Monday, April 30, 2018
USN-3636-1: Ghostscript vulnerabilities
ghostscript vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in Ghostscript.
Software Description
- ghostscript - PostScript and PDF interpreter
Details
It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. (CVE-2016-10317)
It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10194)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.04 LTS
- ghostscript - 9.22~dfsg+1-0ubuntu1.1
- libgs9 - 9.22~dfsg+1-0ubuntu1.1
- Ubuntu 17.10
- ghostscript - 9.21~dfsg+1-0ubuntu3.1
- libgs9 - 9.21~dfsg+1-0ubuntu3.1
- Ubuntu 16.04 LTS
- ghostscript - 9.18~dfsg~0-0ubuntu2.8
- libgs9 - 9.18~dfsg~0-0ubuntu2.8
- Ubuntu 14.04 LTS
- ghostscript - 9.10~dfsg-0ubuntu10.12
- libgs9 - 9.10~dfsg-0ubuntu10.12
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices https://ift.tt/2HD8xrx
USN-3627-2: Apache HTTP Server vulnerabilities
30 April 2018
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Summary
Several security issues were fixed in the Apache HTTP Server.
Software Description
- apache2 - Apache HTTP server
Details
USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS.
Original advisory details:
Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710)
Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. (CVE-2017-15715)
It was discovered that the Apache HTTP Server mod_session module incorrectly handled certain headers. A remote attacker could possibly use this issue to influence session data. (CVE-2018-1283)
Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301)
Robert Swiecki discovered that the Apache HTTP Server mod_cache_socache module incorrectly handled certain headers. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1303)
Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.04 LTS
- apache2-bin - 2.4.29-1ubuntu4.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices https://ift.tt/2HGVCAB
USN-3629-3: MySQL vulnerabilities
mysql-5.7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary
Several security issues were fixed in MySQL.
Software Description
- mysql-5.7 - MySQL database
Details
USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.04 LTS
- mysql-server-5.7 - 5.7.22-0ubuntu18.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
- USN-3629-1
- CVE-2018-2755
- CVE-2018-2758
- CVE-2018-2759
- CVE-2018-2761
- CVE-2018-2762
- CVE-2018-2766
- CVE-2018-2769
- CVE-2018-2771
- CVE-2018-2773
- CVE-2018-2775
- CVE-2018-2776
- CVE-2018-2777
- CVE-2018-2778
- CVE-2018-2779
- CVE-2018-2780
- CVE-2018-2781
- CVE-2018-2782
- CVE-2018-2784
- CVE-2018-2786
- CVE-2018-2787
- CVE-2018-2810
- CVE-2018-2812
- CVE-2018-2813
- CVE-2018-2816
- CVE-2018-2817
- CVE-2018-2818
- CVE-2018-2819
- CVE-2018-2839
- CVE-2018-2846
from Ubuntu Security Notices https://ift.tt/2HYiBum
USN-3635-1: WebKitGTK+ vulnerabilities
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in WebKitGTK+.
Software Description
- webkit2gtk - Web content engine library for GTK+
Details
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 17.10
- libjavascriptcoregtk-4.0-18 - 2.20.1-0ubuntu0.17.10.1
- libwebkit2gtk-4.0-37 - 2.20.1-0ubuntu0.17.10.1
- Ubuntu 16.04 LTS
- libjavascriptcoregtk-4.0-18 - 2.20.1-0ubuntu0.16.04.1
- libwebkit2gtk-4.0-37 - 2.20.1-0ubuntu0.16.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References
- CVE-2018-4101
- CVE-2018-4113
- CVE-2018-4114
- CVE-2018-4117
- CVE-2018-4118
- CVE-2018-4119
- CVE-2018-4120
- CVE-2018-4122
- CVE-2018-4125
- CVE-2018-4127
- CVE-2018-4128
- CVE-2018-4129
- CVE-2018-4133
- CVE-2018-4146
- CVE-2018-4161
- CVE-2018-4162
- CVE-2018-4163
- CVE-2018-4165
from Ubuntu Security Notices https://ift.tt/2HJRmR6
SB18-120: Vulnerability Summary for the Week of April 23, 2018
Original release date: April 30, 2018
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System https://ift.tt/2Fst63Z
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abbott_laboratories -- accent/anthem_and_accent_mri_and_assurity/allure_and_assurity_mri |
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. | 2018-04-25 | not yet calculated | CVE-2017-12714 BID MISC |
|
abbott_laboratories -- accent/anthem_and_accent_mri_and_assurity/allure_and_assurity_mri |
The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. | 2018-04-25 | not yet calculated | CVE-2017-12712 BID MISC |
| abbott_laboratories -- accent/anthem_and_accent_mri_and_assurity/allure_and_assurity_mri |
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. | 2018-04-25 | not yet calculated | CVE-2017-12716 BID MISC |
| advantech -- webaccess_hmi_designer |
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | 2018-04-25 | not yet calculated | CVE-2018-8835 BID MISC |
| advantech -- webaccess_hmi_designer |
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. | 2018-04-25 | not yet calculated | CVE-2018-8837 BID MISC |
| advantech -- webaccess_hmi_designer |
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | 2018-04-25 | not yet calculated | CVE-2018-8833 BID MISC |
| ahnlab -- v3_internet_security |
Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call. | 2018-04-24 | not yet calculated | CVE-2013-3947 SECUNIA XF |
| ansible -- ansible |
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | 2018-04-24 | not yet calculated | CVE-2016-9587 REDHAT REDHAT BID REDHAT REDHAT REDHAT CONFIRM GENTOO EXPLOIT-DB |
| antennahouse -- dmc_htmlfilter |
An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter. | 2018-04-24 | not yet calculated | CVE-2016-8384 MISC |
| antennahouse -- dmc_htmlfilter |
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2016-8383 MISC |
| antennahouse -- dmc_htmlfilter |
An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2016-8382 MISC |
| apache -- fineract | Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter. | 2018-04-20 | not yet calculated | CVE-2018-1292 BID MLIST |
| apache -- fineract | In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class. | 2018-04-20 | not yet calculated | CVE-2018-1290 BID MLIST |
| apache -- fineract |
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization. | 2018-04-20 | not yet calculated | CVE-2018-1289 BID MLIST |
| apache -- fineract |
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the "order" param in such a way to read/update the data for which he doesn't have authorization. | 2018-04-20 | not yet calculated | CVE-2018-1291 BID MLIST |
| apache -- multiple_products |
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content. | 2018-04-26 | not yet calculated | CVE-2017-15691 CONFIRM |
|
apache -- tika |
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. | 2018-04-25 | not yet calculated | CVE-2018-1339 MLIST |
| apache -- tika |
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. | 2018-04-25 | not yet calculated | CVE-2018-1335 BID MLIST |
| apache -- tika |
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. | 2018-04-25 | not yet calculated | CVE-2018-1338 MLIST |
|
artifex -- mupdf |
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | 2018-04-22 | not yet calculated | CVE-2018-10289 MISC |
|
artifex -- mupdf |
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2016-8728 MISC |
|
artifex -- mupdf |
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2016-8729 MISC |
| atlassian -- fisheye_and_crucible |
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | 2018-04-24 | not yet calculated | CVE-2018-5228 BID CONFIRM CONFIRM |
| b3log_symphony -- b3log_symphony |
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. | 2018-04-27 | not yet calculated | CVE-2018-10469 MISC |
| baijiacms -- baijiacms |
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser. | 2018-04-27 | not yet calculated | CVE-2018-10503 MISC |
| blender -- blender | An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2901 MISC |
| blender -- blender |
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2904 MISC |
| blender -- blender |
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12086 MISC |
| blender -- blender |
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2905 MISC |
| blender -- blender |
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2900 MISC |
| blender -- blender |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12102 MISC |
| blender -- blender |
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2918 MISC |
| blender -- blender |
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2907 MISC |
| blender -- blender |
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog. | 2018-04-24 | not yet calculated | CVE-2017-2908 MISC |
| blender -- blender |
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12100 MISC |
| blender -- blender |
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2899 MISC |
| blender -- blender |
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12099 MISC |
| blender -- blender |
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12082 MISC |
| blender -- blender |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12103 MISC |
| blender -- blender |
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12081 MISC |
| blender -- blender |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12104 MISC |
| blender -- blender |
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2902 MISC |
| blender -- blender |
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12101 MISC |
| blender -- blender |
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2906 MISC |
| blender -- blender |
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2903 MISC |
| blender -- blender |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12105 MISC |
| brookins_consulting -- bc_collected_information_export_extension |
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | 2018-04-27 | not yet calculated | CVE-2014-2552 XF CONFIRM MISC |
| centers_for_disease_control_and_prevention -- microbetrace |
Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. | 2018-04-26 | not yet calculated | CVE-2018-9113 MISC MISC |
| centers_for_disease_control_and_prevention -- microbetrace |
Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. | 2018-04-26 | not yet calculated | CVE-2018-8974 MISC MISC |
| chemcms -- chemcms |
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. | 2018-04-22 | not yet calculated | CVE-2018-10295 MISC |
| cms_made_simple -- cms_made_simple |
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. | 2018-04-27 | not yet calculated | CVE-2018-10523 MISC |
| cms_made_simple -- cms_made_simple |
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084. | 2018-04-27 | not yet calculated | CVE-2018-10519 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request. | 2018-04-23 | not yet calculated | CVE-2018-9921 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | 2018-04-27 | not yet calculated | CVE-2018-10517 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. | 2018-04-27 | not yet calculated | CVE-2018-10515 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory. | 2018-04-27 | not yet calculated | CVE-2018-10516 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | 2018-04-27 | not yet calculated | CVE-2018-10522 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | 2018-04-27 | not yet calculated | CVE-2018-10520 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | 2018-04-27 | not yet calculated | CVE-2018-10518 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. | 2018-04-27 | not yet calculated | CVE-2018-10521 MISC |
| composr_cms -- composr_cms |
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. | 2018-04-26 | not yet calculated | CVE-2018-6518 MISC |
| computerinsel -- photoline |
An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12107 MISC |
| corel -- coreldraw_x8 |
An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific EMF file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2016-9043 BID MISC |
| corel -- photo-paint_x8 |
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Corel PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2804 BID MISC |
| corel -- photo-paint_x8 |
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Corel PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version. | 2018-04-24 | not yet calculated | CVE-2017-2803 BID MISC |
| corel -- photo-paint_x8 |
An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Corel PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2016-8730 BID MISC |
| cosmo -- cosmo |
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. | 2018-04-26 | not yet calculated | CVE-2018-10429 MISC |
| curl -- curl |
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. | 2018-04-23 | not yet calculated | CVE-2016-9586 BID SECTRACK MISC CONFIRM CONFIRM GENTOO |
| curl -- curl |
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable. | 2018-04-23 | not yet calculated | CVE-2016-9594 BID SECTRACK MISC CONFIRM GENTOO CONFIRM |
| d-link_russia -- dir-615_devices |
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. | 2018-04-26 | not yet calculated | CVE-2018-10431 MISC |
| dedecms -- dedecms |
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | 2018-04-25 | not yet calculated | CVE-2018-10375 MISC |
| dell -- precision_optimizer_software |
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2802 BID MISC |
| diligentcms -- diligentcms |
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. | 2018-04-26 | not yet calculated | CVE-2018-10430 MISC |
| discuz! -- discuzx |
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | 2018-04-22 | not yet calculated | CVE-2018-10297 MISC |
| discuz! -- discuzx |
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | 2018-04-22 | not yet calculated | CVE-2018-10298 MISC |
| dpdk -- dpdk |
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. | 2018-04-24 | not yet calculated | CVE-2018-1059 MISC CONFIRM |
| easy_file_sharing -- easy_file_sharing_web_server |
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791. | 2018-04-20 | not yet calculated | CVE-2018-9059 MISC EXPLOIT-DB EXPLOIT-DB |
| easycms -- easycms |
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. | 2018-04-28 | not yet calculated | CVE-2018-10527 MISC |
| easycms -- easycms |
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | 2018-04-25 | not yet calculated | CVE-2018-10374 MISC |
| eclipse -- mosquitto |
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. | 2018-04-25 | not yet calculated | CVE-2017-7652 CONFIRM MLIST |
| eclipse -- mosquitto |
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. | 2018-04-24 | not yet calculated | CVE-2017-7651 CONFIRM MLIST |
| edimax -- ic-3140w_and_ic-5150w_and_ic-6220dc_and_3.06_devices |
An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function. | 2018-04-26 | not yet calculated | CVE-2018-8072 MISC MISC CONFIRM MISC |
| enlightenment -- enlightenment |
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | 2018-04-27 | not yet calculated | CVE-2014-1845 MLIST CONFIRM XF CONFIRM CONFIRM |
| enlightenment -- enlightenment |
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | 2018-04-27 | not yet calculated | CVE-2014-1846 MLIST CONFIRM XF CONFIRM |
| ericsson-lg -- ipecs_nms_a.1ac_login_portal |
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. | 2018-04-22 | not yet calculated | CVE-2018-9245 MISC EXPLOIT-DB |
| ericsson-lg -- ipecs_nms_a.1ac_web_application |
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated. | 2018-04-22 | not yet calculated | CVE-2018-10286 MISC EXPLOIT-DB |
| ericsson-lg -- ipecs_nms_a.1ac_web_application |
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | 2018-04-22 | not yet calculated | CVE-2018-10285 MISC EXPLOIT-DB |
| ethereum -- beauty_ecosystem_coin |
An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue. | 2018-04-23 | not yet calculated | CVE-2018-10299 MISC MISC MISC MISC MISC MISC |
| ethereum -- useless_ethereum_token |
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue. | 2018-04-28 | not yet calculated | CVE-2018-10468 MISC |
| ezb_systems -- ultraiso |
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2840 BID MISC |
| ffmpeg -- ffmpeg |
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. | 2018-04-24 | not yet calculated | CVE-2018-7751 BID CONFIRM |
| flac -- flac |
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. | 2018-04-25 | not yet calculated | CVE-2017-6888 CONFIRM MISC MISC |
| fortinet -- forticlient_for_windows |
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | 2018-04-26 | not yet calculated | CVE-2017-17543 CONFIRM |
| foscam -- c1_indoor_hd_camera |
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2832 BID MISC |
| foscam -- c1_indoor_hd_camera |
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device. | 2018-04-24 | not yet calculated | CVE-2017-2833 BID MISC |
| foxit_software -- foxit_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-04-23 | not yet calculated | CVE-2018-3850 BID SECTRACK MISC |
| foxit_software -- foxit_reader_and_phantompdf |
In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process. | 2018-04-24 | not yet calculated | CVE-2017-17557 BID SECTRACK CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf |
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9. | 2018-04-23 | not yet calculated | CVE-2018-10302 CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf |
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3. | 2018-04-23 | not yet calculated | CVE-2018-10303 CONFIRM |
| foxit_software -- foxit_reader |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-04-23 | not yet calculated | CVE-2017-14458 BID SECTRACK MISC |
| freerdp -- freerdp |
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2834 BID DEBIAN MISC |
| freerdp -- freerdp |
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2839 BID DEBIAN MISC |
| freerdp -- freerdp |
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2837 BID DEBIAN MISC |
| freerdp -- freerdp |
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2835 DEBIAN MISC |
| freerdp -- freerdp |
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2838 BID DEBIAN MISC |
| freerdp -- freerdp |
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2836 BID DEBIAN MISC |
| freexl -- freexl |
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2924 BID DEBIAN MISC |
| freexl -- freexl |
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2923 BID DEBIAN MISC |
| frog_cms -- frog_cms |
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata. | 2018-04-23 | not yet calculated | CVE-2018-10318 MISC |
| frog_cms -- frog_cms |
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout. | 2018-04-23 | not yet calculated | CVE-2018-10320 MISC |
| frog_cms -- frog_cms |
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. | 2018-04-24 | not yet calculated | CVE-2018-10321 MISC EXPLOIT-DB |
| frog_cms -- frog_cms |
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet. | 2018-04-23 | not yet calculated | CVE-2018-10319 MISC |
| genixcms -- genixcms |
Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu. | 2018-04-26 | not yet calculated | CVE-2017-14740 MISC |
| ghostscript -- ghostscript |
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. | 2018-04-23 | not yet calculated | CVE-2016-9601 CONFIRM BID CONFIRM MISC GENTOO DEBIAN |
| gitlab -- community_and_enterprise_editions |
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | 2018-04-25 | not yet calculated | CVE-2018-8801 MISC MISC |
| glusterfs -- glusterfs |
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. | 2018-04-25 | not yet calculated | CVE-2018-1112 CONFIRM CONFIRM CONFIRM |
| gnome -- libsoup |
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-2885 BID REDHAT DEBIAN MISC |
| gnu -- binutils |
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. | 2018-04-25 | not yet calculated | CVE-2018-10373 BID MISC |
| gnu -- binutils |
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. | 2018-04-25 | not yet calculated | CVE-2018-10372 BID MISC |
| google -- guava |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | 2018-04-26 | not yet calculated | CVE-2018-10237 CONFIRM |
| hongcms -- hongcms |
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field. | 2018-04-26 | not yet calculated | CVE-2018-10422 MISC |
| huawei -- appgallery |
Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism. | 2018-04-24 | not yet calculated | CVE-2018-7931 CONFIRM |
| huawei -- appgallery |
Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone. | 2018-04-24 | not yet calculated | CVE-2018-7932 CONFIRM |
| huawei -- multiple_products | Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 have a null pointer dereference vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash. | 2018-04-24 | not yet calculated | CVE-2017-17254 CONFIRM |
| huawei -- multiple_products | Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash. | 2018-04-24 | not yet calculated | CVE-2017-17253 CONFIRM |
| huawei -- multiple_products |
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 have a null pointer dereference vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash. | 2018-04-24 | not yet calculated | CVE-2017-17251 CONFIRM |
| huawei -- multiple_products |
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a memory leak vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. | 2018-04-24 | not yet calculated | CVE-2017-17257 CONFIRM |
| huawei -- multiple_products |
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 have a null pointer dereference vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash. | 2018-04-24 | not yet calculated | CVE-2017-17255 CONFIRM |
| huawei -- multiple_products |
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a resource management vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products in the case of failure to apply for memory. Due to insufficient validation of packets, which could be exploited to cause process crash. | 2018-04-24 | not yet calculated | CVE-2017-17258 CONFIRM |
| huawei -- multiple_products |
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash. | 2018-04-24 | not yet calculated | CVE-2017-17252 CONFIRM |
| huawei -- multiple_products |
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a memory leak vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. | 2018-04-24 | not yet calculated | CVE-2017-17256 CONFIRM |
| hyland -- perceptive_document_filters |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | 2018-04-26 | not yet calculated | CVE-2018-3855 MISC |
| hyland -- perceptive_document_filters |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | 2018-04-26 | not yet calculated | CVE-2018-3845 MISC |
| hyland -- perceptive_document_filters |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. | 2018-04-26 | not yet calculated | CVE-2018-3851 MISC |
| hyland -- perceptive_document_filters |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution. | 2018-04-26 | not yet calculated | CVE-2018-3844 MISC |
| ibm -- bigfix_platform |
IBM BigFix Platform 9.2 and 9.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 140689. | 2018-04-27 | not yet calculated | CVE-2018-1471 CONFIRM XF |
| ibm -- bigfix_platform |
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. | 2018-04-27 | not yet calculated | CVE-2018-1479 CONFIRM XF |
| ibm -- bigfix_platform |
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756. | 2018-04-27 | not yet calculated | CVE-2018-1475 CONFIRM XF |
| ibm -- bigfix_platform |
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691. | 2018-04-27 | not yet calculated | CVE-2018-1473 CONFIRM XF |
| ibm -- campaign |
IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154. | 2018-04-27 | not yet calculated | CVE-2017-1116 CONFIRM BID XF |
| ibm -- cognos_business_intelligence |
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624. | 2018-04-23 | not yet calculated | CVE-2017-1486 CONFIRM XF |
| ibm -- cognos_business_intelligence |
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. | 2018-04-23 | not yet calculated | CVE-2017-1764 CONFIRM XF |
|
ibm -- endpoint_manager_for_remote_control_and _tivoli_remote_control |
IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which make it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309. | 2018-04-27 | not yet calculated | CVE-2013-5461 XF CONFIRM CONFIRM |
| ibm -- flex_system |
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. | 2018-04-25 | not yet calculated | CVE-2014-0881 CONFIRM CONFIRM CONFIRM |
| ibm -- jazz_reporting_service |
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523. | 2018-04-25 | not yet calculated | CVE-2017-1750 CONFIRM BID XF |
| ibm -- jazz_reporting_service |
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448. | 2018-04-25 | not yet calculated | CVE-2018-1363 CONFIRM XF |
| ibm -- jazz_team_server |
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915. | 2018-04-24 | not yet calculated | CVE-2017-1734 CONFIRM XF |
| ibm -- jazz_team_server |
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392. | 2018-04-24 | not yet calculated | CVE-2017-1700 CONFIRM XF |
| ibm -- jazz_team_server |
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820. | 2018-04-24 | not yet calculated | CVE-2017-1725 CONFIRM XF |
| ibm -- multiple_products |
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. | 2018-04-25 | not yet calculated | CVE-2014-0882 CONFIRM CONFIRM CONFIRM |
| ibm -- rational_focal_point |
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. | 2018-04-27 | not yet calculated | CVE-2014-0841 XF CONFIRM |
| ibm -- security_access_manager_appliance |
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. | 2018-04-23 | not yet calculated | CVE-2017-1473 CONFIRM XF |
| ibm -- security_key_lifecycle_manager | The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. | 2018-04-25 | not yet calculated | CVE-2014-0872 XF CONFIRM |
| ibm -- security_qradar_siem |
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134814. | 2018-04-26 | not yet calculated | CVE-2017-1724 CONFIRM XF |
| ibm -- security_qradar_siem |
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811. | 2018-04-26 | not yet calculated | CVE-2017-1722 CONFIRM XF |
| ibm -- security_qradar_siem |
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810. | 2018-04-26 | not yet calculated | CVE-2017-1721 CONFIRM XF |
| ibm -- security_qradar_siem |
IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812. | 2018-04-26 | not yet calculated | CVE-2017-1723 CONFIRM XF |
| ibm -- security_qradar_siem |
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824. | 2018-04-26 | not yet calculated | CVE-2018-1418 CONFIRM XF |
| ibm -- spss_modeler |
IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. | 2018-04-27 | not yet calculated | CVE-2013-6739 CONFIRM XF |
| ibm -- team_concert |
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393. | 2018-04-23 | not yet calculated | CVE-2017-1701 CONFIRM XF |
| ibm -- websphere_mq |
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975. | 2018-04-23 | not yet calculated | CVE-2017-1786 CONFIRM XF |
| ibm -- worklight_and_mobile_foundation |
IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128. | 2018-04-27 | not yet calculated | CVE-2013-5391 CONFIRM XF |
| invincea -- dell_protected_workspace |
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | 2018-04-24 | not yet calculated | CVE-2016-8732 BID MISC |
| invincea -- invincea-x |
An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2016-9038 BID MISC |
| kakadu -- kakadu_sdk | A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise. | 2018-04-24 | not yet calculated | CVE-2017-2812 BID MISC |
| kakadu -- kakadu_sdk |
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise. | 2018-04-24 | not yet calculated | CVE-2017-2811 BID MISC |
| kliqqi_cms -- kliqqi_cms |
Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php. | 2018-04-22 | not yet calculated | CVE-2017-17889 MISC |
| kliqqi_cms -- kliqqi_cms |
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI. | 2018-04-22 | not yet calculated | CVE-2017-17902 MISC |
| ktexteditor -- ktexteditor |
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation. | 2018-04-25 | not yet calculated | CVE-2018-10361 MISC MISC |
| leptonica -- leptonica |
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2018-3836 MLIST MISC |
| levistudio -- hmi_editor |
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. | 2018-04-26 | not yet calculated | CVE-2018-7527 MISC |
| libraw -- libraw |
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. | 2018-04-28 | not yet calculated | CVE-2018-10528 MISC MISC |
| libraw -- libraw |
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | 2018-04-28 | not yet calculated | CVE-2018-10529 MISC MISC |
| libsdl -- simple_directmedia_layer_sdl2_image |
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-14442 MLIST DEBIAN MISC |
| libsdl -- simple_directmedia_layer_sdl2_image |
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-14449 DEBIAN MISC |
| libsdl -- simple_directmedia_layer_sdl2_image |
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-14450 MLIST DEBIAN MISC |
| libsdl -- simple_directmedia_layer_sdl2_image |
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-14440 MLIST DEBIAN MISC |
| libsdl -- simple_directmedia_layer_sdl2_image |
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-14441 MLIST DEBIAN MISC |
| libsdl -- simple_directmedia_layer_sdl2_image |
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-14448 MLIST DEBIAN MISC |
| libsdl -- simple_directmedia_layer_sdl2_image |
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12122 MLIST DEBIAN MISC |
| libxls -- libxls |
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12109 MISC |
| libxls -- libxls |
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12108 MISC |
| linux -- linux_kernel |
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. | 2018-04-23 | not yet calculated | CVE-2018-8781 MISC |
| linux -- linux_kernel |
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. | 2018-04-24 | not yet calculated | CVE-2018-10322 BID MISC MISC |
| linux -- linux_kernel |
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. | 2018-04-24 | not yet calculated | CVE-2018-10323 BID MISC MISC |
| lutron -- quantum_bacnet_integration |
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. | 2018-04-23 | not yet calculated | CVE-2018-8880 MISC EXPLOIT-DB |
| micro_focus -- idm_identity_applications |
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | 2018-04-26 | not yet calculated | CVE-2017-9284 CONFIRM |
| micro_focus -- netiq_identity_reporting |
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. | 2018-04-26 | not yet calculated | CVE-2017-9275 CONFIRM |
| micro_focus -- universal_cmdb |
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. | 2018-04-23 | not yet calculated | CVE-2018-6491 SECTRACK CONFIRM |
| minicms -- minicms |
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field. | 2018-04-26 | not yet calculated | CVE-2018-10424 MISC |
| minicms -- minicms |
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. | 2018-04-26 | not yet calculated | CVE-2018-10423 MISC |
| minicms -- minicms |
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. | 2018-04-22 | not yet calculated | CVE-2018-10296 MISC |
| mitel -- mivoice_connect_and_st_14.2 |
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2018-04-25 | not yet calculated | CVE-2018-9101 CONFIRM CONFIRM |
| mitel -- mivoice_connect_and_st_14.2 |
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2018-04-25 | not yet calculated | CVE-2018-9104 CONFIRM CONFIRM |
| mitel -- mivoice_connect_and_st_14.2 |
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database. | 2018-04-25 | not yet calculated | CVE-2018-9102 CONFIRM CONFIRM |
| mitel -- mivoice_connect_and_st_14.2 |
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2018-04-25 | not yet calculated | CVE-2018-9103 CONFIRM CONFIRM |
| momentum -- axel_720p_devices |
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. | 2018-04-24 | not yet calculated | CVE-2018-10328 MISC |
| ncomputing -- vspace_pro |
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667. | 2018-04-20 | not yet calculated | CVE-2018-10201 MISC EXPLOIT-DB MISC |
| netapp -- oncommand_unified_manager_for_linux |
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. | 2018-04-25 | not yet calculated | CVE-2018-5486 CONFIRM |
| netwide_assembler -- netwide_assembler |
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. | 2018-04-23 | not yet calculated | CVE-2018-10316 MISC |
| october_cms -- october_cms |
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field. | 2018-04-25 | not yet calculated | CVE-2018-10366 CONFIRM EXPLOIT-DB |
| opendaylight -- helium |
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. | 2018-04-27 | not yet calculated | CVE-2015-1857 CONFIRM CONFIRM CONFIRM |
| openslp -- openslp |
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | 2018-04-23 | not yet calculated | CVE-2017-17833 CONFIRM MLIST CONFIRM |
| ovirt-engine -- api_and_administration_web_portal |
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control. | 2018-04-26 | not yet calculated | CVE-2018-1074 REDHAT CONFIRM |
| packagekit -- packagekit |
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. | 2018-04-23 | not yet calculated | CVE-2018-1106 MLIST REDHAT CONFIRM UBUNTU |
| paessler -- prtg_network_monitor |
Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls. | 2018-04-20 | not yet calculated | CVE-2018-10253 EXPLOIT-DB CONFIRM |
| paypal -- paypal |
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | 2018-04-27 | not yet calculated | CVE-2013-7202 XF MISC |
| paypal -- paypal |
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | 2018-04-27 | not yet calculated | CVE-2013-7201 SECUNIA XF MISC |
| philips -- dosewise_portal_portal_application |
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. | 2018-04-24 | not yet calculated | CVE-2017-9656 CONFIRM BID MISC |
| philips -- dosewise_portal_web-based_application |
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. | 2018-04-24 | not yet calculated | CVE-2017-9654 CONFIRM BID MISC |
| phpipam -- phpipam |
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter. | 2018-04-24 | not yet calculated | CVE-2018-10329 CONFIRM |
| phpliteadmin -- phpliteadmin |
An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers. | 2018-04-25 | not yet calculated | CVE-2018-10362 MISC MISC |
| psensor -- psensor |
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | 2018-04-20 | not yet calculated | CVE-2014-10073 CONFIRM CONFIRM CONFIRM MLIST |
| puppet -- puppet-swift |
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. | 2018-04-26 | not yet calculated | CVE-2016-9590 REDHAT REDHAT REDHAT BID CONFIRM |
| puppet -- puppet-tripleo | puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | 2018-04-23 | not yet calculated | CVE-2016-9599 REDHAT CONFIRM |
| qemu -- qemu |
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | 2018-04-26 | not yet calculated | CVE-2016-9602 MLIST BID SECTRACK CONFIRM MLIST MLIST GENTOO |
| qnap_nas -- photo_station |
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | 2018-04-23 | not yet calculated | CVE-2017-13073 CONFIRM |
| r_3.4.4 -- r_3.4.4 |
R 3.4.4 suffers from a local buffer overflow that allows code execution. | 2018-04-24 | not yet calculated | CVE-2018-9060 MISC EXPLOIT-DB |
| reaper -- reaper |
Reaper 5.78 suffers from a local buffer overflow that allows code execution. | 2018-04-24 | not yet calculated | CVE-2018-9131 MISC |
| saltstack -- salt |
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. | 2018-04-23 | not yet calculated | CVE-2017-7893 CONFIRM |
| seagate -- personal_cloud |
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | 2018-04-27 | not yet calculated | CVE-2017-18263 MISC MISC |
| shanghai_2345 -- security_guard |
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered. | 2018-04-26 | not yet calculated | CVE-2018-10425 MISC |
| siemens -- multiple_products |
A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < SIMATIC BATCH V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < SIMATIC BATCH V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd4). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. | 2018-04-24 | not yet calculated | CVE-2018-4832 CONFIRM MISC |
| siemens -- simatic_wincc_oa_operator_ios_app |
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens provides mitigations to resolve the security issue. | 2018-04-23 | not yet calculated | CVE-2018-4847 BID CONFIRM |
| simple_machines_forum -- simple_machines_forum |
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | 2018-04-23 | not yet calculated | CVE-2018-10305 MISC |
| sitecore -- sitecore.net |
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack. | 2018-04-27 | not yet calculated | CVE-2018-7669 FULLDISC CONFIRM |
| smartmesh -- smartmesh |
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue. | 2018-04-25 | not yet calculated | CVE-2018-10376 MISC MISC MISC |
| sourcetree -- sourcetree_for_windows |
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability. | 2018-04-25 | not yet calculated | CVE-2018-5226 CONFIRM |
| spidercontrol -- microbrowser |
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. | 2018-04-26 | not yet calculated | CVE-2017-14010 MISC BID MISC |
| sybase -- adaptive_server_enterprise |
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. | 2018-04-24 | not yet calculated | CVE-2013-7245 MISC MISC |
| tinysvcmdns -- tinysvcmdns |
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability. | 2018-04-24 | not yet calculated | CVE-2017-12087 MISC |
| tunnelbear -- tunnelbear |
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | 2018-04-25 | not yet calculated | CVE-2018-10381 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature. | 2018-04-25 | not yet calculated | CVE-2018-10210 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI. | 2018-04-25 | not yet calculated | CVE-2018-10208 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie. | 2018-04-25 | not yet calculated | CVE-2018-10211 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request. | 2018-04-25 | not yet calculated | CVE-2018-10206 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value. | 2018-04-25 | not yet calculated | CVE-2018-10212 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it. | 2018-04-25 | not yet calculated | CVE-2018-10213 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name. | 2018-04-25 | not yet calculated | CVE-2018-10209 MISC |
| vaultize -- enterprise_file_sharing |
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format. | 2018-04-25 | not yet calculated | CVE-2018-10207 MISC |
| virtuemart -- virtuemart |
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS. | 2018-04-26 | not yet calculated | CVE-2018-7465 MISC MISC |
| wordpress -- wordpress |
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser. | 2018-04-25 | not yet calculated | CVE-2018-10310 MISC MISC MISC EXPLOIT-DB |
| wordpress -- wordpress |
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | 2018-04-23 | not yet calculated | CVE-2018-10234 MISC MISC |
| wordpress -- wordpress |
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS. | 2018-04-23 | not yet calculated | CVE-2018-10309 MISC CONFIRM MISC |
| wordpress -- wordpress |
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 2018-04-27 | not yet calculated | CVE-2018-10504 MISC |
| wordpress -- wordpress |
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio. | 2018-04-23 | not yet calculated | CVE-2018-10300 MISC |
| wordpress -- wordpress |
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin. | 2018-04-23 | not yet calculated | CVE-2018-10233 MISC MISC |
| wordpress -- wordpress |
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | 2018-04-25 | not yet calculated | CVE-2014-5014 CONFIRM CONFIRM |
| wordpress -- wordpress |
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post. | 2018-04-23 | not yet calculated | CVE-2018-10301 MISC |
| wso2 -- wso2_identity_server |
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. | 2018-04-25 | not yet calculated | CVE-2018-8716 MISC FULLDISC BUGTRAQ EXPLOIT-DB MISC |
| wuzhi_cms -- wuzhi_cms | A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. | 2018-04-23 | not yet calculated | CVE-2018-10311 MISC |
| wuzhi_cms -- wuzhi_cms |
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. | 2018-04-23 | not yet calculated | CVE-2018-10313 MISC |
| wuzhi_cms -- wuzhi_cms |
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | 2018-04-26 | not yet calculated | CVE-2018-10391 MISC |
| wuzhi_cms -- wuzhi_cms |
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. | 2018-04-25 | not yet calculated | CVE-2018-10367 MISC |
| wuzhi_cms -- wuzhi_cms |
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. | 2018-04-23 | not yet calculated | CVE-2018-10312 MISC EXPLOIT-DB |
| wuzhi_cms -- wuzhi_cms |
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. | 2018-04-25 | not yet calculated | CVE-2018-10368 MISC |
| xen -- xen |
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | 2018-04-27 | not yet calculated | CVE-2018-10471 CONFIRM |
| xen -- xen |
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. | 2018-04-27 | not yet calculated | CVE-2018-10472 CONFIRM |
| xiph.org -- libvorbis |
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | 2018-04-26 | not yet calculated | CVE-2018-10392 MISC |
| xiph.org -- libvorbis |
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | 2018-04-26 | not yet calculated | CVE-2018-10393 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2Fst63Z
Subscribe to:
Posts (Atom)