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. 2018-02-23 not yet calculated CVE-2018-7333
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. 2018-02-23 not yet calculated CVE-2018-7323
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. 2018-02-23 not yet calculated CVE-2018-7329
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. 2018-02-23 not yet calculated CVE-2018-7332
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. 2018-02-23 not yet calculated CVE-2018-7328
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. 2018-02-23 not yet calculated CVE-2018-7421
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. 2018-02-23 not yet calculated CVE-2018-7337
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. 2018-02-23 not yet calculated CVE-2018-7327
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. 2018-02-23 not yet calculated CVE-2018-7420
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. 2018-02-23 not yet calculated CVE-2018-7419
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. 2018-02-23 not yet calculated CVE-2018-7335
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. 2018-02-23 not yet calculated CVE-2018-7418
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23 not yet calculated CVE-2018-7326
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. 2018-02-23 not yet calculated CVE-2018-7417
CONFIRM
CONFIRM
CONFIRM
wolf_cms -- wolf_cms
 
Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. 2018-02-22 not yet calculated CVE-2018-6890
MISC
MISC
wordpress -- wordpress
 
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. 2018-02-19 not yet calculated CVE-2015-2324
MISC
CONFIRM
wordpress -- wordpress
 
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. 2018-02-16 not yet calculated CVE-2018-6944
MISC
wordpress -- wordpress
 
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. 2018-02-21 not yet calculated CVE-2018-7280
CONFIRM
wordpress -- wordpress
 
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. 2018-02-16 not yet calculated CVE-2018-6943
MISC
xpdf -- xpdf
 
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. 2018-02-24 not yet calculated CVE-2018-7452
MISC
xpdf -- xpdf
 
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. 2018-02-24 not yet calculated CVE-2018-7453
MISC
xpdf -- xpdf
 
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. 2018-02-24 not yet calculated CVE-2018-7454
MISC
xpdf -- xpdf
 
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. 2018-02-24 not yet calculated CVE-2018-7455
MISC
yarb/quarx -- yarb/quarx
 
Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). 2018-02-20 not yet calculated CVE-2018-7274
BID
MISC
zyxel -- p-870h-51_dsl_router
 
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540. 2018-02-21 not yet calculated CVE-2018-1164
MISC
zzcms -- zzcms
 
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. 2018-02-23 not yet calculated CVE-2018-7434
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2ESAIRD