The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco -- ios_xe | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of the affected software. A successful exploit could allow the attacker to write arbitrary files to the operating system of an affected device. Cisco Bug IDs: CSCvb22645. | 2018-03-28 | 4.0 | CVE-2018-0196 CONFIRM |
imagemagick -- imagemagick | An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | 2018-03-26 | 4.3 | CVE-2017-18250 CONFIRM |
imagemagick -- imagemagick | An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. | 2018-03-26 | 4.3 | CVE-2017-18251 CONFIRM |
imagemagick -- imagemagick | An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. | 2018-03-26 | 4.3 | CVE-2017-18252 CONFIRM |
imagemagick -- imagemagick | An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | 2018-03-26 | 4.3 | CVE-2017-18253 CONFIRM |
imagemagick -- imagemagick | An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. | 2018-03-26 | 4.3 | CVE-2017-18254 CONFIRM |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. | 2018-03-24 | 6.1 | CVE-2018-8998 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. | 2018-03-24 | 6.1 | CVE-2018-8999 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. | 2018-03-24 | 6.1 | CVE-2018-9000 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. | 2018-03-24 | 6.1 | CVE-2018-9001 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. | 2018-03-24 | 6.1 | CVE-2018-9002 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. | 2018-03-24 | 6.1 | CVE-2018-9003 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. | 2018-03-24 | 6.1 | CVE-2018-9004 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. | 2018-03-24 | 6.1 | CVE-2018-9005 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. | 2018-03-24 | 6.1 | CVE-2018-9006 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. | 2018-03-24 | 6.1 | CVE-2018-9007 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. | 2018-03-26 | 6.1 | CVE-2018-9040 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. | 2018-03-26 | 6.1 | CVE-2018-9041 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. | 2018-03-26 | 6.1 | CVE-2018-9042 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. | 2018-03-26 | 6.1 | CVE-2018-9043 MISC |
iobit -- advanced_systemcare_ultimate | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. | 2018-03-26 | 6.1 | CVE-2018-9044 MISC |
jasper_project -- jasper | JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. | 2018-03-27 | 4.3 | CVE-2018-9055 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008. | 2018-03-24 | 6.1 | CVE-2018-8988 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006. | 2018-03-24 | 6.1 | CVE-2018-8989 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010. | 2018-03-24 | 6.1 | CVE-2018-8990 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009. | 2018-03-24 | 6.1 | CVE-2018-8991 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005. | 2018-03-24 | 6.1 | CVE-2018-8992 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001. | 2018-03-24 | 6.1 | CVE-2018-8993 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003. | 2018-03-24 | 6.1 | CVE-2018-8994 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002. | 2018-03-24 | 6.1 | CVE-2018-8995 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007. | 2018-03-24 | 6.1 | CVE-2018-8996 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004. | 2018-03-24 | 6.1 | CVE-2018-8997 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849. | 2018-03-26 | 6.1 | CVE-2018-9045 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282d. | 2018-03-26 | 6.1 | CVE-2018-9046 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002841. | 2018-03-26 | 6.1 | CVE-2018-9047 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c. | 2018-03-26 | 6.1 | CVE-2018-9048 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833. | 2018-03-26 | 6.1 | CVE-2018-9049 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100202d. | 2018-03-26 | 6.1 | CVE-2018-9050 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002021. | 2018-03-26 | 6.1 | CVE-2018-9051 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c. | 2018-03-26 | 6.1 | CVE-2018-9052 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc. | 2018-03-26 | 6.1 | CVE-2018-9053 MISC |
windows_optimization_master_project -- windows_optimization_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100284c. | 2018-03-26 | 6.1 | CVE-2018-9054 MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acrolinx_server -- acrolinx_server |
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. | 2018-03-25 | not yet calculated | CVE-2018-7719 CONFIRM EXPLOIT-DB |
apache -- http_server |
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. | 2018-03-26 | not yet calculated | CVE-2018-1303 MLIST BID SECTRACK CONFIRM |
apache -- http_server |
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. | 2018-03-26 | not yet calculated | CVE-2018-1302 MLIST BID SECTRACK CONFIRM |
apache -- http_server |
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. | 2018-03-26 | not yet calculated | CVE-2018-1301 MLIST BID SECTRACK CONFIRM |
apache -- httpd |
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. | 2018-03-26 | not yet calculated | CVE-2017-15710 MLIST BID SECTRACK CONFIRM |
apache -- httpd |
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. | 2018-03-26 | not yet calculated | CVE-2018-1283 MLIST BID SECTRACK CONFIRM |
apache -- httpd |
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. | 2018-03-26 | not yet calculated | CVE-2018-1312 MLIST BID SECTRACK CONFIRM |
apache -- httpd |
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. | 2018-03-26 | not yet calculated | CVE-2017-15715 MLIST BID SECTRACK CONFIRM |
apache -- struts_rest_plugin |
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here https://ift.tt/2GwzonE. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. | 2018-03-27 | not yet calculated | CVE-2018-1327 BID SECTRACK MISC CONFIRM |
atlassian -- bamboo |
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability. | 2018-03-29 | not yet calculated | CVE-2018-5224 CONFIRM CONFIRM |
atlassian -- fisheye_and_crucible |
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability. | 2018-03-29 | not yet calculated | CVE-2018-5223 CONFIRM CONFIRM CONFIRM CONFIRM |
avolve_software -- projectdox |
Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token. | 2018-03-27 | not yet calculated | CVE-2014-5130 MISC BUGTRAQ BID XF |
avolve_software -- projectdox |
Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses. | 2018-03-27 | not yet calculated | CVE-2014-5132 MISC BUGTRAQ XF |
avolve_software -- projectdox |
Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse. | 2018-03-27 | not yet calculated | CVE-2014-5131 MISC BUGTRAQ BID XF |
beckhoff -- twincat |
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. | 2018-03-23 | not yet calculated | CVE-2018-7502 BID MISC MISC |
bomgar -- remote_support_portal_javastart.jar_applet |
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. | 2018-03-26 | not yet calculated | CVE-2017-12815 BUGTRAQ |
ca_technologies -- ca_api_developer_portal |
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | 2018-03-29 | not yet calculated | CVE-2018-6588 SECTRACK CONFIRM |
ca_technologies -- ca_api_developer_portal |
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | 2018-03-29 | not yet calculated | CVE-2018-6587 SECTRACK CONFIRM |
ca_technologies -- ca_api_developer_portal |
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | 2018-03-29 | not yet calculated | CVE-2018-6586 SECTRACK CONFIRM |
cisco -- catalyst_4500_series_switches_and _catalyst_4500-x_series_switches |
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729. | 2018-03-28 | not yet calculated | CVE-2018-0155 SECTRACK CONFIRM |
cisco -- integrated_services_module_for_vpn |
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267. | 2018-03-28 | not yet calculated | CVE-2018-0154 BID SECTRACK CONFIRM |
cisco -- ios_and_ios_xe_and_ios_xr |
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487, CSCvd73664. | 2018-03-28 | not yet calculated | CVE-2018-0167 SECTRACK CONFIRM |
cisco -- ios_and_ios_xe_and_ios_xr |
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487, CSCvd73664. | 2018-03-28 | not yet calculated | CVE-2018-0175 SECTRACK CONFIRM |
cisco -- ios_and_ios_xe |
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730. | 2018-03-28 | not yet calculated | CVE-2018-0172 BID SECTRACK CONFIRM MISC |
cisco -- ios_and_ios_xe |
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655. | 2018-03-28 | not yet calculated | CVE-2018-0189 BID CONFIRM |
cisco -- ios_and_ios_xe |
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. | 2018-03-28 | not yet calculated | CVE-2018-0171 BID SECTRACK CONFIRM |
cisco -- ios_and_ios_xe |
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754. | 2018-03-28 | not yet calculated | CVE-2018-0173 BID SECTRACK CONFIRM MISC |
cisco -- ios_and_ios_xe |
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645. | 2018-03-28 | not yet calculated | CVE-2018-0174 BID SECTRACK CONFIRM MISC |
cisco -- ios_and_ios_xe |
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881. | 2018-03-28 | not yet calculated | CVE-2018-0151 BID SECTRACK CONFIRM |
cisco -- ios_and_ios_xe |
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394. | 2018-03-28 | not yet calculated | CVE-2018-0158 SECTRACK CONFIRM |
cisco -- ios_and_ios_xe |
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673. | 2018-03-28 | not yet calculated | CVE-2018-0156 SECTRACK CONFIRM |
cisco -- ios_and_ios_xe |
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916. | 2018-03-28 | not yet calculated | CVE-2018-0159 SECTRACK CONFIRM |
cisco -- ios_xe | A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428. | 2018-03-28 | not yet calculated | CVE-2018-0195 BID CONFIRM |
cisco -- ios_xe |
A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296. | 2018-03-28 | not yet calculated | CVE-2018-0157 BID SECTRACK CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. | 2018-03-28 | not yet calculated | CVE-2018-0185 BID CONFIRM |
cisco -- ios_xe |
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432. | 2018-03-28 | not yet calculated | CVE-2018-0184 BID CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. | 2018-03-28 | not yet calculated | CVE-2018-0186 BID CONFIRM |
cisco -- ios_xe |
A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied; however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. Cisco Bug IDs: CSCvd75185. | 2018-03-28 | not yet calculated | CVE-2018-0164 BID CONFIRM |
cisco -- ios_xe |
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496. | 2018-03-28 | not yet calculated | CVE-2018-0165 SECTRACK CONFIRM |
cisco -- ios_xe |
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356. | 2018-03-28 | not yet calculated | CVE-2018-0183 BID CONFIRM |
cisco -- ios_xe |
A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818. | 2018-03-28 | not yet calculated | CVE-2018-0160 SECTRACK CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. | 2018-03-28 | not yet calculated | CVE-2018-0182 BID CONFIRM |
cisco -- ios_xe |
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769. | 2018-03-28 | not yet calculated | CVE-2018-0152 BID SECTRACK CONFIRM |
cisco -- ios_xe |
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875. | 2018-03-27 | not yet calculated | CVE-2017-12319 BID CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370. | 2018-03-28 | not yet calculated | CVE-2018-0169 SECTRACK CONFIRM |
cisco -- ios_xe |
A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327. | 2018-03-28 | not yet calculated | CVE-2018-0170 BID SECTRACK CONFIRM |
cisco -- ios_xe |
A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714. | 2018-03-28 | not yet calculated | CVE-2018-0177 SECTRACK CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370. | 2018-03-28 | not yet calculated | CVE-2018-0176 SECTRACK CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. | 2018-03-28 | not yet calculated | CVE-2018-0193 BID CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. | 2018-03-28 | not yet calculated | CVE-2018-0190 BID CONFIRM |
cisco -- ios_xe |
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. | 2018-03-28 | not yet calculated | CVE-2018-0188 BID CONFIRM |
cisco -- ios_xe |
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. | 2018-03-28 | not yet calculated | CVE-2018-0150 BID SECTRACK CONFIRM |
cisco -- ios |
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701. | 2018-03-28 | not yet calculated | CVE-2018-0163 CONFIRM |
cisco -- ios |
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541. | 2018-03-28 | not yet calculated | CVE-2018-0161 SECTRACK CONFIRM |
cisco -- ios |
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. | 2018-03-28 | not yet calculated | CVE-2018-0179 BID CONFIRM |
cisco -- ios |
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. | 2018-03-28 | not yet calculated | CVE-2018-0180 BID CONFIRM |
cisco -- spark_hybrid_calendar_service |
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593. | 2018-03-27 | not yet calculated | CVE-2017-12310 CONFIRM |
cisco -- unified_communications_manager |
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592. | 2018-03-27 | not yet calculated | CVE-2018-0198 BID SECTRACK CONFIRM |
clamav -- clamav |
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400. | 2018-03-27 | not yet calculated | CVE-2018-0202 CONFIRM CONFIRM MLIST UBUNTU UBUNTU |
cloud_foundry_foundation -- cloud_foundry_bosh_cli |
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. | 2018-03-27 | not yet calculated | CVE-2018-1231 CONFIRM |
cloud_foundry_foundation -- cloud_foundry_cloud_controller |
Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. | 2018-03-27 | not yet calculated | CVE-2018-1266 CONFIRM |
cloud_foundry_foundation -- cloud_foundry_garden-runc |
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. | 2018-03-29 | not yet calculated | CVE-2018-1191 CONFIRM |
cloud_foundry_foundation -- cloud_foundry_silk_cni_plugin |
Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies. | 2018-03-27 | not yet calculated | CVE-2018-1267 CONFIRM |
cloud_foundry_foundation -- pcf_elastic_runtime |
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials. | 2018-03-29 | not yet calculated | CVE-2016-6658 CONFIRM |
contec -- smart_home_devices |
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. | 2018-03-31 | not yet calculated | CVE-2018-9162 EXPLOIT-DB |
crea8social -- crea8social |
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. | 2018-03-29 | not yet calculated | CVE-2018-9121 MISC MISC |
crea8social -- crea8social |
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. | 2018-03-29 | not yet calculated | CVE-2018-9123 MISC |
crea8social -- crea8social |
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | 2018-03-29 | not yet calculated | CVE-2018-9120 MISC MISC |
crea8social -- crea8social |
In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. | 2018-03-29 | not yet calculated | CVE-2018-9122 MISC MISC |
cups -- cups |
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. | 2018-03-26 | not yet calculated | CVE-2017-18248 CONFIRM CONFIRM CONFIRM MISC |
d-link -- dir-601_b1_2.02na_devices |
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. | 2018-03-30 | not yet calculated | CVE-2018-5708 FULLDISC |
d-link -- dir-850l_wireless_ac1200_dual_band_gigabit_cloud_router |
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. | 2018-03-26 | not yet calculated | CVE-2018-9032 EXPLOIT-DB MISC |
dedecms -- dedecms |
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters. | 2018-03-30 | not yet calculated | CVE-2018-9134 MISC |
dedecms -- dedecms |
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | 2018-03-27 | not yet calculated | CVE-2018-7700 MISC |
dell_emc -- isilon |
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. | 2018-03-26 | not yet calculated | CVE-2018-1204 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | 2018-03-26 | not yet calculated | CVE-2018-1186 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | 2018-03-26 | not yet calculated | CVE-2018-1188 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges. | 2018-03-26 | not yet calculated | CVE-2018-1203 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | 2018-03-26 | not yet calculated | CVE-2018-1187 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | 2018-03-26 | not yet calculated | CVE-2018-1201 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. | 2018-03-26 | not yet calculated | CVE-2018-1213 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | 2018-03-26 | not yet calculated | CVE-2018-1202 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- isilon |
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | 2018-03-26 | not yet calculated | CVE-2018-1189 FULLDISC BID MISC EXPLOIT-DB |
dell_emc -- scaleio |
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. | 2018-03-27 | not yet calculated | CVE-2018-1238 FULLDISC |
dell_emc -- scaleio |
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. | 2018-03-27 | not yet calculated | CVE-2018-1237 FULLDISC |
dell_emc -- scaleio |
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. | 2018-03-27 | not yet calculated | CVE-2018-1205 FULLDISC |
docker -- docker_notary |
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data. | 2018-03-31 | not yet calculated | CVE-2015-9258 MISC MISC |
docker -- docker_notary |
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | 2018-03-31 | not yet calculated | CVE-2015-9259 MISC MISC |
drupal -- drupal |
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | 2018-03-29 | not yet calculated | CVE-2018-7600 BID SECTRACK MISC MISC MISC CONFIRM MLIST MISC MISC DEBIAN CONFIRM CONFIRM MISC |
drupal -- drupal |
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003. | 2018-03-29 | not yet calculated | CVE-2014-5170 MLIST XF CONFIRM MISC |
dsmall -- dsmall |
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. | 2018-03-25 | not yet calculated | CVE-2018-9014 MISC |
dsmall -- dsmall |
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. | 2018-03-25 | not yet calculated | CVE-2018-9016 MISC |
dsmall -- dsmall |
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). | 2018-03-25 | not yet calculated | CVE-2018-9015 MISC |
dsmall -- dsmall |
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI. | 2018-03-25 | not yet calculated | CVE-2018-9017 MISC |
elfinder -- elfinder |
Studio 42 elFinder before 2.1.36 has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion. | 2018-03-28 | not yet calculated | CVE-2018-9109 CONFIRM CONFIRM |
elfinder -- elfinder |
Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109. | 2018-03-28 | not yet calculated | CVE-2018-9110 CONFIRM CONFIRM |
enhancesoft -- osticket |
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | 2018-03-27 | not yet calculated | CVE-2018-7192 MISC |
enhancesoft -- osticket |
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | 2018-03-27 | not yet calculated | CVE-2018-7193 MISC |
enhancesoft -- osticket |
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting. | 2018-03-27 | not yet calculated | CVE-2018-7194 MISC |
enhancesoft -- osticket |
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | 2018-03-27 | not yet calculated | CVE-2018-7196 MISC |
enhancesoft -- osticket |
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. | 2018-03-27 | not yet calculated | CVE-2018-7195 MISC |
exiv2 -- exiv2 |
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. | 2018-03-30 | not yet calculated | CVE-2018-9144 MISC MISC |
exiv2 -- exiv2 |
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp, a different vulnerability than CVE-2017-17724. It could result in denial of service or information disclosure. | 2018-03-30 | not yet calculated | CVE-2018-9146 MISC MISC |
exiv2 -- exiv2 |
In Exiv2 0.26, there is a reachable assertion abort in the function Exiv2::DataBuf::DataBuf at include/exiv2/types.hpp. | 2018-03-30 | not yet calculated | CVE-2018-9145 MISC |
firebird_project -- firebird_sql_server |
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. | 2018-03-28 | not yet calculated | CVE-2017-11509 MISC |
frog_cms -- frog_cms |
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. | 2018-03-31 | not yet calculated | CVE-2018-8908 MISC |
gespage -- gespage |
Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. | 2018-03-30 | not yet calculated | CVE-2018-9147 MISC |
gnu -- binutils |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. | 2018-03-30 | not yet calculated | CVE-2018-9138 MISC |
google -- android |
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | 2018-03-29 | not yet calculated | CVE-2015-2002 MISC MISC |
google -- android |
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | 2018-03-29 | not yet calculated | CVE-2015-2004 MISC MISC |
google -- android |
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | 2018-03-29 | not yet calculated | CVE-2015-2003 MISC MISC |
google -- android |
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | 2018-03-29 | not yet calculated | CVE-2015-2020 MISC MISC |
google -- android |
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | 2018-03-29 | not yet calculated | CVE-2015-2001 MISC MISC |
google -- android |
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | 2018-03-29 | not yet calculated | CVE-2015-2000 MISC MISC |
graphicsmagick -- graphicsmagick |
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. | 2018-03-25 | not yet calculated | CVE-2018-9018 BID MLIST MISC |
hashicorp -- terraform_amazon_web_services_provider |
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password. | 2018-03-27 | not yet calculated | CVE-2018-9057 MISC |
hashicorp -- vagrant-vmware-fusion |
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. | 2018-03-29 | not yet calculated | CVE-2017-16839 MISC |
hashicorp -- vagrant-vmware-fusion |
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | 2018-03-29 | not yet calculated | CVE-2017-16512 MISC |
hashicorp -- vagrant-vmware-fusion |
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. | 2018-03-29 | not yet calculated | CVE-2017-16873 MISC |
hoek -- hoek |
hoek node module before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | 2018-03-30 | not yet calculated | CVE-2018-3728 BID CONFIRM MISC |
ibm -- bigfix_remote_control |
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200. | 2018-03-27 | not yet calculated | CVE-2015-4954 CONFIRM XF |
ibm -- bigfix_remote_control |
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197. | 2018-03-29 | not yet calculated | CVE-2015-4953 AIXAPAR XF CONFIRM |
ibm -- business_process_manager |
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152. | 2018-03-30 | not yet calculated | CVE-2017-1767 CONFIRM MISC |
ibm -- business_process_manager |
Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151. | 2018-03-30 | not yet calculated | CVE-2017-1766 CONFIRM MISC |
ibm -- business_process_manager |
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. | 2018-03-30 | not yet calculated | CVE-2018-1384 CONFIRM MISC |
ibm -- business_process_manager |
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150. | 2018-03-30 | not yet calculated | CVE-2017-1765 CONFIRM MISC |
ibm -- business_process_manager |
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. | 2018-03-30 | not yet calculated | CVE-2017-1756 CONFIRM MISC |
ibm -- capacity_management_analytics |
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863. | 2018-03-26 | not yet calculated | CVE-2015-7434 CONFIRM XF |
ibm -- capacity_management_analytics |
IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861. | 2018-03-26 | not yet calculated | CVE-2015-7432 CONFIRM XF |
ibm -- capacity_management_analytics |
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862. | 2018-03-26 | not yet calculated | CVE-2015-7433 CONFIRM XF |
ibm -- curam_social_program_management |
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106. | 2018-03-26 | not yet calculated | CVE-2015-7401 CONFIRM XF |
ibm -- endpoint_manager_for_remote_control |
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196. | 2018-03-29 | not yet calculated | CVE-2015-4952 CONFIRM |
ibm -- financial_transaction_manager_for_check_services_for_multi-platform |
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. | 2018-03-30 | not yet calculated | CVE-2018-1390 CONFIRM MISC |
ibm -- infosphere_master_data_management |
IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780. | 2018-03-26 | not yet calculated | CVE-2015-7424 CONFIRM XF |
ibm -- infosphere_master_data_management |
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771. | 2018-03-26 | not yet calculated | CVE-2015-7423 CONFIRM XF |
ibm -- multiple_products |
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. | 2018-03-27 | not yet calculated | CVE-2015-5016 CONFIRM XF |
ibm -- qradar_siem |
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921. | 2018-03-29 | not yet calculated | CVE-2015-2009 CONFIRM |
ibm -- rational_clearcase |
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715. | 2018-03-26 | not yet calculated | CVE-2015-5039 CONFIRM XF |
ibm -- rational_license_key_server |
The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938. | 2018-03-26 | not yet calculated | CVE-2015-5045 CONFIRM XF |
ibm -- security_privileged_identity_manager |
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427. | 2018-03-30 | not yet calculated | CVE-2017-1705 CONFIRM MISC |
ibm -- tealeaf_customer_experience |
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896. | 2018-03-27 | not yet calculated | CVE-2015-4987 CONFIRM XF |
ibm -- websphere_mq |
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520. | 2018-03-30 | not yet calculated | CVE-2017-1747 CONFIRM MISC |
ibos -- ibos |
IBOS 4.4.3 has XSS via a company full name. | 2018-03-30 | not yet calculated | CVE-2018-9130 MISC MISC |
imagemagick -- imagemagick |
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | 2018-03-23 | not yet calculated | CVE-2018-8960 BID MISC |
imagemagick -- imagemagick |
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. | 2018-03-30 | not yet calculated | CVE-2018-9133 MISC |
imagemagick -- imagemagick |
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | 2018-03-30 | not yet calculated | CVE-2018-9135 CONFIRM |
intelbras -- telefone_ip_tip200/200_lite_devices |
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. | 2018-03-25 | not yet calculated | CVE-2018-9010 EXPLOIT-DB |
jenkins -- jenkins |
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | 2018-03-27 | not yet calculated | CVE-2018-8718 MLIST CONFIRM |
joomla! -- joomla! |
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | 2018-03-28 | not yet calculated | CVE-2018-9106 MISC EXPLOIT-DB |
joomla! -- joomla! |
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | 2018-03-28 | not yet calculated | CVE-2018-9107 MISC MISC MISC EXPLOIT-DB |
jungo -- driverwizard_windriver |
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821. | 2018-03-30 | not yet calculated | CVE-2018-9136 MISC |
kaseya -- virtual_system_administrator_agent |
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges. | 2018-03-26 | not yet calculated | CVE-2017-12410 BUGTRAQ |
kibana -- kibana |
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | 2018-03-30 | not yet calculated | CVE-2018-3819 CONFIRM |
kibana -- kibana |
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2018-03-30 | not yet calculated | CVE-2018-3818 BID CONFIRM |
kibana -- kibana |
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2018-03-30 | not yet calculated | CVE-2018-3821 CONFIRM |
kibana -- kibana |
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2018-03-30 | not yet calculated | CVE-2018-3820 CONFIRM |
kingsoft -- internet_security_9+_kernel_driver_kwatch3.sys |
A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030. | 2018-03-30 | not yet calculated | CVE-2018-9151 MISC |
knot_dns -- knot_dns |
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. | 2018-03-27 | not yet calculated | CVE-2014-0486 BID XF CONFIRM |
laravel_log_viewer -- laravel_log_viewer |
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request. | 2018-03-25 | not yet calculated | CVE-2018-8947 MISC MISC EXPLOIT-DB |
libming -- libming |
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | 2018-03-30 | not yet calculated | CVE-2018-9132 MISC |
librelp -- librelp_rsyslog |
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | 2018-03-23 | not yet calculated | CVE-2018-1000140 MISC MISC UBUNTU DEBIAN |
libvirt -- libvirt |
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | 2018-03-28 | not yet calculated | CVE-2018-1064 CONFIRM CONFIRM MLIST DEBIAN |
linux -- linux_kernel |
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. | 2018-03-27 | not yet calculated | CVE-2018-1091 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel |
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | 2018-03-30 | not yet calculated | CVE-2018-7566 SUSE MLIST CONFIRM CONFIRM |
linux -- linux_kernel |
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. | 2018-03-31 | not yet calculated | CVE-2017-18255 MISC MISC |
linux -- linux_kernel |
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. | 2018-03-26 | not yet calculated | CVE-2017-18249 MISC MISC |
logstash -- logstash |
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | 2018-03-30 | not yet calculated | CVE-2018-3817 CONFIRM |
lrzip -- lrzip |
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | 2018-03-27 | not yet calculated | CVE-2018-9058 MISC |
minicms -- minicms |
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. | 2018-03-27 | not yet calculated | CVE-2018-9092 MISC EXPLOIT-DB |
multiple_vendors -- multiple_products |
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. | 2018-03-27 | not yet calculated | CVE-2018-9056 MISC MISC |
mysql_for_pcf_tiles -- mysql_for_pcf_tiles |
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | 2018-03-29 | not yet calculated | CVE-2016-0898 BID CONFIRM |
netiq -- identity_manager_driver |
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. | 2018-03-26 | not yet calculated | CVE-2018-1348 BID CONFIRM |
netiq -- identity_manager_driver |
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. | 2018-03-26 | not yet calculated | CVE-2018-1349 BID CONFIRM |
netiq -- identity_manager_driver |
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. | 2018-03-28 | not yet calculated | CVE-2018-7676 CONFIRM |
netiq -- identity_manager_driver |
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | 2018-03-28 | not yet calculated | CVE-2018-7674 CONFIRM |
netiq -- identity_manager_driver |
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. | 2018-03-26 | not yet calculated | CVE-2018-1350 BID CONFIRM |
netiq -- identity_manager_driver |
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. | 2018-03-26 | not yet calculated | CVE-2018-7673 BID CONFIRM |
nextcloud -- nextcloud_server |
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user. | 2018-03-28 | not yet calculated | CVE-2017-0936 MISC CONFIRM |
nordvpn -- nordvpn |
NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code execution in the context of the privileged helper tool. | 2018-03-27 | not yet calculated | CVE-2018-9105 MISC |
nvidia -- tegra_kernel |
NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. | 2018-03-26 | not yet calculated | CVE-2017-6278 CONFIRM |
octopus -- deploy |
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments. | 2018-03-26 | not yet calculated | CVE-2018-9039 CONFIRM CONFIRM |
oneplus -- multiple_devices |
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader. | 2018-03-29 | not yet calculated | CVE-2017-5947 MISC |
open-audit_professional -- open-audit_professional |
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | 2018-03-25 | not yet calculated | CVE-2018-8979 MISC EXPLOIT-DB |
open-audit_professional -- open-audit_professional |
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. | 2018-03-25 | not yet calculated | CVE-2018-8978 MISC |
open-audit_professional -- open-audit_professional |
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. | 2018-03-26 | not yet calculated | CVE-2018-8937 MISC |
openssl_project -- openssl |
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). | 2018-03-27 | not yet calculated | CVE-2018-0733 BID SECTRACK CONFIRM CONFIRM CONFIRM |
openssl_project -- openssl |
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). | 2018-03-27 | not yet calculated | CVE-2018-0739 BID SECTRACK CONFIRM CONFIRM MLIST CONFIRM UBUNTU DEBIAN DEBIAN CONFIRM |
opera -- opera | In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. | 2018-03-28 | not yet calculated | CVE-2018-6608 MISC MISC MISC MISC MISC |
owncloud_server -- owncloud_server |
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | 2018-03-26 | not yet calculated | CVE-2014-2048 XF CONFIRM |
philips -- alice_6_system |
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. | 2018-03-28 | not yet calculated | CVE-2018-7498 BID MISC |
philips -- alice_6_system |
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code. | 2018-03-28 | not yet calculated | CVE-2018-5451 BID MISC |
philips -- intellispace_portal | Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code | 2018-03-26 | not yet calculated | CVE-2018-5468 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. | 2018-03-26 | not yet calculated | CVE-2018-5470 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime. | 2018-03-26 | not yet calculated | CVE-2018-5454 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 2018-03-26 | not yet calculated | CVE-2018-5464 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 2018-03-26 | not yet calculated | CVE-2018-5462 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. | 2018-03-26 | not yet calculated | CVE-2018-5474 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. | 2018-03-26 | not yet calculated | CVE-2018-5458 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. | 2018-03-26 | not yet calculated | CVE-2018-5472 BID MISC CONFIRM |
philips -- intellispace_portal |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 2018-03-26 | not yet calculated | CVE-2018-5466 BID MISC CONFIRM |
prestashop -- prestashop |
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter. | 2018-03-27 | not yet calculated | CVE-2018-8823 MISC |
prisma_industriale -- checkweigher_prismaweb |
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js. | 2018-03-31 | not yet calculated | CVE-2018-9161 EXPLOIT-DB MISC |
qcacld -- qcacld |
While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur. | 2018-03-30 | not yet calculated | CVE-2017-9694 BID MISC MISC |
qnap_systems -- qts |
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi. | 2018-03-27 | not yet calculated | CVE-2017-7630 CONFIRM |
qnap_systems -- qts |
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | 2018-03-27 | not yet calculated | CVE-2017-7631 CONFIRM |
qnap_systems -- qts |
Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | 2018-03-27 | not yet calculated | CVE-2017-7632 CONFIRM |
qualcomm -- android |
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. | 2018-03-30 | not yet calculated | CVE-2017-9681 BID CONFIRM |
qualcomm -- android |
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition. | 2018-03-30 | not yet calculated | CVE-2017-14915 BID SECTRACK CONFIRM |
qualcomm -- android |
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly. | 2018-03-30 | not yet calculated | CVE-2017-14912 BID SECTRACK CONFIRM |
qualcomm -- android |
Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures. | 2018-03-30 | not yet calculated | CVE-2017-15826 CONFIRM MISC |
qualcomm -- android |
In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access. | 2018-03-30 | not yet calculated | CVE-2017-14892 CONFIRM MISC |
qualcomm -- android |
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs. | 2018-03-30 | not yet calculated | CVE-2017-14906 BID SECTRACK CONFIRM |
qualcomm -- android |
While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs. | 2018-03-30 | not yet calculated | CVE-2017-15859 CONFIRM MISC |
qualcomm -- android |
The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-05, the size of a stack-allocated buffer can be set to a value which exceeds the size of the stack. | 2018-03-30 | not yet calculated | CVE-2017-9723 CONFIRM MISC |
qualcomm -- android |
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver. | 2018-03-30 | not yet calculated | CVE-2017-17769 CONFIRM |
qualcomm -- android |
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer. | 2018-03-30 | not yet calculated | CVE-2017-14883 CONFIRM MISC |
qualcomm -- android |
Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver. | 2018-03-30 | not yet calculated | CVE-2017-15852 CONFIRM |
qualcomm -- android |
In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow. | 2018-03-30 | not yet calculated | CVE-2017-17766 CONFIRM MISC |
qualcomm -- android |
In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur. | 2018-03-30 | not yet calculated | CVE-2017-17771 CONFIRM MISC |
qualcomm -- android |
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated. | 2018-03-30 | not yet calculated | CVE-2017-14913 BID SECTRACK CONFIRM |
qualcomm -- android |
In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted pointer dereference may potentially occur. | 2018-03-30 | not yet calculated | CVE-2017-15846 CONFIRM MISC |
qualcomm -- android |
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config. | 2018-03-30 | not yet calculated | CVE-2017-14911 BID SECTRACK CONFIRM |
qualcomm -- android |
When an atomic commit is issued on a writeback panel with a NULL output_layer parameter in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-03, a NULL pointer dereference may potentially occur. | 2018-03-30 | not yet calculated | CVE-2017-9692 BID MISC MISC MISC |
qualcomm -- android |
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. | 2018-03-30 | not yet calculated | CVE-2017-9691 BID MISC |
qualcomm -- android |
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur. | 2018-03-30 | not yet calculated | CVE-2017-14881 CONFIRM MISC |
qualcomm -- android |
libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver. | 2018-03-30 | not yet calculated | CVE-2017-11087 CONFIRM |
qualcomm -- android |
In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable. | 2018-03-30 | not yet calculated | CVE-2017-14891 CONFIRM MISC |
qualcomm -- android |
In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists. | 2018-03-30 | not yet calculated | CVE-2017-14875 CONFIRM MISC |
qualcomm -- android |
The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability). | 2018-03-30 | not yet calculated | CVE-2017-9693 BID MISC MISC |
qualcomm -- android |
In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow. | 2018-03-30 | not yet calculated | CVE-2017-15823 CONFIRM MISC |
qualcomm -- android |
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur. | 2018-03-30 | not yet calculated | CVE-2017-14877 CONFIRM MISC |
qualcomm -- android |
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write. | 2018-03-30 | not yet calculated | CVE-2017-14876 CONFIRM MISC |
qualcomm -- android |
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected. | 2018-03-30 | not yet calculated | CVE-2017-11010 BID SECTRACK CONFIRM |
quickappscms -- quickappscms |
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. | 2018-03-28 | not yet calculated | CVE-2018-9108 MISC |
review_board -- review_board |
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. | 2018-03-29 | not yet calculated | CVE-2014-5028 MLIST CONFIRM XF CONFIRM CONFIRM CONFIRM |
roland_gruber_softwareentwicklung -- ldap_account_manager |
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | 2018-03-27 | not yet calculated | CVE-2018-8764 MISC FULLDISC |
roland_gruber_softwareentwicklung -- ldap_account_manager |
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. | 2018-03-27 | not yet calculated | CVE-2018-8763 MISC FULLDISC |
rsa -- authentication_agent |
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. | 2018-03-30 | not yet calculated | CVE-2018-1234 FULLDISC SECTRACK |
rsa -- authentication_agent |
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. | 2018-03-30 | not yet calculated | CVE-2018-1233 FULLDISC SECTRACK |
rsa -- authentication_agent |
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. | 2018-03-30 | not yet calculated | CVE-2018-1232 FULLDISC SECTRACK |
ruby -- ruby |
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | 2018-03-30 | not yet calculated | CVE-2018-3740 CONFIRM CONFIRM |
ruby -- ruby |
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. | 2018-03-30 | not yet calculated | CVE-2018-3741 CONFIRM |
ruby -- ruby |
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | 2018-03-27 | not yet calculated | CVE-2018-8048 MLIST CONFIRM |
samsung -- mobile_devices |
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. | 2018-03-30 | not yet calculated | CVE-2018-9142 CONFIRM |
samsung -- mobile_devices |
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. | 2018-03-30 | not yet calculated | CVE-2018-9141 CONFIRM |
samsung -- mobile_devices |
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. | 2018-03-30 | not yet calculated | CVE-2018-9143 CONFIRM |
samsung -- mobile_devices |
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. | 2018-03-30 | not yet calculated | CVE-2018-9139 CONFIRM |
samsung -- mobile_devices |
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | 2018-03-30 | not yet calculated | CVE-2018-9140 CONFIRM |
screen-resolution-extra -- screen-resolution-extra |
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. | 2018-03-28 | not yet calculated | CVE-2018-8885 UBUNTU |
sickrage -- sickrage |
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. | 2018-03-31 | not yet calculated | CVE-2018-9160 MISC MISC |
siemens -- tim_1531_irc |
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. | 2018-03-29 | not yet calculated | CVE-2018-4841 CONFIRM |
softros -- network_time_system |
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes. | 2018-03-26 | not yet calculated | CVE-2018-7658 MISC EXPLOIT-DB |
spark -- spark |
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark. | 2018-03-31 | not yet calculated | CVE-2018-9159 MISC MISC MISC MISC MISC |
square_9 -- globalforms |
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials. | 2018-03-28 | not yet calculated | CVE-2018-8820 FULLDISC |
swisscom -- myswisscomassistant |
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process. | 2018-03-27 | not yet calculated | CVE-2018-6765 MISC |
swisscom -- tvmediahelper |
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. | 2018-03-27 | not yet calculated | CVE-2018-6766 MISC |
symantec -- norton_app_lock |
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. | 2018-03-26 | not yet calculated | CVE-2017-15534 BID CONFIRM |
tenable -- appliance |
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins. | 2018-03-28 | not yet calculated | CVE-2018-1142 CONFIRM |
thermald -- thermald |
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | 2018-03-26 | not yet calculated | CVE-2014-2312 MLIST MLIST |
tnlsoftsolutions -- sentry_vision_devices |
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. | 2018-03-29 | not yet calculated | CVE-2018-9031 MISC MISC |
tpshop -- tpshop |
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter. | 2018-03-30 | not yet calculated | CVE-2017-16614 FULLDISC |
twonky -- twonky_server |
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all. | 2018-03-30 | not yet calculated | CVE-2018-7171 MISC MISC EXPLOIT-DB |
twonky -- twonky_server |
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | 2018-03-30 | not yet calculated | CVE-2018-7203 MISC EXPLOIT-DB |
unisys -- clearpath_mcp_os_systems |
SQL injection vulnerability in the management interface in ePortal Manager in Unisys ClearPath MCP OS systems with 17.0 CLEARPATHEPORTAL before 17.0a.31 and 18.0 CLEARPATHEPORTAL before 059.1a.13; and ClearPath OS 2200 systems with 16.0 EPORTAL-2200 before 2.2.81 and 17.0 EPORTAL-2200 before 2.3.82 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 2018-03-26 | not yet calculated | CVE-2018-8802 CONFIRM |
wampserver -- wampserver |
Wampserver before 3.1.3 has CSRF in add_vhost.php. | 2018-03-25 | not yet calculated | CVE-2018-8817 MISC |
wanscam -- hw0021_network_camera |
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | 2018-03-28 | not yet calculated | CVE-2017-11510 MISC |
western_digital -- wd_my_cloud |
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud. | 2018-03-30 | not yet calculated | CVE-2018-9148 EXPLOIT-DB |
wiremock -- wiremock |
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. | 2018-03-29 | not yet calculated | CVE-2018-9116 CONFIRM |
wiremock -- wiremock |
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. | 2018-03-29 | not yet calculated | CVE-2018-9117 CONFIRM |
wordpress -- wordpress |
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. | 2018-03-25 | not yet calculated | CVE-2018-9020 MISC MISC MISC MISC |
wordpress -- wordpress |
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. | 2018-03-29 | not yet calculated | CVE-2014-6604 MISC CONFIRM |
wordpress -- wordpress |
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter. | 2018-03-26 | not yet calculated | CVE-2018-7543 CONFIRM EXPLOIT-DB |
x-pack_security -- x-pack_security |
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw. | 2018-03-30 | not yet calculated | CVE-2018-3822 CONFIRM |
z-blogphp -- z-blogphp |
Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code. | 2018-03-31 | not yet calculated | CVE-2018-8893 MISC |
zikula_application_framework -- zikula_application_framework |
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. | 2018-03-26 | not yet calculated | CVE-2014-2293 MISC XF XF MISC |
zimbra -- zimbra_collaboration_suite |
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. | 2018-03-27 | not yet calculated | CVE-2018-6882 FULLDISC BUGTRAQ CONFIRM CONFIRM CONFIRM MISC |
zoho -- manageengine_servicedesk_plus |
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | 2018-03-30 | not yet calculated | CVE-2018-5799 FULLDISC CONFIRM |
zsh -- zsh |
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. | 2018-03-28 | not yet calculated | CVE-2018-1083 CONFIRM MLIST CONFIRM UBUNTU |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2q0BkdE
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.