SB18-008: Vulnerability Summary for the Week of January 1, 2018
Original release date: January 08, 2018
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System https://www.us-cert.gov/ncas/bulletins/SB18-008-0
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arm -- cortex-a | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 2018-01-04 | 4.7 | CVE-2017-5715 SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE CONFIRM CONFIRM CONFIRM CONFIRM MISC CERT-VN BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM CONFIRM MISC CONFIRM MISC CONFIRM CONFIRM CONFIRM CISCO EXPLOIT-DB CONFIRM CONFIRM CONFIRM |
| arm -- cortex-a | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | 2018-01-04 | 4.7 | CVE-2017-5754 SUSE SUSE SUSE SUSE SUSE CONFIRM CONFIRM CONFIRM CONFIRM CERT-VN BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC MISC CONFIRM MISC CONFIRM CONFIRM CONFIRM CONFIRM CISCO DEBIAN CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess | A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. | 2018-01-05 | not yet calculated | CVE-2017-16716 MISC |
| advantech -- webaccess | An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | 2018-01-05 | not yet calculated | CVE-2017-16753 MISC |
| advantech -- webaccess | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. | 2018-01-05 | not yet calculated | CVE-2017-16728 MISC |
| advantech -- webaccess | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. | 2018-01-05 | not yet calculated | CVE-2017-16724 MISC |
| advantech -- webaccess | A Path Traversal issue was discovered in WebAccess versions prior to 8.3. An attacker has access to files within the directory structure of the target device. | 2018-01-05 | not yet calculated | CVE-2017-16720 MISC |
| androidsvg_androidsvg | AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | 2018-01-03 | not yet calculated | CVE-2017-1000498 CONFIRM |
| apache -- deltaspike-jsf | The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1. | 2018-01-04 | not yet calculated | CVE-2017-17837 CONFIRM CONFIRM |
| apache -- ofbiz | The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute. | 2018-01-04 | not yet calculated | CVE-2017-15714 MLIST |
| awstats -- awstats | Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | 2018-01-03 | not yet calculated | CVE-2017-1000501 MISC CONFIRM CONFIRM |
| b2evolution -- b2evolution | b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | 2018-01-02 | not yet calculated | CVE-2017-1000423 CONFIRM CONFIRM |
| ba_systems -- bas_web | BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account. | 2017-12-29 | not yet calculated | CVE-2017-17974 MISC MISC |
| bento4 -- bento4 | The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. | 2018-01-05 | not yet calculated | CVE-2018-5253 MISC |
| bookstack -- bookstack | BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | 2018-01-03 | not yet calculated | CVE-2017-1000462 MISC |
| brave_software -- brave_browser | Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). | 2018-01-03 | not yet calculated | CVE-2017-1000461 MISC |
| bro -- bro | Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation. | 2018-01-02 | not yet calculated | CVE-2017-1000458 MISC MISC |
| cisco -- node-jose_open_source_library | A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header. | 2018-01-04 | not yet calculated | CVE-2018-0114 CONFIRM CONFIRM |
| cisco -- webex_network_recording_player_for_advanced_recording_format | A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839. | 2018-01-04 | not yet calculated | CVE-2018-0103 BID CONFIRM |
| cisco -- webex_network_recording_player_for_advanced_recording_format | A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857. | 2018-01-04 | not yet calculated | CVE-2018-0104 BID CONFIRM |
| cms_made_simple -- cms_made_simple | CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 2018-01-02 | not yet calculated | CVE-2017-1000454 MISC |
| cms_made_simple -- cms_made_simple | CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 2018-01-02 | not yet calculated | CVE-2017-1000453 MISC |
| cobbler -- cobbler | Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | 2018-01-03 | not yet calculated | CVE-2017-1000469 CONFIRM |
| commsy -- commsy | Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | 2018-01-03 | not yet calculated | CVE-2017-1000496 CONFIRM |
| craft -- craft_cms | Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension. | 2018-01-01 | not yet calculated | CVE-2018-3814 MISC |
creolabs -- gravity | Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution. | 2018-01-02 | not yet calculated | CVE-2017-1000437 MISC |
| dell -- dell_emc | In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application. | 2018-01-04 | not yet calculated | CVE-2017-14383 CONFIRM |
| dolibarr -- dolibarr_erp/crm | The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | 2017-12-29 | not yet calculated | CVE-2017-17971 MISC |
| dozer -- dozer | Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. | 2017-12-29 | not yet calculated | CVE-2014-9515 CONFIRM MISC MISC |
| duolingo -- tinycards | The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | 2018-01-05 | not yet calculated | CVE-2017-16905 MISC MISC |
| elabftw -- elabftw | ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | 2018-01-03 | not yet calculated | CVE-2017-1000478 MISC |
| eleix -- openhacker | Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution | 2018-01-02 | not yet calculated | CVE-2017-1000444 CONFIRM CONFIRM |
| eleix -- openhacker | Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. | 2018-01-02 | not yet calculated | CVE-2017-1000443 CONFIRM CONFIRM |
| embedthis -- goahead | EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service. | 2018-01-03 | not yet calculated | CVE-2017-1000470 MISC MISC |
| embedthis -- goahead | EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. | 2018-01-03 | not yet calculated | CVE-2017-1000471 MISC MISC |
| emc -- multiple_products | An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. | 2018-01-05 | not yet calculated | CVE-2017-15550 CONFIRM |
| emc -- multiple_products | An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. | 2018-01-05 | not yet calculated | CVE-2017-15549 CONFIRM |
| emc -- multiple_products | An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. | 2018-01-05 | not yet calculated | CVE-2017-15548 CONFIRM |
| exiv2 -- exiv2 | Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | 2017-12-31 | not yet calculated | CVE-2017-18005 CONFIRM |
| exiv2 -- exiv2 | The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. | 2018-01-03 | not yet calculated | CVE-2018-4868 MISC |
| extensis – portfolio_netpublish | netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | 2017-12-31 | not yet calculated | CVE-2017-18006 MISC |
| ez_systems -- ez_publish | eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials. | 2018-01-02 | not yet calculated | CVE-2017-1000431 CONFIRM |
| flir -- brickstream_2300_devices | getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | 2018-01-01 | not yet calculated | CVE-2018-3813 MISC |
| fork -- fork_cms | Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | 2018-01-04 | not yet calculated | CVE-2018-5215 MISC |
| freedesktop.org -- libpopplerg | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | 2018-01-02 | not yet calculated | CVE-2017-1000456 MISC |
| fs-git -- fs-git | fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec. | 2018-01-02 | not yet calculated | CVE-2017-1000451 MISC |
| gifsicle -- gifview | Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution | 2018-01-02 | not yet calculated | CVE-2017-1000421 CONFIRM |
| github -- electron | Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control. | 2018-01-02 | not yet calculated | CVE-2017-1000424 CONFIRM CONFIRM |
| gitlab -- gitlab | The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | 2018-01-05 | not yet calculated | CVE-2014-8540 MLIST BID CONFIRM XF CONFIRM |
| gnome -- gdk-pixbuf | Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | 2018-01-02 | not yet calculated | CVE-2017-1000422 CONFIRM |
| gnu -- gnu_coreutils | In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. | 2018-01-03 | not yet calculated | CVE-2017-18018 MISC |
| gps-server.net -- gps-server.net | gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php. | 2018-01-02 | not yet calculated | CVE-2017-17097 MISC MISC |
| gps-server.net -- gps-server.net | The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request. | 2018-01-02 | not yet calculated | CVE-2017-17098 MISC MISC |
| guixsd -- guixsd | GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. | 2018-01-02 | not yet calculated | CVE-2017-1000455 MISC |
| hawt.io -- hawt.io | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | 2017-12-29 | not yet calculated | CVE-2014-0120 CONFIRM CONFIRM MISC |
| hawt.io -- hawt.io | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | 2017-12-29 | not yet calculated | CVE-2014-0121 CONFIRM CONFIRM MISC |
| hoermann -- bisecur_devices | On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices. | 2017-12-29 | not yet calculated | CVE-2017-17910 MISC MISC |
| ibm -- mq_managed_file_transfer_agent | IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391. | 2018-01-04 | not yet calculated | CVE-2017-1699 CONFIRM MISC |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557. | 2018-01-04 | not yet calculated | CVE-2017-1664 CONFIRM MISC |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. | 2018-01-04 | not yet calculated | CVE-2017-1669 CONFIRM MISC |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. | 2018-01-04 | not yet calculated | CVE-2017-1673 CONFIRM MISC |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. | 2018-01-04 | not yet calculated | CVE-2017-1672 CONFIRM MISC |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. | 2018-01-04 | not yet calculated | CVE-2017-1665 CONFIRM MISC |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | 2018-01-04 | not yet calculated | CVE-2017-1727 CONFIRM MISC |
| ibm -- websphere_mq | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. | 2018-01-02 | not yet calculated | CVE-2017-1557 CONFIRM MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | 2018-01-02 | not yet calculated | CVE-2017-1000445 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | 2018-01-05 | not yet calculated | CVE-2018-5248 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | 2018-01-05 | not yet calculated | CVE-2018-5247 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. | 2018-01-01 | not yet calculated | CVE-2017-18008 BID CONFIRM |
| imagemagick -- imagemagick | ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. | 2018-01-03 | not yet calculated | CVE-2017-1000476 MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. | 2018-01-05 | not yet calculated | CVE-2017-18022 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | 2018-01-05 | not yet calculated | CVE-2018-5246 CONFIRM |
| imageworsener -- imageworsener | libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c. | 2018-01-05 | not yet calculated | CVE-2018-5252 MISC |
| inteno -- iopsys | Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration. | 2018-01-04 | not yet calculated | CVE-2017-17867 MISC MISC EXPLOIT-DB |
invoice_ninja -- invoice_ninja | Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | 2018-01-02 | not yet calculated | CVE-2017-1000466 CONFIRM |
| jboss -- keycloak | JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation. | 2017-12-29 | not yet calculated | CVE-2014-3651 CONFIRM CONFIRM |
| k7_computing -- k7_antivirus | In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578. | 2018-01-04 | not yet calculated | CVE-2018-5217 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100. | 2018-01-03 | not yet calculated | CVE-2018-5087 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C. | 2018-01-03 | not yet calculated | CVE-2018-5084 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B. | 2018-01-03 | not yet calculated | CVE-2018-5083 MISC |
| k7_computing -- k7_antivirus | In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610. | 2018-01-04 | not yet calculated | CVE-2018-5220 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F. | 2018-01-03 | not yet calculated | CVE-2018-5086 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0. | 2018-01-03 | not yet calculated | CVE-2018-5081 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130. | 2018-01-03 | not yet calculated | CVE-2018-5079 MISC |
| k7_computing -- k7_antivirus | In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0. | 2018-01-04 | not yet calculated | CVE-2018-5218 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC. | 2018-01-03 | not yet calculated | CVE-2018-5080 MISC |
| k7_computing -- k7_antivirus | In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168. | 2018-01-04 | not yet calculated | CVE-2018-5219 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C. | 2018-01-03 | not yet calculated | CVE-2018-5088 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124. | 2018-01-03 | not yet calculated | CVE-2018-5085 MISC |
| k7_computing -- k7_antivirus | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128. | 2018-01-03 | not yet calculated | CVE-2018-5082 MISC |
k7_computing -- k7_total_security | In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer. | 2018-01-03 | not yet calculated | CVE-2017-18019 MISC |
| keycloak -- keycloak | Keycloak SSO versions prior to 2.x are vulnerable to Host Header Injection on the forgot password page causing the application to send a poisoned URL as the password reset link. | 2018-01-03 | not yet calculated | CVE-2017-1000500 CONFIRM |
| lavalite -- lavalite | LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | 2018-01-03 | not yet calculated | CVE-2017-1000467 CONFIRM |
| leafpub -- leafpub | Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code. | 2018-01-02 | not yet calculated | CVE-2017-1000463 MISC |
| leanote -- leanote | Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | 2018-01-02 | not yet calculated | CVE-2017-1000492 CONFIRM CONFIRM |
| leanote -- leanote | Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | 2018-01-02 | not yet calculated | CVE-2017-1000459 MISC |
| libav_ffmpeg_chromium -- libav_ffmpeg_chromium | In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. | 2018-01-03 | not yet calculated | CVE-2017-1000460 MISC MISC MISC |
| libming -- libming | In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. | 2018-01-05 | not yet calculated | CVE-2018-5251 MISC |
| libtiff -- libtiff | In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. | 2018-01-01 | not yet calculated | CVE-2017-18013 CONFIRM BID CONFIRM |
| libtiff -- libtiff | In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. | 2017-12-29 | not yet calculated | CVE-2017-17973 MISC BID |
| liferay -- portal_ce | Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. | 2018-01-02 | not yet calculated | CVE-2017-1000425 MISC MISC |
| linaro -- op-tee | Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. | 2018-01-02 | not yet calculated | CVE-2017-1000412 CONFIRM CONFIRM CONFIRM |
| linaro -- op-tee | Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | 2018-01-02 | not yet calculated | CVE-2017-1000413 CONFIRM CONFIRM CONFIRM |
| linux -- dash | Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | 2018-01-03 | not yet calculated | CVE-2017-1000473 MISC |
| linux -- linux_kernel | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | 2018-01-03 | not yet calculated | CVE-2017-18017 MISC MISC BID MISC MISC MISC MISC |
| linux -- linux_kernel | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. | 2017-12-29 | not yet calculated | CVE-2017-17975 MISC BID |
| linux -- linux_kernel | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | 2017-12-29 | not yet calculated | CVE-2016-3695 BID CONFIRM CONFIRM |
| magento -- community_edition_and_enterprise_edition | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | 2017-12-30 | not yet calculated | CVE-2016-10704 CONFIRM |
| manageengine -- desktop_central_and_desktop_central_msp | The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. | 2018-01-04 | not yet calculated | CVE-2014-7862 MISC FULLDISC BUGTRAQ BID XF MISC CONFIRM MISC |
| mapproxy -- mapproxy | MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure. | 2018-01-02 | not yet calculated | CVE-2017-1000426 CONFIRM |
| marked -- marked | marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | 2018-01-02 | not yet calculated | CVE-2017-1000427 MISC |
| mautic -- mautic | Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. | 2018-01-03 | not yet calculated | CVE-2017-1000488 MISC |
| mautic -- mautic | Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | 2018-01-03 | not yet calculated | CVE-2017-1000489 CONFIRM |
| mautic -- mautic | Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | 2018-01-03 | not yet calculated | CVE-2017-1000490 CONFIRM |
| mediawiki -- mediawiki | The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | 2017-12-29 | not yet calculated | CVE-2015-8008 FEDORA FEDORA FEDORA MLIST BID SECTRACK CONFIRM MLIST CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0770 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800. | 2018-01-04 | not yet calculated | CVE-2018-0767 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0773 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0769 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0777 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0803 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0768 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0774 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0776 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780. | 2018-01-04 | not yet calculated | CVE-2018-0800 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0778 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0766 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778. | 2018-01-04 | not yet calculated | CVE-2018-0781 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800. | 2018-01-04 | not yet calculated | CVE-2018-0780 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0758 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0775 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0762 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 2018-01-04 | not yet calculated | CVE-2018-0772 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- windows | The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0754 BID SECTRACK CONFIRM |
| microsoft -- windows | The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0788 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0749 BID SECTRACK CONFIRM |
| microsoft -- windows | Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0753 BID SECTRACK CONFIRM |
| microsoft -- windows_10_and_windows_server | Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0743 BID SECTRACK CONFIRM MISC |
| microsoft -- windows_7_and_windows_server_2008 | The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0741 BID SECTRACK CONFIRM |
| microsoft -- windows_7_and_windows_server_2008 | The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0750 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel | The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751. | 2018-01-04 | not yet calculated | CVE-2018-0752 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel | The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747. | 2018-01-04 | not yet calculated | CVE-2018-0745 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel | The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747. | 2018-01-04 | not yet calculated | CVE-2018-0746 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel | The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746. | 2018-01-04 | not yet calculated | CVE-2018-0747 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel | The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752. | 2018-01-04 | not yet calculated | CVE-2018-0751 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel | The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0748 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel | The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | 2018-01-04 | not yet calculated | CVE-2018-0744 BID SECTRACK CONFIRM |
| miniupnpd -- miniupnpd | Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact | 2018-01-03 | not yet calculated | CVE-2017-1000494 CONFIRM CONFIRM |
| mojoportal -- mojoportal | Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role. | 2018-01-02 | not yet calculated | CVE-2017-1000457 MISC MISC |
| multiple_vendors -- systems_with_microprocessors_utilizing_speculative_execution_and_branch_prediction | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 2018-01-04 | not yet calculated | CVE-2017-5753 SUSE SUSE SUSE SUSE SUSE CONFIRM CONFIRM CONFIRM CONFIRM MISC CERT-VN BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM MISC CONFIRM MISC CONFIRM CONFIRM CONFIRM CISCO EXPLOIT-DB CONFIRM CONFIRM CONFIRM |
| netcf -- netcf | The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | 2017-12-29 | not yet calculated | CVE-2014-8119 FEDORA FEDORA FEDORA REDHAT BID CONFIRM CONFIRM |
| nettransport -- nettransport_download_manager | A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response. | 2017-12-29 | not yet calculated | CVE-2017-17968 EXPLOIT-DB |
| netwin -- surgeftp | cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | 2017-12-29 | not yet calculated | CVE-2017-17933 MISC |
| nmistue -- nmistue | Cross-site scripting (XSS) vulnerability in the _keyify function in nmistue.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | 2017-12-29 | not yet calculated | CVE-2017-16876 CONFIRM CONFIRM CONFIRM FEDORA |
| nylas_mail_lives -- nylas_mail | Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. | 2018-01-03 | not yet calculated | CVE-2017-1000485 CONFIRM |
| octopus -- deploy | In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges. | 2018-01-03 | not yet calculated | CVE-2018-4862 CONFIRM |
| omero -- omero | In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data. | 2018-01-02 | not yet calculated | CVE-2017-1000438 MISC |
| opencv -- opencv | In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | 2018-01-02 | not yet calculated | CVE-2017-1000450 MISC MISC |
| opencv -- opencv | In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. | 2018-01-01 | not yet calculated | CVE-2017-18009 MISC |
| opencv -- opencv | OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. | 2017-12-29 | not yet calculated | CVE-2017-17760 MISC MISC |
| opentext_document -- sciences_xpression | xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection. | 2018-01-04 | not yet calculated | CVE-2017-14960 FULLDISC EXPLOIT-DB |
| oracle -- jarsigner | jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. | 2017-12-29 | not yet calculated | CVE-2013-4578 CONFIRM MLIST MLIST REDHAT CONFIRM |
| passbolt -- passbolt_api | Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | 2018-01-02 | not yet calculated | CVE-2017-1000442 CONFIRM CONFIRM |
| pepperminty-wiki_pepperminty-wiki | Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution | 2018-01-03 | not yet calculated | CVE-2017-1000497 CONFIRM |
| pfsense -- pfsense | pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions. | 2018-01-03 | not yet calculated | CVE-2017-1000479 MLIST MISC MISC MISC MISC MISC |
| phpbb -- phpbb | phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application. | 2018-01-02 | not yet calculated | CVE-2017-1000419 CONFIRM MISC |
| phpjabbers -- file_sharing_script | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | 2017-12-30 | not yet calculated | CVE-2017-12813 MISC |
| phpjabbers -- night_club_booking_software | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | 2017-12-30 | not yet calculated | CVE-2017-12812 MISC |
| phpjabbers -- php_newsletter_script | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | 2017-12-30 | not yet calculated | CVE-2017-12810 MISC |
| phpjabbers -- star_rating_script | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | 2017-12-30 | not yet calculated | CVE-2017-12811 MISC |
| phpmyadmin -- phpmyadmin | phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. | 2018-01-03 | not yet calculated | CVE-2017-1000499 CONFIRM |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17984 MISC |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17986 MISC |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | 2017-12-29 | not yet calculated | CVE-2017-17982 MISC |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17983 MISC |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | 2017-12-29 | not yet calculated | CVE-2017-17988 MISC |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17985 MISC |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | 2017-12-29 | not yet calculated | CVE-2017-17987 MISC |
| phpscriptsmall.com -- muslim_matrimotial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17981 MISC |
| phpscriptsmall.com -- online_ticket_booking_script | Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. | 2018-01-03 | not yet calculated | CVE-2018-5075 MISC |
| phpscriptsmall.com -- online_ticket_booking_script | Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | 2018-01-03 | not yet calculated | CVE-2018-5076 MISC |
| phpscriptsmall.com -- online_ticket_booking_script | Online Ticket Booking has CSRF via admin/movieedit.php. | 2018-01-03 | not yet calculated | CVE-2018-5073 MISC |
| phpscriptsmall.com -- online_ticket_booking_script | Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | 2018-01-03 | not yet calculated | CVE-2018-5074 MISC |
| phpscriptsmall.com -- online_ticket_booking_script | Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | 2018-01-03 | not yet calculated | CVE-2018-5078 MISC |
| phpscriptsmall.com -- online_ticket_booking_script | Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | 2018-01-03 | not yet calculated | CVE-2018-5072 MISC |
| phpscriptsmall.com -- online_ticket_booking_script | Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | 2018-01-03 | not yet calculated | CVE-2018-5077 MISC |
| pivotal -- multiple_products | Malicious PATCH requests submitted to spring-data-rest servers in Pivotal Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3, Spring Boot versions prior to 2.0.0M4, and Spring Data release trains prior to Kay-RC3 can use specially crafted JSON data to run arbitrary Java code. | 2018-01-04 | not yet calculated | CVE-2017-8046 BID CONFIRM |
| pivotal_cloud_foundry -- multiple_products | An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management. | 2018-01-04 | not yet calculated | CVE-2018-1190 CONFIRM |
| play -- play | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. | 2017-12-29 | not yet calculated | CVE-2014-3630 CONFIRM CONFIRM MISC CONFIRM |
| plexus-utils -- plexus-utils | Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | 2018-01-03 | not yet calculated | CVE-2017-1000487 CONFIRM MISC |
| plone -- plone | By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.) | 2018-01-03 | not yet calculated | CVE-2017-1000484 CONFIRM |
| plone -- plone | Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. | 2018-01-03 | not yet calculated | CVE-2017-1000483 MISC |
| plone -- plone | When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix. | 2018-01-03 | not yet calculated | CVE-2017-1000481 MISC |
| plone -- plone | A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | 2018-01-03 | not yet calculated | CVE-2017-1000482 MISC |
pocoproject -- poco | The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | 2018-01-03 | not yet calculated | CVE-2017-1000472 MISC |
| primetek -- primefaces | Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | 2018-01-03 | not yet calculated | CVE-2017-1000486 MISC MISC CONFIRM |
| pysaml2 -- pysaml2 | pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. | 2018-01-02 | not yet calculated | CVE-2017-1000433 CONFIRM |
| qtpass -- qtpass | It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI. | 2018-01-05 | not yet calculated | CVE-2017-18021 MISC MISC MISC MISC |
| quickapps_cms -- quickapps_cms | QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account | 2018-01-03 | not yet calculated | CVE-2017-1000495 CONFIRM |
| radiant -- radiant_cms | Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | 2018-01-04 | not yet calculated | CVE-2018-5216 MISC |
| rawstudio -- librawstudio/rs-filter.c | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | 2017-12-29 | not yet calculated | CVE-2014-4978 FEDORA MLIST BID CONFIRM CONFIRM XF CONFIRM |
| red_lion -- hmi_panels | Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. | 2017-12-30 | not yet calculated | CVE-2017-14855 MISC |
| rocket.chat -- rocket.chat | Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | 2018-01-02 | not yet calculated | CVE-2017-1000493 CONFIRM |
| ruby_on_rails -- ruby_on_rails | ** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. | 2017-12-29 | not yet calculated | CVE-2017-17920 MISC |
| ruby_on_rails -- ruby_on_rails | ** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. | 2017-12-29 | not yet calculated | CVE-2017-17916 MISC |
| ruby_on_rails -- ruby_on_rails | ** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. | 2017-12-29 | not yet calculated | CVE-2017-17919 MISC |
| ruby_on_rails -- ruby_on_rails | ** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. | 2017-12-29 | not yet calculated | CVE-2017-17917 MISC |
| rust-base64 -- rust-base64 | rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions | 2018-01-02 | not yet calculated | CVE-2017-1000430 MISC |
| samlify -- samlify | An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users. | 2018-01-02 | not yet calculated | CVE-2017-1000452 MISC MISC |
| samsung -- multiple_mobile_devices | On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598. | 2018-01-04 | not yet calculated | CVE-2017-18020 CONFIRM |
| samsung -- multiple_mobile_devices | On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733. | 2018-01-04 | not yet calculated | CVE-2018-5210 CONFIRM |
| schneider_electric -- pelco_videoxpert_enterprise | An Improper Access Control issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level. | 2018-01-01 | not yet calculated | CVE-2017-9966 BID MISC |
| schneider_electric -- pelco_videoxpert_enterprise | A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. Using a directory traversal attack, an unauthorized person can view web server files. | 2018-01-01 | not yet calculated | CVE-2017-9965 BID MISC |
| schneider_electric -- pelco_videoxpert_enterprise | A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. | 2018-01-01 | not yet calculated | CVE-2017-9964 BID MISC |
| shaarli -- shaarli | Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | 2018-01-05 | not yet calculated | CVE-2018-5249 CONFIRM CONFIRM CONFIRM |
| shiba -- shiba | Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | 2018-01-02 | not yet calculated | CVE-2017-1000491 CONFIRM CONFIRM |
shiftsystems.net -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | 2017-12-29 | not yet calculated | CVE-2017-17989 MISC |
| shiftsystems.net -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | 2017-12-29 | not yet calculated | CVE-2017-17990 MISC |
| shiftsystems.net -- biometric_shift_employee_management_system | Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | 2017-12-29 | not yet calculated | CVE-2017-17992 MISC |
| shiftsystems.net -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | 2017-12-29 | not yet calculated | CVE-2017-17991 MISC |
| shiftsystems.net -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | 2017-12-29 | not yet calculated | CVE-2017-17995 MISC |
| shiftsystems.net -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | 2017-12-29 | not yet calculated | CVE-2017-17994 MISC |
| shiftsystems.net -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | 2017-12-29 | not yet calculated | CVE-2017-17993 MISC |
| smarty -- smarty | Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | 2018-01-03 | not yet calculated | CVE-2017-1000480 MISC |
| software_house -- istar_ultra_devices | A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible. | 2017-12-30 | not yet calculated | CVE-2017-17704 MISC |
| structured_data -- linter | Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. | 2018-01-02 | not yet calculated | CVE-2017-1000448 MISC |
| syncthing -- syncthing | Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite | 2018-01-02 | not yet calculated | CVE-2017-1000420 CONFIRM |
| trendnet -- tew-823dru | TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | 2018-01-05 | not yet calculated | CVE-2014-8579 MISC |
| trustwave -- trustwave_secure_web_gateway | Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. | 2017-12-31 | not yet calculated | CVE-2017-18001 MISC MISC MISC |
| typo3 -- typo3 | The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | 2017-12-29 | not yet calculated | CVE-2013-7400 MLIST CONFIRM MISC |
| vanilla_forums -- vanilla_forums | Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access | 2018-01-02 | not yet calculated | CVE-2017-1000432 CONFIRM |
| vmware -- v4h_and_v4pa_desktop_agents | The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. | 2018-01-05 | not yet calculated | CVE-2017-4946 CONFIRM |
| vmware -- workstation_and_fusion | VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. | 2018-01-05 | not yet calculated | CVE-2017-4945 CONFIRM |
| vmware -- workstation_and_horizon_view_client | VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | 2018-01-05 | not yet calculated | CVE-2017-4948 CONFIRM |
| webmin -- webmin | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 2017-12-30 | not yet calculated | CVE-2017-17089 BID CONFIRM |
| wildmidi -- wildmidi | The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 2018-01-02 | not yet calculated | CVE-2017-1000418 CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | 2017-12-30 | not yet calculated | CVE-2017-17997 MISC MISC MISC |
| wordpress -- wordpress | The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter. | 2018-01-01 | not yet calculated | CVE-2017-18012 MISC MISC MISC MISC |
| wordpress -- wordpress | SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query. | 2018-01-01 | not yet calculated | CVE-2018-3811 MISC MISC EXPLOIT-DB |
| wordpress -- wordpress | Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code. | 2018-01-01 | not yet calculated | CVE-2018-3810 MISC MISC EXPLOIT-DB |
| wordpress -- wordpress | The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | 2018-01-04 | not yet calculated | CVE-2018-5213 MISC MISC MISC MISC |
| wordpress -- wordpress | The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter. | 2018-01-01 | not yet calculated | CVE-2017-18011 MISC MISC |
| wordpress -- wordpress | The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. | 2018-01-04 | not yet calculated | CVE-2018-5214 MISC MISC |
| wordpress -- wordpress | Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect'])); | 2018-01-02 | not yet calculated | CVE-2017-1000434 MISC |
| wordpress -- wordpress | The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter. | 2018-01-01 | not yet calculated | CVE-2017-18015 MISC MISC MISC |
| wordpress -- wordpress | The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | 2018-01-04 | not yet calculated | CVE-2018-5212 MISC MISC MISC MISC |
| wordpress -- wordpress | The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | 2018-01-01 | not yet calculated | CVE-2017-18010 MISC MISC |
| wordpress -- wordpress | The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. | 2018-01-05 | not yet calculated | CVE-2014-8336 MLIST MISC XF CONFIRM CONFIRM |
| wordpress -- wordpress | (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | 2018-01-05 | not yet calculated | CVE-2014-8335 MISC MLIST MISC XF CONFIRM CONFIRM |
| wordpress -- wordpress | The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." | 2017-12-29 | not yet calculated | CVE-2015-3302 MISC BUGTRAQ BID EXPLOIT-DB MISC |
| xen -- xen | In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. | 2018-01-05 | not yet calculated | CVE-2018-5244 CONFIRM |
| xmlbundle -- xmlbundle | XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | 2018-01-03 | not yet calculated | CVE-2017-1000477 MISC MISC |
| xplico -- xplico | Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature. | 2018-01-05 | not yet calculated | CVE-2017-16666 CONFIRM MISC MISC MISC CONFIRM |
| zend_framework -- zend_framework | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 2017-12-29 | not yet calculated | CVE-2014-4914 CONFIRM JVN MLIST SECUNIA BID DEBIAN |
| zurmo -- zurmo | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | 2017-12-31 | not yet calculated | CVE-2017-18004 MISC |
| zyxel -- p-660hw_devices | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | 2017-12-29 | not yet calculated | CVE-2017-17901 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://www.us-cert.gov/ncas/bulletins/SB18-008-0