SB18-008: Vulnerability Summary for the Week of January 1, 2018

Original release date: January 08, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
arm -- cortex-aSystems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.2018-01-044.7CVE-2017-5715
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CERT-VN
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CISCO
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
arm -- cortex-aSystems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.2018-01-044.7CVE-2017-5754
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CERT-VN
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
DEBIAN
CONFIRM
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- webaccess
 
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.2018-01-05not yet calculatedCVE-2017-16716
MISC
advantech -- webaccess
 
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.2018-01-05not yet calculatedCVE-2017-16753
MISC
advantech -- webaccess
 
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.2018-01-05not yet calculatedCVE-2017-16728
MISC
advantech -- webaccess
 
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.2018-01-05not yet calculatedCVE-2017-16724
MISC
advantech -- webaccess
 
A Path Traversal issue was discovered in WebAccess versions prior to 8.3. An attacker has access to files within the directory structure of the target device.2018-01-05not yet calculatedCVE-2017-16720
MISC
androidsvg_androidsvg
 
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution2018-01-03not yet calculatedCVE-2017-1000498
CONFIRM
apache -- deltaspike-jsf
 
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.2018-01-04not yet calculatedCVE-2017-17837
CONFIRM
CONFIRM
apache -- ofbiz
 
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.2018-01-04not yet calculatedCVE-2017-15714
MLIST
awstats -- awstats
 
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.2018-01-03not yet calculatedCVE-2017-1000501
MISC
CONFIRM
CONFIRM
b2evolution -- b2evolution
 
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.2018-01-02not yet calculatedCVE-2017-1000423
CONFIRM
CONFIRM
ba_systems -- bas_web
 
BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account.2017-12-29not yet calculatedCVE-2017-17974
MISC
MISC
bento4 -- bento4
 
The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.2018-01-05not yet calculatedCVE-2018-5253
MISC
bookstack -- bookstack
 
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.2018-01-03not yet calculatedCVE-2017-1000462
MISC
brave_software -- brave_browser
 
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).2018-01-03not yet calculatedCVE-2017-1000461
MISC
bro -- bro
 
Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.2018-01-02not yet calculatedCVE-2017-1000458
MISC
MISC
cisco -- node-jose_open_source_library
 
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.2018-01-04not yet calculatedCVE-2018-0114
CONFIRM
CONFIRM
cisco -- webex_network_recording_player_for_advanced_recording_format
 
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.2018-01-04not yet calculatedCVE-2018-0103
BID
CONFIRM
cisco -- webex_network_recording_player_for_advanced_recording_format
 
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.2018-01-04not yet calculatedCVE-2018-0104
BID
CONFIRM
cms_made_simple -- cms_made_simple
 
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.12018-01-02not yet calculatedCVE-2017-1000454
MISC
cms_made_simple -- cms_made_simple
 
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.2018-01-02not yet calculatedCVE-2017-1000453
MISC
cobbler -- cobbler
 
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.2018-01-03not yet calculatedCVE-2017-1000469
CONFIRM
commsy -- commsy
 
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.2018-01-03not yet calculatedCVE-2017-1000496
CONFIRM
craft -- craft_cms
 
Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.2018-01-01not yet calculatedCVE-2018-3814
MISC

creolabs -- gravity


 
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.2018-01-02not yet calculatedCVE-2017-1000437
MISC
dell -- dell_emc
 
In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.2018-01-04not yet calculatedCVE-2017-14383
CONFIRM
dolibarr -- dolibarr_erp/crm
 
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.2017-12-29not yet calculatedCVE-2017-17971
MISC
dozer -- dozer
 
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.2017-12-29not yet calculatedCVE-2014-9515
CONFIRM
MISC
MISC
duolingo -- tinycards
 
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.2018-01-05not yet calculatedCVE-2017-16905
MISC
MISC
elabftw -- elabftw
 
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.2018-01-03not yet calculatedCVE-2017-1000478
MISC
eleix -- openhacker
 
Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution2018-01-02not yet calculatedCVE-2017-1000444
CONFIRM
CONFIRM
eleix -- openhacker
 
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.2018-01-02not yet calculatedCVE-2017-1000443
CONFIRM
CONFIRM
embedthis -- goahead
 
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.2018-01-03not yet calculatedCVE-2017-1000470
MISC
MISC
embedthis -- goahead
 
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.2018-01-03not yet calculatedCVE-2017-1000471
MISC
MISC
emc -- multiple_products
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.2018-01-05not yet calculatedCVE-2017-15550
CONFIRM
emc -- multiple_products
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.2018-01-05not yet calculatedCVE-2017-15549
CONFIRM
emc -- multiple_products
 
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.2018-01-05not yet calculatedCVE-2017-15548
CONFIRM
exiv2 -- exiv2
 
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.2017-12-31not yet calculatedCVE-2017-18005
CONFIRM
exiv2 -- exiv2
 
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.2018-01-03not yet calculatedCVE-2018-4868
MISC
extensis – portfolio_netpublish
 
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.2017-12-31not yet calculatedCVE-2017-18006
MISC
ez_systems -- ez_publish
 
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.2018-01-02not yet calculatedCVE-2017-1000431
CONFIRM
flir -- brickstream_2300_devices
 
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.2018-01-01not yet calculatedCVE-2018-3813
MISC
fork -- fork_cms
 
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.2018-01-04not yet calculatedCVE-2018-5215
MISC
freedesktop.org -- libpopplerg
 
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.2018-01-02not yet calculatedCVE-2017-1000456
MISC
fs-git -- fs-git
 
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.2018-01-02not yet calculatedCVE-2017-1000451
MISC
gifsicle -- gifview
 
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution2018-01-02not yet calculatedCVE-2017-1000421
CONFIRM
github -- electron
 
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.2018-01-02not yet calculatedCVE-2017-1000424
CONFIRM
CONFIRM
gitlab -- gitlab
 
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.2018-01-05not yet calculatedCVE-2014-8540
MLIST
BID
CONFIRM
XF
CONFIRM
gnome -- gdk-pixbuf
 
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution2018-01-02not yet calculatedCVE-2017-1000422
CONFIRM
gnu -- gnu_coreutils
 
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.2018-01-03not yet calculatedCVE-2017-18018
MISC
gps-server.net -- gps-server.net
 
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.2018-01-02not yet calculatedCVE-2017-17097
MISC
MISC
gps-server.net -- gps-server.net
 
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request.2018-01-02not yet calculatedCVE-2017-17098
MISC
MISC
guixsd -- guixsd
 
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.2018-01-02not yet calculatedCVE-2017-1000455
MISC
hawt.io -- hawt.ioCross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."2017-12-29not yet calculatedCVE-2014-0120
CONFIRM
CONFIRM
MISC
hawt.io -- hawt.io
 
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.2017-12-29not yet calculatedCVE-2014-0121
CONFIRM
CONFIRM
MISC
hoermann -- bisecur_devices
 
On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices.2017-12-29not yet calculatedCVE-2017-17910
MISC
MISC
ibm -- mq_managed_file_transfer_agent
 
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.2018-01-04not yet calculatedCVE-2017-1699
CONFIRM
MISC
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.2018-01-04not yet calculatedCVE-2017-1664
CONFIRM
MISC
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.2018-01-04not yet calculatedCVE-2017-1669
CONFIRM
MISC
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640.2018-01-04not yet calculatedCVE-2017-1673
CONFIRM
MISC
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.2018-01-04not yet calculatedCVE-2017-1672
CONFIRM
MISC
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.2018-01-04not yet calculatedCVE-2017-1665
CONFIRM
MISC
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.2018-01-04not yet calculatedCVE-2017-1727
CONFIRM
MISC
ibm -- websphere_mq
 
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.2018-01-02not yet calculatedCVE-2017-1557
CONFIRM
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service2018-01-02not yet calculatedCVE-2017-1000445
BID
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.2018-01-05not yet calculatedCVE-2018-5248
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.2018-01-05not yet calculatedCVE-2018-5247
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.2018-01-01not yet calculatedCVE-2017-18008
BID
CONFIRM
imagemagick -- imagemagick
 
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.2018-01-03not yet calculatedCVE-2017-1000476
MISC
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.2018-01-05not yet calculatedCVE-2017-18022
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.2018-01-05not yet calculatedCVE-2018-5246
CONFIRM
imageworsener -- imageworsener
 
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.2018-01-05not yet calculatedCVE-2018-5252
MISC
inteno -- iopsys
 
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.2018-01-04not yet calculatedCVE-2017-17867
MISC
MISC
EXPLOIT-DB

invoice_ninja -- invoice_ninja


 
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.2018-01-02not yet calculatedCVE-2017-1000466
CONFIRM
jboss -- keycloak
 
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.2017-12-29not yet calculatedCVE-2014-3651
CONFIRM
CONFIRM
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.2018-01-04not yet calculatedCVE-2018-5217
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.2018-01-03not yet calculatedCVE-2018-5087
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.2018-01-03not yet calculatedCVE-2018-5084
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.2018-01-03not yet calculatedCVE-2018-5083
MISC
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.2018-01-04not yet calculatedCVE-2018-5220
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.2018-01-03not yet calculatedCVE-2018-5086
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.2018-01-03not yet calculatedCVE-2018-5081
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.2018-01-03not yet calculatedCVE-2018-5079
MISC
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.2018-01-04not yet calculatedCVE-2018-5218
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.2018-01-03not yet calculatedCVE-2018-5080
MISC
k7_computing -- k7_antivirus
 
In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.2018-01-04not yet calculatedCVE-2018-5219
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.2018-01-03not yet calculatedCVE-2018-5088
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.2018-01-03not yet calculatedCVE-2018-5085
MISC
k7_computing -- k7_antivirus
 
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.2018-01-03not yet calculatedCVE-2018-5082
MISC

k7_computing -- k7_total_security


 
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.2018-01-03not yet calculatedCVE-2017-18019
MISC
keycloak -- keycloak
 
Keycloak SSO versions prior to 2.x are vulnerable to Host Header Injection on the forgot password page causing the application to send a poisoned URL as the password reset link.2018-01-03not yet calculatedCVE-2017-1000500
CONFIRM
lavalite -- lavalite
 
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.2018-01-03not yet calculatedCVE-2017-1000467
CONFIRM
leafpub -- leafpub
 
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.2018-01-02not yet calculatedCVE-2017-1000463
MISC
leanote -- leanote
 
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration2018-01-02not yet calculatedCVE-2017-1000492
CONFIRM
CONFIRM
leanote -- leanote
 
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes2018-01-02not yet calculatedCVE-2017-1000459
MISC
libav_ffmpeg_chromium -- libav_ffmpeg_chromium
 
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.2018-01-03not yet calculatedCVE-2017-1000460
MISC
MISC
MISC
libming -- libming
 
In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.2018-01-05not yet calculatedCVE-2018-5251
MISC
libtiff -- libtiff
 
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.2018-01-01not yet calculatedCVE-2017-18013
CONFIRM
BID
CONFIRM
libtiff -- libtiff
 
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.2017-12-29not yet calculatedCVE-2017-17973
MISC
BID
liferay -- portal_ce
 
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.2018-01-02not yet calculatedCVE-2017-1000425
MISC
MISC
linaro -- op-tee
 
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.2018-01-02not yet calculatedCVE-2017-1000412
CONFIRM
CONFIRM
CONFIRM
linaro -- op-tee
 
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.2018-01-02not yet calculatedCVE-2017-1000413
CONFIRM
CONFIRM
CONFIRM
linux -- dash
 
Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.2018-01-03not yet calculatedCVE-2017-1000473
MISC
linux -- linux_kernel
 
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.2018-01-03not yet calculatedCVE-2017-18017
MISC
MISC
BID
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.2017-12-29not yet calculatedCVE-2017-17975
MISC
BID
linux -- linux_kernel
 
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.2017-12-29not yet calculatedCVE-2016-3695
BID
CONFIRM
CONFIRM
magento -- community_edition_and_enterprise_editionMagento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.2017-12-30not yet calculatedCVE-2016-10704
CONFIRM
manageengine -- desktop_central_and_desktop_central_msp
 
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.2018-01-04not yet calculatedCVE-2014-7862
MISC
FULLDISC
BUGTRAQ
BID
XF
MISC
CONFIRM
MISC
mapproxy -- mapproxy
 
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.2018-01-02not yet calculatedCVE-2017-1000426
CONFIRM
marked -- marked
 
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.2018-01-02not yet calculatedCVE-2017-1000427
MISC
mautic -- mautic
 
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.2018-01-03not yet calculatedCVE-2017-1000488
MISC
mautic -- mautic
 
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address2018-01-03not yet calculatedCVE-2017-1000489
CONFIRM
mautic -- mautic
 
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.2018-01-03not yet calculatedCVE-2017-1000490
CONFIRM
mediawiki -- mediawiki 
 
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.2017-12-29not yet calculatedCVE-2015-8008
FEDORA
FEDORA
FEDORA
MLIST
BID
SECTRACK
CONFIRM
MLIST
CONFIRM
microsoft -- edge

 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0770
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.2018-01-04not yet calculatedCVE-2018-0767
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0773
BID
SECTRACK
CONFIRM
microsoft -- edge

 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0769
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0777
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0803
BID
SECTRACK
CONFIRM
microsoft -- edge

 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0768
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0774
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0776
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.2018-01-04not yet calculatedCVE-2018-0800
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0778
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".2018-01-04not yet calculatedCVE-2018-0766
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778.2018-01-04not yet calculatedCVE-2018-0781
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.2018-01-04not yet calculatedCVE-2018-0780
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0758
BID
SECTRACK
CONFIRM
microsoft -- edge
 
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0775
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0762
BID
SECTRACK
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0772
BID
SECTRACK
SECTRACK
CONFIRM
microsoft -- windowsThe Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".2018-01-04not yet calculatedCVE-2018-0754
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0788
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0749
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability".2018-01-04not yet calculatedCVE-2018-0753
BID
SECTRACK
CONFIRM
microsoft -- windows_10_and_windows_serverWindows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0743
BID
SECTRACK
CONFIRM
MISC
microsoft -- windows_7_and_windows_server_2008The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".2018-01-04not yet calculatedCVE-2018-0741
BID
SECTRACK
CONFIRM
microsoft -- windows_7_and_windows_server_2008The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0750
BID
SECTRACK
CONFIRM
microsoft -- windows_kernelThe Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.2018-01-04not yet calculatedCVE-2018-0752
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.2018-01-04not yet calculatedCVE-2018-0745
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747.2018-01-04not yet calculatedCVE-2018-0746
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746.2018-01-04not yet calculatedCVE-2018-0747
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752.2018-01-04not yet calculatedCVE-2018-0751
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0748
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0744
BID
SECTRACK
CONFIRM
miniupnpd -- miniupnpd
 
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact2018-01-03not yet calculatedCVE-2017-1000494
CONFIRM
CONFIRM
mojoportal -- mojoportal
 
Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role.2018-01-02not yet calculatedCVE-2017-1000457
MISC
MISC
multiple_vendors -- systems_with_microprocessors_utilizing_speculative_execution_and_branch_prediction
 
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.2018-01-04not yet calculatedCVE-2017-5753
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CERT-VN
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CISCO
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
netcf -- netcfThe find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.2017-12-29not yet calculatedCVE-2014-8119
FEDORA
FEDORA
FEDORA
REDHAT
BID
CONFIRM
CONFIRM
nettransport -- nettransport_download_manager
 
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.2017-12-29not yet calculatedCVE-2017-17968
EXPLOIT-DB
netwin --  surgeftp
 
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.2017-12-29not yet calculatedCVE-2017-17933
MISC
nmistue -- nmistue
 
Cross-site scripting (XSS) vulnerability in the _keyify function in nmistue.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.2017-12-29not yet calculatedCVE-2017-16876
CONFIRM
CONFIRM
CONFIRM
FEDORA
nylas_mail_lives -- nylas_mail
 
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.2018-01-03not yet calculatedCVE-2017-1000485
CONFIRM
octopus -- deploy
 
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.2018-01-03not yet calculatedCVE-2018-4862
CONFIRM
omero -- omero
 
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.2018-01-02not yet calculatedCVE-2017-1000438
MISC
opencv -- opencv
 
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.2018-01-02not yet calculatedCVE-2017-1000450
MISC
MISC
opencv -- opencv
 
In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.2018-01-01not yet calculatedCVE-2017-18009
MISC
opencv -- opencv
 
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.2017-12-29not yet calculatedCVE-2017-17760
MISC
MISC
opentext_document -- sciences_xpression
 
xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.2018-01-04not yet calculatedCVE-2017-14960
FULLDISC
EXPLOIT-DB
oracle -- jarsignerjarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.2017-12-29not yet calculatedCVE-2013-4578
CONFIRM
MLIST
MLIST
REDHAT
CONFIRM
passbolt -- passbolt_api
 
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace2018-01-02not yet calculatedCVE-2017-1000442
CONFIRM
CONFIRM
pepperminty-wiki_pepperminty-wiki
 
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution2018-01-03not yet calculatedCVE-2017-1000497
CONFIRM
pfsense -- pfsense
 
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.2018-01-03not yet calculatedCVE-2017-1000479
MLIST
MISC
MISC
MISC
MISC
MISC
phpbb -- phpbb
 
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.2018-01-02not yet calculatedCVE-2017-1000419
CONFIRM
MISC
phpjabbers -- file_sharing_script
 
PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.2017-12-30not yet calculatedCVE-2017-12813
MISC
phpjabbers -- night_club_booking_software
 
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.2017-12-30not yet calculatedCVE-2017-12812
MISC
phpjabbers -- php_newsletter_script
 
PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.2017-12-30not yet calculatedCVE-2017-12810
MISC
phpjabbers -- star_rating_scriptPHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.2017-12-30not yet calculatedCVE-2017-12811
MISC
phpmyadmin -- phpmyadmin
 
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.2018-01-03not yet calculatedCVE-2017-1000499
CONFIRM
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17984
MISC
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.2017-12-29not yet calculatedCVE-2017-17986
MISC
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.2017-12-29not yet calculatedCVE-2017-17982
MISC
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.2017-12-29not yet calculatedCVE-2017-17983
MISC
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.2017-12-29not yet calculatedCVE-2017-17988
MISC
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.2017-12-29not yet calculatedCVE-2017-17985
MISC
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.2017-12-29not yet calculatedCVE-2017-17987
MISC
phpscriptsmall.com -- muslim_matrimotial_script
 
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17981
MISC
phpscriptsmall.com -- online_ticket_booking_scriptOnline Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.2018-01-03not yet calculatedCVE-2018-5075
MISC
phpscriptsmall.com -- online_ticket_booking_script
 
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.2018-01-03not yet calculatedCVE-2018-5076
MISC
phpscriptsmall.com -- online_ticket_booking_script
 
Online Ticket Booking has CSRF via admin/movieedit.php.2018-01-03not yet calculatedCVE-2018-5073
MISC
phpscriptsmall.com -- online_ticket_booking_script
 
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.2018-01-03not yet calculatedCVE-2018-5074
MISC
phpscriptsmall.com -- online_ticket_booking_script
 
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.2018-01-03not yet calculatedCVE-2018-5078
MISC
phpscriptsmall.com -- online_ticket_booking_script
 
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.2018-01-03not yet calculatedCVE-2018-5072
MISC
phpscriptsmall.com -- online_ticket_booking_script
 
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.2018-01-03not yet calculatedCVE-2018-5077
MISC
pivotal -- multiple_products
 
Malicious PATCH requests submitted to spring-data-rest servers in Pivotal Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3, Spring Boot versions prior to 2.0.0M4, and Spring Data release trains prior to Kay-RC3 can use specially crafted JSON data to run arbitrary Java code.2018-01-04not yet calculatedCVE-2017-8046
BID
CONFIRM
pivotal_cloud_foundry -- multiple_products
 
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.2018-01-04not yet calculatedCVE-2018-1190
CONFIRM
play -- play
 
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.2017-12-29not yet calculatedCVE-2014-3630
CONFIRM
CONFIRM
MISC
CONFIRM
plexus-utils -- plexus-utils
 
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.2018-01-03not yet calculatedCVE-2017-1000487
CONFIRM
MISC
plone -- plone
 
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)2018-01-03not yet calculatedCVE-2017-1000484
CONFIRM
plone -- plone
 
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.2018-01-03not yet calculatedCVE-2017-1000483
MISC
plone -- plone
 
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.2018-01-03not yet calculatedCVE-2017-1000481
MISC
plone -- plone
 
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.2018-01-03not yet calculatedCVE-2017-1000482
MISC

pocoproject -- poco

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".2018-01-03not yet calculatedCVE-2017-1000472
MISC
primetek -- primefaces
 
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution2018-01-03not yet calculatedCVE-2017-1000486
MISC
MISC
CONFIRM
pysaml2 -- pysaml2
 
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.2018-01-02not yet calculatedCVE-2017-1000433
CONFIRM
qtpass -- qtpass
 
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.2018-01-05not yet calculatedCVE-2017-18021
MISC
MISC
MISC
MISC
quickapps_cms -- quickapps_cms
 
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account2018-01-03not yet calculatedCVE-2017-1000495
CONFIRM
radiant -- radiant_cms
 
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.2018-01-04not yet calculatedCVE-2018-5216
MISC
rawstudio -- librawstudio/rs-filter.c
 
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.2017-12-29not yet calculatedCVE-2014-4978
FEDORA
MLIST
BID
CONFIRM
CONFIRM
XF
CONFIRM
red_lion -- hmi_panels
 
Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.2017-12-30not yet calculatedCVE-2017-14855
MISC
rocket.chat -- rocket.chat
 
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover2018-01-02not yet calculatedCVE-2017-1000493
CONFIRM
ruby_on_rails -- ruby_on_rails** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17920
MISC
ruby_on_rails -- ruby_on_rails
 
** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17916
MISC
ruby_on_rails -- ruby_on_rails
 
** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17919
MISC
ruby_on_rails -- ruby_on_rails
 
** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17917
MISC
rust-base64 -- rust-base64
 
rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions2018-01-02not yet calculatedCVE-2017-1000430
MISC
samlify -- samlify
 
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.2018-01-02not yet calculatedCVE-2017-1000452
MISC
MISC
samsung -- multiple_mobile_devices
 
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.2018-01-04not yet calculatedCVE-2017-18020
CONFIRM
samsung -- multiple_mobile_devices
 
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.2018-01-04not yet calculatedCVE-2018-5210
CONFIRM
schneider_electric -- pelco_videoxpert_enterprise
 
An Improper Access Control issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.2018-01-01not yet calculatedCVE-2017-9966
BID
MISC
schneider_electric -- pelco_videoxpert_enterprise
 
A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. Using a directory traversal attack, an unauthorized person can view web server files.2018-01-01not yet calculatedCVE-2017-9965
BID
MISC
schneider_electric -- pelco_videoxpert_enterprise
 
A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.2018-01-01not yet calculatedCVE-2017-9964
BID
MISC
shaarli -- shaarli
 
Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).2018-01-05not yet calculatedCVE-2018-5249
CONFIRM
CONFIRM
CONFIRM
shiba -- shiba
 
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.2018-01-02not yet calculatedCVE-2017-1000491
CONFIRM
CONFIRM

shiftsystems.net -- biometric_shift_employee_management_system


 
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17989
MISC
shiftsystems.net -- biometric_shift_employee_management_system
 
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17990
MISC
shiftsystems.net -- biometric_shift_employee_management_system
 
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.2017-12-29not yet calculatedCVE-2017-17992
MISC
shiftsystems.net -- biometric_shift_employee_management_system
 
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.2017-12-29not yet calculatedCVE-2017-17991
MISC
shiftsystems.net -- biometric_shift_employee_management_system
 
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.2017-12-29not yet calculatedCVE-2017-17995
MISC
shiftsystems.net -- biometric_shift_employee_management_system
 
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.2017-12-29not yet calculatedCVE-2017-17994
MISC
shiftsystems.net -- biometric_shift_employee_management_system
 
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.2017-12-29not yet calculatedCVE-2017-17993
MISC
smarty -- smarty
 
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.2018-01-03not yet calculatedCVE-2017-1000480
MISC
software_house -- istar_ultra_devices
 
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.2017-12-30not yet calculatedCVE-2017-17704
MISC
structured_data -- linter
 
Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.2018-01-02not yet calculatedCVE-2017-1000448
MISC
syncthing -- syncthing
 
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite2018-01-02not yet calculatedCVE-2017-1000420
CONFIRM
trendnet -- tew-823dru
 
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.2018-01-05not yet calculatedCVE-2014-8579
MISC
trustwave -- trustwave_secure_web_gateway
 
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.2017-12-31not yet calculatedCVE-2017-18001
MISC
MISC
MISC
typo3 -- typo3
 
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.2017-12-29not yet calculatedCVE-2013-7400
MLIST
CONFIRM
MISC
vanilla_forums -- vanilla_forums
 
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access2018-01-02not yet calculatedCVE-2017-1000432
CONFIRM
vmware -- v4h_and_v4pa_desktop_agents
 
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.2018-01-05not yet calculatedCVE-2017-4946
CONFIRM
vmware -- workstation_and_fusion
 
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.2018-01-05not yet calculatedCVE-2017-4945
CONFIRM
vmware -- workstation_and_horizon_view_client
 
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2018-01-05not yet calculatedCVE-2017-4948
CONFIRM
webmin -- webmin
 
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.2017-12-30not yet calculatedCVE-2017-17089
BID
CONFIRM
wildmidi -- wildmidi
 
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2018-01-02not yet calculatedCVE-2017-1000418
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.2017-12-30not yet calculatedCVE-2017-17997
MISC
MISC
MISC
wordpress -- wordpress
 
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.2018-01-01not yet calculatedCVE-2017-18012
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.2018-01-01not yet calculatedCVE-2018-3811
MISC
MISC
EXPLOIT-DB
wordpress -- wordpress
 
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.2018-01-01not yet calculatedCVE-2018-3810
MISC
MISC
EXPLOIT-DB
wordpress -- wordpress
 
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.2018-01-04not yet calculatedCVE-2018-5213
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.2018-01-01not yet calculatedCVE-2017-18011
MISC
MISC
wordpress -- wordpress
 
The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.2018-01-04not yet calculatedCVE-2018-5214
MISC
MISC
wordpress -- wordpress
 
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));2018-01-02not yet calculatedCVE-2017-1000434
MISC
wordpress -- wordpress
 
The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.2018-01-01not yet calculatedCVE-2017-18015
MISC
MISC
MISC
wordpress -- wordpress
 
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.2018-01-04not yet calculatedCVE-2018-5212
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.2018-01-01not yet calculatedCVE-2017-18010
MISC
MISC
wordpress -- wordpress
 
The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.2018-01-05not yet calculatedCVE-2014-8336
MLIST
MISC
XF
CONFIRM
CONFIRM
wordpress -- wordpress(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.2018-01-05not yet calculatedCVE-2014-8335
MISC
MLIST
MISC
XF
CONFIRM
CONFIRM
wordpress -- wordpress
 
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."2017-12-29not yet calculatedCVE-2015-3302
MISC
BUGTRAQ
BID
EXPLOIT-DB
MISC
xen -- xen
 
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.2018-01-05not yet calculatedCVE-2018-5244
CONFIRM
xmlbundle -- xmlbundle
 
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.2018-01-03not yet calculatedCVE-2017-1000477
MISC
MISC
xplico -- xplico
 
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.2018-01-05not yet calculatedCVE-2017-16666
CONFIRM
MISC
MISC
MISC
CONFIRM
zend_framework -- zend_framework
 
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.2017-12-29not yet calculatedCVE-2014-4914
CONFIRM
JVN
MLIST
SECUNIA
BID
DEBIAN
zurmo -- zurmo
 
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.2017-12-31not yet calculatedCVE-2017-18004
MISC
zyxel -- p-660hw_devices
 
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.2017-12-29not yet calculatedCVE-2017-17901
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System https://www.us-cert.gov/ncas/bulletins/SB18-008-0