SB18-064: Vulnerability Summary for the Week of February 26, 2018
Original release date: March 05, 2018
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2tiiwvq
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. | 2018-02-23 | 5.0 | CVE-2018-7321 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. | 2018-02-23 | 5.0 | CVE-2018-7322 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. | 2018-02-23 | 5.0 | CVE-2018-7323 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. | 2018-02-23 | 5.0 | CVE-2018-7324 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. | 2018-02-23 | 5.0 | CVE-2018-7325 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. | 2018-02-23 | 5.0 | CVE-2018-7326 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. | 2018-02-23 | 5.0 | CVE-2018-7327 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. | 2018-02-23 | 5.0 | CVE-2018-7328 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. | 2018-02-23 | 5.0 | CVE-2018-7329 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. | 2018-02-23 | 5.0 | CVE-2018-7330 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. | 2018-02-23 | 5.0 | CVE-2018-7331 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. | 2018-02-23 | 5.0 | CVE-2018-7332 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. | 2018-02-23 | 5.0 | CVE-2018-7333 BID CONFIRM CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alibaba_clone_script_project -- alibaba_clone_script | Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. | 2018-02-23 | 3.5 | CVE-2018-6867 EXPLOIT-DB |
| groupon_clone_script_project -- groupon_clone_script | Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | 2018-02-23 | 3.5 | CVE-2018-6868 EXPLOIT-DB |
| learning_and_examination_management_system_script_project -- learning_and_examination_management_system_script | Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | 2018-02-23 | 3.5 | CVE-2018-6866 EXPLOIT-DB |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3cx -- 3cx | On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | 2018-03-03 | not yet calculated | CVE-2018-7654 MISC MISC |
| acroform -- acroform | Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | 2018-02-24 | not yet calculated | CVE-2018-7453 MISC |
| activepdf -- activepdf | The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images. | 2018-02-28 | not yet calculated | CVE-2018-7264 FULLDISC |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handless TIFF data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2018-02-27 | not yet calculated | CVE-2018-4916 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2018-02-27 | not yet calculated | CVE-2018-4915 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution. | 2018-02-27 | not yet calculated | CVE-2018-4913 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4914 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. | 2018-02-27 | not yet calculated | CVE-2018-4910 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. | 2018-02-27 | not yet calculated | CVE-2018-4911 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4908 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4909 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4912 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled. | 2018-02-27 | not yet calculated | CVE-2018-4872 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4905 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4899 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4883 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data related to graphic object image attributes. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4906 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2018-02-27 | not yet calculated | CVE-2018-4904 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2018-02-27 | not yet calculated | CVE-2018-4901 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4900 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4903 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution. | 2018-02-27 | not yet calculated | CVE-2018-4902 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4907 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4889 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2018-02-27 | not yet calculated | CVE-2018-4895 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS font processing. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4894 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that parses TIFF metadata. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4897 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4896 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4891 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack. | 2018-02-27 | not yet calculated | CVE-2018-4890 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4893 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution. | 2018-02-27 | not yet calculated | CVE-2018-4888 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to handling of bitmap rectangles. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4886 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Unicode mapping module that is invoked when processing Enhanced Metafile Format (EMF) data (during image conversion). A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4887 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2018-02-27 | not yet calculated | CVE-2018-4898 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of Enhanced Metafile Format processing engine (within the image conversion module). A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4885 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contains a malformed JBIG2 stream. Successful exploitation could lead to arbitrary code execution. | 2018-02-27 | not yet calculated | CVE-2018-4892 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data that embeds an image in the bitmap (BMP) file format. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4884 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that reads bitmap image file (BMP) data. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4881 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4882 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the conversion module that reads U3D data. A successful attack can lead to sensitive data exposure. | 2018-02-27 | not yet calculated | CVE-2018-4880 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2018-02-27 | not yet calculated | CVE-2018-4879 BID SECTRACK CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM. | 2018-02-27 | not yet calculated | CVE-2018-4875 BID SECTRACK CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. | 2018-02-27 | not yet calculated | CVE-2018-4876 BID SECTRACK CONFIRM |
| amazon -- music_player | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521. | 2018-03-01 | not yet calculated | CVE-2018-1169 MISC |
| aoutx.h -- libbfd | The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. | 2018-03-02 | not yet calculated | CVE-2018-7642 MISC MISC |
| apache -- tomcat | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. | 2018-02-28 | not yet calculated | CVE-2018-1304 BID SECTRACK MISC |
| apache -- tomcat | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. | 2018-02-23 | not yet calculated | CVE-2018-1305 BID SECTRACK MISC |
| apache -- geode | When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code. | 2018-02-25 | not yet calculated | CVE-2017-15696 MISC |
| apache -- geode | In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath. | 2018-02-27 | not yet calculated | CVE-2017-15692 MLIST |
| apache -- geode | In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath. | 2018-02-27 | not yet calculated | CVE-2017-15693 MLIST |
| apache -- james | Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3. | 2018-02-27 | not yet calculated | CVE-2012-3536 MISC MISC |
| apache -- openmeetings | In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 2018-02-28 | not yet calculated | CVE-2018-1286 MLIST |
| apache -- traffic_server | There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump. | 2018-02-27 | not yet calculated | CVE-2017-7671 MLIST DEBIAN |
| apache -- traffic_server | There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. | 2018-02-27 | not yet calculated | CVE-2017-5660 MLIST DEBIAN |
| apache -- xerces-c_xml_parser_library | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 2018-03-01 | not yet calculated | CVE-2017-12627 MLIST CONFIRM |
| asanhamayesh_cms -- asanhamayesh_cms | SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | 2018-02-26 | not yet calculated | CVE-2018-7463 MISC |
| axxonsoft_axxon_next -- axxonsoft_axxon_next | AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | 2018-02-27 | not yet calculated | CVE-2018-7467 MISC |
| blackcat_cms -- blackcat_cms | Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. | 2018-02-28 | not yet calculated | CVE-2015-5079 MISC BUGTRAQ MISC |
| blue_river_mura_cms -- blue_river_mura_cms | Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload. | 2018-02-26 | not yet calculated | CVE-2018-7486 MISC |
| bonita -- bpm_portal | Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice. | 2018-02-28 | not yet calculated | CVE-2015-3898 MISC BUGTRAQ MISC |
| build_package -- build_package | The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | 2018-03-01 | not yet calculated | CVE-2017-14804 SUSE SUSE SUSE |
| citrix -- netscaler | Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. | 2018-03-01 | not yet calculated | CVE-2018-5314 BID SECTRACK CONFIRM |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. | 2018-03-01 | not yet calculated | CVE-2018-7587 MISC |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. | 2018-03-01 | not yet calculated | CVE-2018-7589 MISC MISC |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1. | 2018-03-02 | not yet calculated | CVE-2018-7640 MISC |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16. | 2018-03-02 | not yet calculated | CVE-2018-7639 MISC |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4. | 2018-03-02 | not yet calculated | CVE-2018-7637 MISC |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8. | 2018-03-02 | not yet calculated | CVE-2018-7638 MISC |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. | 2018-03-01 | not yet calculated | CVE-2018-7588 MISC MISC |
| clmg.h -- clmg.h | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32. | 2018-03-02 | not yet calculated | CVE-2018-7641 MISC |
| cms -- made_simple | Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 2018-02-26 | not yet calculated | CVE-2018-7448 MISC MISC EXPLOIT-DB |
| comforte -- swap | comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used on HPE NonStop systems and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0. | 2018-02-28 | not yet calculated | CVE-2018-6653 CONFIRM |
| concrete5 -- concrete5 | An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. | 2018-02-26 | not yet calculated | CVE-2017-18195 MISC MISC MISC EXPLOIT-DB |
| cryptctl -- cryptctl | In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. | 2018-03-01 | not yet calculated | CVE-2017-9270 CONFIRM SUSE CONFIRM |
| dayrui -- finecms | controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character. | 2018-02-25 | not yet calculated | CVE-2018-7476 MISC MISC |
| design_science_mathtype -- design_science_mathtype | A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d. | 2018-02-28 | not yet calculated | CVE-2018-6638 MISC MISC |
| design_science_mathtype -- design_science_mathtype | An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d. | 2018-02-28 | not yet calculated | CVE-2018-6639 MISC MISC |
| design_science_mathtype -- design_science_mathtype | An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d. | 2018-02-28 | not yet calculated | CVE-2018-6641 MISC MISC |
| design_science_mathtype -- design_science_mathtype | A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | 2018-02-28 | not yet calculated | CVE-2018-6640 MISC MISC |
| designer-studio -- pegasystems_pega_platform | An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages. | 2018-02-27 | not yet calculated | CVE-2017-17478 CONFIRM |
| disk_savvy_enterprise -- disk_savvy_enterprise | A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124. | 2018-02-27 | not yet calculated | CVE-2018-6481 MISC MISC EXPLOIT-DB MISC |
| dovecot -- dovecot | A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. | 2018-03-02 | not yet calculated | CVE-2017-15130 MLIST CONFIRM DEBIAN MLIST |
| dovecot -- dovecot | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. | 2018-03-02 | not yet calculated | CVE-2017-14461 MISC DEBIAN MLIST |
| drupal -- drupal | In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module. | 2018-03-01 | not yet calculated | CVE-2017-6931 MISC |
| drupal -- drupal | In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments. | 2018-03-01 | not yet calculated | CVE-2017-6926 MISC |
| drupal -- drupal | A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module. | 2018-03-01 | not yet calculated | CVE-2017-6929 MLIST DEBIAN MISC |
| drupal -- drupal | Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site. | 2018-03-01 | not yet calculated | CVE-2017-6932 MLIST DEBIAN MISC |
| drupal -- drupal | In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records(). | 2018-03-01 | not yet calculated | CVE-2017-6930 MISC |
| drupal -- drupal | Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. | 2018-03-01 | not yet calculated | CVE-2017-6928 MLIST DEBIAN MISC |
| drupal -- drupal | Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected. | 2018-03-01 | not yet calculated | CVE-2017-6927 BID MLIST DEBIAN MISC |
| dualdesk -- proxy.exe | Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | 2018-03-03 | not yet calculated | CVE-2018-7583 EXPLOIT-DB |
| dwarf.c -- gnu_binutils | The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. | 2018-03-02 | not yet calculated | CVE-2018-7643 MISC |
| dwarfl.c -- dwarfl.c | The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. | 2018-02-28 | not yet calculated | CVE-2018-7568 MISC |
| dwarfl.c -- dwarfl.c | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. | 2018-02-28 | not yet calculated | CVE-2018-7569 MISC |
| elf.c -- elf.c | The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. | 2018-02-28 | not yet calculated | CVE-2018-7570 MISC MISC |
| enalean_tuleap -- enalean_tuleap | An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover. | 2018-03-01 | not yet calculated | CVE-2018-7634 CONFIRM |
| exponent_cms -- exponent_cms | In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 2018-03-03 | not yet calculated | CVE-2017-18213 MISC MISC |
| f5_big-ip_systems -- f5_big-ip_systems | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. | 2018-03-01 | not yet calculated | CVE-2017-6154 CONFIRM |
| f5_big-ip_systems -- f5_big-ip_systems | Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). | 2018-03-01 | not yet calculated | CVE-2017-6150 CONFIRM |
| f5_big_ip_systems -- f5_big_ip_systems | In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. | 2018-03-01 | not yet calculated | CVE-2018-5501 CONFIRM |
| f5_big_ip_systems -- f5_big_ip_systems | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. | 2018-03-01 | not yet calculated | CVE-2018-5500 CONFIRM |
| fasterxml -- jackson-databind | FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. | 2018-02-26 | not yet calculated | CVE-2018-7489 CONFIRM |
| ffmpeg -- ffmpeg | The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | 2018-02-28 | not yet calculated | CVE-2018-7557 CONFIRM |
| foxit -- mobile_pdf_app | A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this. | 2018-02-26 | not yet calculated | CVE-2017-16813 CONFIRM |
| foxit -- mobile_pdf_app | A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files. | 2018-02-26 | not yet calculated | CVE-2017-16814 CONFIRM |
| freexl -- freexl | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record. | 2018-02-23 | not yet calculated | CVE-2018-7439 MISC MISC MLIST DEBIAN |
| freexl -- freexl | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function. | 2018-02-23 | not yet calculated | CVE-2018-7435 MISC MISC MLIST DEBIAN |
| freexl -- freexl | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function. | 2018-02-23 | not yet calculated | CVE-2018-7437 MISC MISC MLIST DEBIAN |
| freexl -- freexl | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function. | 2018-02-23 | not yet calculated | CVE-2018-7438 MISC MISC MLIST DEBIAN |
| freexl -- freexl | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function. | 2018-02-23 | not yet calculated | CVE-2018-7436 MISC MISC MLIST DEBIAN |
| ftpshell_client -- ftpshell_client | An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465. | 2018-03-01 | not yet calculated | CVE-2018-7573 MISC |
| gnu -- libcdio | print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. | 2018-02-24 | not yet calculated | CVE-2017-18198 CONFIRM BID CONFIRM |
| gnu -- libcdio | An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | 2018-02-26 | not yet calculated | CVE-2017-18201 BID CONFIRM |
| gnu -- libcdio | realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. | 2018-02-24 | not yet calculated | CVE-2017-18199 CONFIRM BID CONFIRM |
| hoosk -- hoosk | CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | 2018-03-01 | not yet calculated | CVE-2018-7590 MISC |
| htc -- customer_link_bridge | This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264. | 2018-03-01 | not yet calculated | CVE-2018-1170 MISC |
| httpd -- tenda_ac9 | Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 2018-03-01 | not yet calculated | CVE-2018-7561 MISC |
| ibm -- bigfix_platform | IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302. | 2018-02-28 | not yet calculated | CVE-2016-0291 CONFIRM XF |
| ibm -- bigfix_platform | Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. | 2018-02-28 | not yet calculated | CVE-2016-0295 CONFIRM XF |
| ibm -- daeja_viewone_professional | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435. | 2018-02-27 | not yet calculated | CVE-2018-1399 CONFIRM MISC |
| ibm -- publishing_engine | IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. | 2018-03-02 | not yet calculated | CVE-2017-1787 CONFIRM MISC |
| ibm -- security_guardium_big_data_intelligence_sonarg | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772. | 2018-02-27 | not yet calculated | CVE-2018-1372 CONFIRM MISC |
| ibm -- security_guardium_big_data_intelligence_sonarg | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. | 2018-03-02 | not yet calculated | CVE-2018-1373 CONFIRM BID MISC |
| ibm -- security_guardium_big_data_intelligence_sonarg | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | 2018-02-26 | not yet calculated | CVE-2018-1377 CONFIRM MISC |
| ibm -- security_guardium_big_data_intelligence_sonarg | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818. | 2018-02-26 | not yet calculated | CVE-2017-1774 CONFIRM MISC |
| ibm -- security_guardium_big_data_intelligence_sonarg | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003. | 2018-02-27 | not yet calculated | CVE-2018-1425 CONFIRM MISC |
| ibm -- spectrum_scale | IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378. | 2018-03-02 | not yet calculated | CVE-2017-1654 CONFIRM MISC |
| ibm -- tririga_application_platform | IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382. | 2018-02-28 | not yet calculated | CVE-2016-0299 CONFIRM XF |
| ibm -- websphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822. | 2018-02-27 | not yet calculated | CVE-2018-1416 CONFIRM BID MISC |
| icinga -- icinga | An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker. | 2018-02-27 | not yet calculated | CVE-2018-6535 CONFIRM CONFIRM |
| icinga -- icinga | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer. | 2018-02-27 | not yet calculated | CVE-2018-6532 CONFIRM |
| icinga -- icinga | An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933). | 2018-02-27 | not yet calculated | CVE-2018-6533 CONFIRM |
| icinga -- icinga | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. | 2018-02-27 | not yet calculated | CVE-2018-6534 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | 2018-03-01 | not yet calculated | CVE-2017-18210 MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. | 2018-03-01 | not yet calculated | CVE-2017-18211 MISC |
| imagemagick -- getopenclcachedfilesdirectoryfunction | In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. | 2018-03-01 | not yet calculated | CVE-2017-18209 MISC |
| imagemagick -- imagemagick | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). | 2018-02-23 | not yet calculated | CVE-2018-7443 MISC MLIST |
| imagemagick -- imagemagick | An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | 2018-02-25 | not yet calculated | CVE-2018-7470 CONFIRM |
| in_pcx.cpp -- in_pcx.cpp | There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact. | 2018-02-26 | not yet calculated | CVE-2018-7487 MISC |
| index.php -- wondercms | In index.php in WonderCMS 2.4.0, remote attackers can delete arbitrary files via directory traversal. | 2018-02-27 | not yet calculated | CVE-2018-7172 MISC |
| input-bmp.ci -- input-bmp.ci | There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | 2018-02-28 | not yet calculated | CVE-2018-7554 MISC MISC |
| invt_studio -- invt_studio | INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations. | 2018-02-25 | not yet calculated | CVE-2018-7472 MISC |
| jerryscript -- jerryscript | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload. | 2018-03-01 | not yet calculated | CVE-2017-18212 MISC |
| jpxstream -- jpxstream | An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | 2018-02-24 | not yet calculated | CVE-2018-7455 MISC |
| jpxstream -- jpxstream | A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | 2018-02-24 | not yet calculated | CVE-2018-7452 MISC |
| kingview -- kingview | KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations. | 2018-02-25 | not yet calculated | CVE-2018-7471 MISC |
| libtiff -- libtiff | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) | 2018-02-24 | not yet calculated | CVE-2018-7456 MISC MISC |
| libzypp -- libzypp | In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. | 2018-03-01 | not yet calculated | CVE-2017-7436 CONFIRM SUSE CONFIRM |
| libzypp -- libzypp | In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. | 2018-03-01 | not yet calculated | CVE-2017-7435 CONFIRM SUSE CONFIRM |
| libzypp -- libzypp | In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. | 2018-03-01 | not yet calculated | CVE-2017-9269 CONFIRM SUSE CONFIRM |
| limesurvey -- limesurvey | LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. | 2018-02-28 | not yet calculated | CVE-2018-7556 CONFIRM |
| linux -- linux_kernel | The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. | 2018-03-01 | not yet calculated | CVE-2017-18208 MISC MISC MISC |
| linux -- linux_kernel | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition. | 2018-02-23 | not yet calculated | CVE-2017-15829 BID CONFIRM |
| linux -- linux_kernel | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur. | 2018-02-23 | not yet calculated | CVE-2017-15820 BID CONFIRM |
| linux -- linux_kernel | The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | 2018-03-02 | not yet calculated | CVE-2018-1066 MISC MISC MISC MISC |
| linux -- linux_kernel | The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. | 2018-03-02 | not yet calculated | CVE-2018-1065 MISC MISC MISC MISC MISC |
| linux -- linux_kernel | The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. | 2018-02-27 | not yet calculated | CVE-2017-18204 MISC BID MISC MISC |
| linux -- linux_kernel | In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg. | 2018-02-23 | not yet calculated | CVE-2017-14884 BID CONFIRM |
| linux -- linux_kernel | In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure. | 2018-02-23 | not yet calculated | CVE-2017-15817 BID CONFIRM |
| linux -- linux_kernel | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | 2018-02-26 | not yet calculated | CVE-2018-7492 MISC BID MISC MISC MISC MISC MISC |
| linux -- linux_kernel | The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. | 2018-02-27 | not yet calculated | CVE-2017-18203 MISC MISC MISC |
| linux -- linux_kernel | The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. | 2018-02-25 | not yet calculated | CVE-2017-18200 CONFIRM CONFIRM |
| linux -- linux_kernel | The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. | 2018-02-27 | not yet calculated | CVE-2017-18202 MISC BID MISC MISC |
| linux -- linux_kernel | In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer. | 2018-02-23 | not yet calculated | CVE-2017-17767 BID CONFIRM |
| linux -- linux_kernel | In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow. | 2018-02-23 | not yet calculated | CVE-2017-17765 BID CONFIRM |
| linux -- linux_kernel | In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow. | 2018-02-23 | not yet calculated | CVE-2017-17764 BID CONFIRM |
| linux -- linuz_kernel | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | 2018-02-25 | not yet calculated | CVE-2018-7480 MISC MISC |
| linux -- selinux | Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. | 2018-03-02 | not yet calculated | CVE-2018-1063 CONFIRM |
| lyadmin -- lyadmin | lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI. | 2018-02-27 | not yet calculated | CVE-2018-7547 MISC |
| mapping.cpp -- mapping.cpp | There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | 2018-02-28 | not yet calculated | CVE-2018-7552 MISC MISC |
| micro_focus -- operations_orchestration_software | Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service. | 2018-03-01 | not yet calculated | CVE-2018-6490 CONFIRM MISC |
| microsoft -- identity_manager | Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability." | 2018-02-26 | not yet calculated | CVE-2018-0908 BID CONFIRM |
| microsoft -- safenet_authentication_service_end_user_software_tools | SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7596 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_for_ad_fs_agent | SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7963 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_for_citrix_web_interface_agent | SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7967 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_for_outlook_web_app_agent | SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7962 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_iis_agent | SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7597 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_remote_web_workplace_agent | SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7961 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_token_validator_proxy_agent | SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7598 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_windows_logon_agent | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966. | 2018-03-02 | not yet calculated | CVE-2015-7965 MISC MISC CONFIRM |
| microsoft -- safenet_authentication_service_windows_logon_agent | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. | 2018-03-02 | not yet calculated | CVE-2015-7966 MISC MISC CONFIRM |
| microsoft -- safenet_authetication_service_for_nps_agent | SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 2018-03-02 | not yet calculated | CVE-2015-7964 MISC MISC CONFIRM |
| microsoft -- windows_vista | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | 2018-02-26 | not yet calculated | CVE-2018-7249 MISC |
| microsoft -- windows_vista | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. | 2018-02-26 | not yet calculated | CVE-2018-7250 MISC |
| minips -- minips | There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | 2018-02-28 | not yet calculated | CVE-2018-7551 MISC MISC |
| mj2_opj_mj2_extract.c -- openjpeg | An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. | 2018-03-02 | not yet calculated | CVE-2018-7648 MISC MISC |
| netiq -- access_manager | Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. | 2018-03-02 | not yet calculated | CVE-2017-14801 CONFIRM |
| netiq -- access_manager | A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. | 2018-03-01 | not yet calculated | CVE-2017-14800 CONFIRM |
| netiq -- edirectory_pki | The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | 2018-03-02 | not yet calculated | CVE-2017-7429 CONFIRM CONFIRM CONFIRM |
| netiq -- edirectory | NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 2018-03-02 | not yet calculated | CVE-2017-9285 CONFIRM CONFIRM CONFIRM |
| netiq -- identity_manager | NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. | 2018-03-02 | not yet calculated | CVE-2017-9279 CONFIRM CONFIRM |
| netiq -- identity_manager | The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. | 2018-03-01 | not yet calculated | CVE-2017-7426 CONFIRM |
| netiq -- identity_manager | Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | 2018-03-02 | not yet calculated | CVE-2017-9280 CONFIRM CONFIRM |
| netiq -- identity_manager | In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. | 2018-03-02 | not yet calculated | CVE-2017-7434 CONFIRM CONFIRM |
| netiq -- access_manager | A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider. | 2018-03-02 | not yet calculated | CVE-2017-7419 CONFIRM CONFIRM |
| netiq -- access_manager | A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. | 2018-03-01 | not yet calculated | CVE-2017-14799 CONFIRM |
| netiq -- identity_manager | The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | 2018-03-02 | not yet calculated | CVE-2017-9278 CONFIRM CONFIRM |
| netiq -- imanager | NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance. | 2018-03-02 | not yet calculated | CVE-2017-5189 CONFIRM CONFIRM |
| netiq -- privileged_account_manager | NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | 2018-03-02 | not yet calculated | CVE-2017-7438 CONFIRM CONFIRM |
| node.js -- node.js | index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. | 2018-03-03 | not yet calculated | CVE-2018-7651 CONFIRM CONFIRM CONFIRM |
| novell -- access_manager_admin_console_and_idp_servers | Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | 2018-03-02 | not yet calculated | CVE-2017-14802 CONFIRM |
| novell -- access_manager_imanager | Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. | 2018-03-02 | not yet calculated | CVE-2017-9276 CONFIRM |
| novell -- edirectory | In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | 2018-03-02 | not yet calculated | CVE-2017-9267 CONFIRM |
| novell -- edirectory | The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | 2018-03-02 | not yet calculated | CVE-2017-9277 CONFIRM CONFIRM CONFIRM |
| nxfuse -- nxfuse | An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. | 2018-02-28 | not yet calculated | CVE-2018-6947 EXPLOIT-DB EXPLOIT-DB MISC CONFIRM CONFIRM CONFIRM |
| obs-service-source_validator -- obs-service-source_validator | A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | 2018-03-01 | not yet calculated | CVE-2017-9274 CONFIRM SUSE CONFIRM |
| open_build_service -- open_build_service | In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | 2018-03-01 | not yet calculated | CVE-2017-9268 CONFIRM CONFIRM |
| open_buildservice -- open_buildservice | The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | 2018-03-01 | not yet calculated | CVE-2017-5188 CONFIRM CONFIRM CONFIRM |
| open_buildservice -- open_buildservice | In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | 2018-03-02 | not yet calculated | CVE-2015-0796 CONFIRM CONFIRM |
| opensuse -- nextcloud | The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. | 2018-03-01 | not yet calculated | CVE-2017-9286 CONFIRM SUSE CONFIRM |
| parallels -- remote_application_server | In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences. | 2018-02-28 | not yet calculated | CVE-2017-9447 MISC |
| php_scripts -- php_scripts | PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type). | 2018-02-28 | not yet calculated | CVE-2018-7469 MISC |
| php_scripts -- php_scripts | SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | 2018-02-28 | not yet calculated | CVE-2018-7477 EXPLOIT-DB |
| php -- php | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. | 2018-03-01 | not yet calculated | CVE-2018-7584 CONFIRM BID CONFIRM CONFIRM |
| php -- php | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | 2018-02-23 | not yet calculated | CVE-2018-6859 MISC EXPLOIT-DB |
| piwigo -- piwigo | Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator. | 2018-02-24 | not yet calculated | CVE-2018-6883 MISC MISC |
| piwigo -- piwigo | ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. | 2018-02-25 | not yet calculated | CVE-2017-9426 MISC EXPLOIT-DB MISC |
| piwigo -- piwigo | The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action. | 2018-02-25 | not yet calculated | CVE-2017-9425 MISC EXPLOIT-DB MISC |
| postgresql -- postgresql | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. | 2018-03-02 | not yet calculated | CVE-2018-1058 CONFIRM CONFIRM |
| postgresql -- postgresql | A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | 2018-03-01 | not yet calculated | CVE-2017-14798 SUSE CONFIRM CONFIRM |
| prestashop -- prestashop | In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. | 2018-02-26 | not yet calculated | CVE-2018-7491 MISC MISC |
| purevpn -- purevpn | An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking. | 2018-02-25 | not yet calculated | CVE-2018-7484 MISC MISC |
| quick_emulator_qemu -- quick_emulator_qemu | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | 2018-03-01 | not yet calculated | CVE-2018-7550 BID CONFIRM MLIST |
| red_hat -- satellite_6 | When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates. | 2018-02-27 | not yet calculated | CVE-2017-15136 CONFIRM |
| ruby -- ox_gem | In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. | 2018-02-26 | not yet calculated | CVE-2017-16229 MISC MISC |
| sam2p -- sam2p | There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | 2018-02-28 | not yet calculated | CVE-2018-7553 MISC MISC |
| sap -- basis | ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 2018-03-01 | not yet calculated | CVE-2018-2367 BID CONFIRM CONFIRM |
| sap -- crm | SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 2018-03-01 | not yet calculated | CVE-2018-2380 BID CONFIRM CONFIRM |
| sap -- netweaver | SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2018-03-01 | not yet calculated | CVE-2018-2365 BID CONFIRM CONFIRM |
| sap -- netweaver | SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 2018-03-01 | not yet calculated | CVE-2018-2368 BID CONFIRM CONFIRM |
| segger -- segger | SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | 2018-03-03 | not yet calculated | CVE-2018-7449 EXPLOIT-DB |
| shibboleth -- service_provider | Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. | 2018-02-27 | not yet calculated | CVE-2018-0489 BID SECTRACK MLIST CONFIRM DEBIAN |
| synology -- surveillance_station | File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | 2018-02-27 | not yet calculated | CVE-2017-16770 CONFIRM |
| synology -- surveillance_station | Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | 2018-02-27 | not yet calculated | CVE-2017-16767 CONFIRM |
| testlink -- testlink | install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value. | 2018-02-25 | not yet calculated | CVE-2018-7466 MISC |
| unisys -- clearpath_mcp_systems | The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | 2018-02-26 | not yet calculated | CVE-2018-5762 CONFIRM |
| unix -- odbc | The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 2018-02-26 | not yet calculated | CVE-2018-7485 BID MISC |
| uwsgi -- uwsgi | uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. | 2018-02-26 | not yet calculated | CVE-2018-7490 CONFIRM |
| vesta -- control_panel | Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. | 2018-02-28 | not yet calculated | CVE-2015-4117 CONFIRM EXPLOIT-DB MISC |
| vmware -- cloudforms | A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to. | 2018-02-28 | not yet calculated | CVE-2017-12191 REDHAT CONFIRM |
| way_389-ds_base -- way_389-ds_base | A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | 2018-03-01 | not yet calculated | CVE-2017-15134 BID REDHAT CONFIRM MISC |
| wireless_ip -- camera_360_devices | An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456. | 2018-02-26 | not yet calculated | CVE-2017-11634 MISC |
| wireless_ip -- camera_360_devices | An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card. | 2018-02-26 | not yet calculated | CVE-2017-11635 MISC |
| wireless_ip -- camera_360_devices | An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session. | 2018-02-26 | not yet calculated | CVE-2017-11632 MISC |
| wireless_ip -- camera_360_devices | An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field. | 2018-02-26 | not yet calculated | CVE-2017-11633 MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. | 2018-02-23 | not yet calculated | CVE-2018-7420 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. | 2018-02-23 | not yet calculated | CVE-2018-7419 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. | 2018-02-23 | not yet calculated | CVE-2018-7417 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. | 2018-02-23 | not yet calculated | CVE-2018-7418 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. | 2018-02-23 | not yet calculated | CVE-2018-7337 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. | 2018-02-23 | not yet calculated | CVE-2018-7334 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. | 2018-02-23 | not yet calculated | CVE-2018-7336 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. | 2018-02-23 | not yet calculated | CVE-2018-7335 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. | 2018-02-23 | not yet calculated | CVE-2018-7320 BID CONFIRM CONFIRM CONFIRM |
| wordpress -- ithemes | The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | 2018-03-02 | not yet calculated | CVE-2018-7433 MISC |
| wordpress -- wordpress | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 2018-03-01 | not yet calculated | CVE-2018-7586 CONFIRM |
| wowza -- streaming_engine | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request. | 2018-03-01 | not yet calculated | CVE-2018-7049 MISC MISC |
| wowza -- streaming_engine | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request. | 2018-03-01 | not yet calculated | CVE-2018-7048 MISC MISC |
| wowza -- streaming_engine | An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well). | 2018-03-01 | not yet calculated | CVE-2018-7047 MISC MISC |
| xen -- xen | An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. | 2018-02-27 | not yet calculated | CVE-2018-7542 CONFIRM |
| xen -- xen | An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. | 2018-02-27 | not yet calculated | CVE-2018-7541 CONFIRM |
| xen -- xen | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. | 2018-02-27 | not yet calculated | CVE-2018-7540 CONFIRM |
| xfaform -- xfaform | A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | 2018-02-24 | not yet calculated | CVE-2018-7454 MISC |
| yzmcms -- yzmcms | \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | 2018-03-01 | not yet calculated | CVE-2018-7579 MISC |
| yzmcms -- yzmcms | YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. | 2018-02-25 | not yet calculated | CVE-2018-7479 MISC |
| zonemaster -- web_gui | lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | 2018-03-03 | not yet calculated | CVE-2018-7652 CONFIRM CONFIRM CONFIRM CONFIRM |
| zsh -- builtin.c | In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. | 2018-02-27 | not yet calculated | CVE-2017-18205 MISC |
| zsh -- exec.c | In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | 2018-02-27 | not yet calculated | CVE-2014-10071 MISC |
| zsh -- params.c | In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | 2018-02-27 | not yet calculated | CVE-2018-7549 MISC |
| zsh -- subst.c | In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | 2018-02-27 | not yet calculated | CVE-2018-7548 MISC |
| zsh -- utils.c | In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. | 2018-02-27 | not yet calculated | CVE-2014-10072 MISC |
| zsh -- utils.c | In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | 2018-02-27 | not yet calculated | CVE-2017-18206 MISC |
| zsh -- zsh | zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled. | 2018-02-27 | not yet calculated | CVE-2014-10070 MISC MISC |
| zsh -- zsh | In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | 2018-02-27 | not yet calculated | CVE-2016-10714 MISC |
| zypper -- zypper | The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | 2018-03-01 | not yet calculated | CVE-2017-9271 CONFIRM CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2tiiwvq