U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB18-029)

Vulnerability Summary for the Week of January 22, 2018

Original release date: January 29, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389-ds-base -- 389-ds-baseIt was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.2018-01-24not yet calculatedCVE-2017-15135
BID
CONFIRM
advantech -- webaccess/scadaA SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.2018-01-24not yet calculatedCVE-2018-5443
BID
MISC
advantech -- webaccess/scadaA Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.2018-01-24not yet calculatedCVE-2018-5445
BID
MISC
affiligator -- affiliate_webshop_management_systemSQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.2018-01-24not yet calculatedCVE-2018-5977
EXPLOIT-DB
apache -- hadoopThe YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.2018-01-24not yet calculatedCVE-2017-15718
MLIST
apache -- nifiA malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-23not yet calculatedCVE-2017-15697
CONFIRM
apache -- nifiAny authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-25not yet calculatedCVE-2017-15703
CONFIRM
apache -- nifiA malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-23not yet calculatedCVE-2017-12632
CONFIRM
artifex -- mujsjsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.2018-01-24not yet calculatedCVE-2018-5759
MISC
MISC
artifex -- mujsIn Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.2018-01-24not yet calculatedCVE-2018-6187
MISC
artifex -- mujsThe js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.2018-01-24not yet calculatedCVE-2018-6191
MISC
MISC
artifex -- mupdfHeap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.2018-01-22not yet calculatedCVE-2017-17858
MISC
MISC
MISC
artifex -- mupdfIn Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.2018-01-24not yet calculatedCVE-2018-6192
MISC
asus -- asuswrtAn issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.2018-01-22not yet calculatedCVE-2018-6000
MISC
MISC
MISC
EXPLOIT-DB
asus -- asuswrtAn issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.2018-01-22not yet calculatedCVE-2018-5999
MISC
MISC
MISC
EXPLOIT-DB
atlassian -- sourcetreeSourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability2018-01-25not yet calculatedCVE-2017-14593
CONFIRM
CONFIRM
atlassian -- sourcetreeSourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.2018-01-25not yet calculatedCVE-2017-14592
CONFIRM
CONFIRM
axtls -- axtlsaxTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.2018-01-22not yet calculatedCVE-2017-1000416
MISC
MISC
bigtree -- bigtreeCross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.2018-01-22not yet calculatedCVE-2018-6013
MISC
biscom -- biscom_secure_file_transferBiscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.2018-01-25not yet calculatedCVE-2016-10710
MISC
brace-expansion -- brace-expansionindex.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.2018-01-27not yet calculatedCVE-2017-18077
MISC
MISC
MISC
MISC
bylancer -- classified_ads_cms_quickadSQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.2018-01-24not yet calculatedCVE-2018-5972
EXPLOIT-DB
bylancer -- wchatSQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.2018-01-24not yet calculatedCVE-2018-5979
EXPLOIT-DB
bylancer -- zechatSQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.2018-01-24not yet calculatedCVE-2018-5978
EXPLOIT-DB
centos-webpanel.com -- centos_web_panelCentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.2018-01-21not yet calculatedCVE-2018-5961
MISC
centos-webpanel.com -- centos_web_panelindex.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.2018-01-21not yet calculatedCVE-2018-5962
MISC
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.2018-01-26not yet calculatedCVE-2017-12374
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.2018-01-26not yet calculatedCVE-2017-12376
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.2018-01-26not yet calculatedCVE-2017-12379
CONFIRM
CONFIRM
clamav -- clamavThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.2018-01-26not yet calculatedCVE-2017-12375
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.2018-01-26not yet calculatedCVE-2017-12378
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.2018-01-26not yet calculatedCVE-2017-12380
CONFIRM
CONFIRM
clamav -- clamavClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.2018-01-26not yet calculatedCVE-2017-12377
CONFIRM
CONFIRM
cms_made_simple -- cms_made_simpleCMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.2018-01-25not yet calculatedCVE-2018-5963
MISC
FULLDISC
MISC
cms_made_simple -- cms_made_simpleCMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.2018-01-25not yet calculatedCVE-2018-5964
MISC
FULLDISC
MISC
cms_made_simple -- cms_made_simpleCMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.2018-01-25not yet calculatedCVE-2018-5965
MISC
FULLDISC
MISC
cpp-ethereum -- cpp-ethereumAn exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12112
BID
MISC
cpp-ethereum -- cpp-ethereumAn exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12116
BID
MISC
cpp-ethereum -- cpp-ethereumAn exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12118
BID
MISC
cpp-ethereum -- cpp-ethereumAn exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-14457
BID
MISC
cpp-ethereum -- cpp-ethereum
 
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12113
BID
MISC
cpp-ethereum -- cpp-ethereum
 
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12114
BID
MISC
cpp-ethereum -- cpp-ethereum
 
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12119
BID
MISC
cpp-ethereum -- cpp-ethereum
 
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass.2018-01-19not yet calculatedCVE-2017-12115
BID
MISC
cpp-ethereum -- cpp-ethereum
 
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12117
BID
MISC
dasan -- gpon_ont_wifi_router_h640xBuffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).2018-01-21not yet calculatedCVE-2017-18046
MISC
dell_emc -- rsa_authentication_managerThe Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.2018-01-24not yet calculatedCVE-2017-15546
CONFIRM
SECTRACK
desigo – desigo_automation_controllers_and_operator_unit_pxm20-eA vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.2018-01-24not yet calculatedCVE-2018-4834
MISC
CONFIRM
dnsmasq -- dnsmasqA vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.2018-01-23not yet calculatedCVE-2017-15107
MLIST
BID
dovecot -- dovecotA flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.2018-01-25not yet calculatedCVE-2017-15132
CONFIRM
CONFIRM
dyw -- flexible_pollSQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.2018-01-24not yet calculatedCVE-2018-5988
EXPLOIT-DB
e.i_hi-tech -- professional_local_directory_scriptSQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.2018-01-25not yet calculatedCVE-2018-5973
MISC
EXPLOIT-DB
easycarscript.com -- easy_car_script_2014SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.2018-01-24not yet calculatedCVE-2018-5986
EXPLOIT-DB
electron -- electronGitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.2018-01-24not yet calculatedCVE-2018-1000006
BID
CONFIRM
MISC
EXPLOIT-DB
electrum -- electrumThe Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.2018-01-27not yet calculatedCVE-2018-6353
MISC
MISC
f5 -- big-ip_advanced_firewall_managerX509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.2018-01-19not yet calculatedCVE-2017-6142
SECTRACK
CONFIRM
fasterxml -- jackson-databindFasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.2018-01-21not yet calculatedCVE-2018-5968
MISC
flets -- virus_clearUntrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-01-26not yet calculatedCVE-2018-0507
JVN
flexense -- multiple_productsA buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.2018-01-24not yet calculatedCVE-2017-13696
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
MISC
flexsense -- sysguageThe server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.2018-01-23not yet calculatedCVE-2018-5359
MISC
EXPLOIT-DB
formspree -- formspreetemplates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.2018-01-27not yet calculatedCVE-2018-6354
MISC
freesshd -- freesshdFreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.2018-01-24not yet calculatedCVE-2017-1000475
MISC
gitstack -- gitstackAn issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.2018-01-21not yet calculatedCVE-2018-5955
MISC
gnu -- bitutilsThe elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-01-26not yet calculatedCVE-2018-6323
CONFIRM
gnu -- libtasn1An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.2018-01-22not yet calculatedCVE-2018-6003
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- androidBuffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713.2018-01-22not yet calculatedCVE-2016-5345
BID
CONFIRM
CONFIRM
groupsession -- groupsessionOpen redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2018-01-26not yet calculatedCVE-2017-2166
JVN
hp -- designjet_and_latex_printersHP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.2018-01-23not yet calculatedCVE-2017-2747
HP
hp -- jetadvantage_security_managerPotential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service.2018-01-23not yet calculatedCVE-2017-2746
HP
hp -- jetadvantage_security_managerPotential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser.2018-01-23not yet calculatedCVE-2017-2745
HP
hp -- multiple_printersInsufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.2018-01-23not yet calculatedCVE-2017-2750
BID
HP
hp -- multiple_printersHP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.2018-01-23not yet calculatedCVE-2017-2743
HP
hp -- pagewide_and_officejet_pro_printersA potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.2018-01-23not yet calculatedCVE-2017-2741
HP
EXPLOIT-DB
hp -- support_assistantThe vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.2018-01-23not yet calculatedCVE-2017-2744
HP
hp -- thinpro_operating_systemA potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.2018-01-23not yet calculatedCVE-2017-2740
HP
hp -- web_jetadminA potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.2018-01-23not yet calculatedCVE-2017-2742
SECTRACK
HP
ibm -- business_process_managerIBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.2018-01-24not yet calculatedCVE-2017-1769
CONFIRM
BID
MISC
ibm -- cognos_tm1IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617.2018-01-26not yet calculatedCVE-2017-1506
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.2018-01-26not yet calculatedCVE-2017-1545
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.2018-01-26not yet calculatedCVE-2017-1563
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.2018-01-26not yet calculatedCVE-2017-1540
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.2018-01-26not yet calculatedCVE-2017-1515
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.2018-01-26not yet calculatedCVE-2017-1516
CONFIRM
MISC
ibm -- doors_web_accessIBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 131769.2018-01-26not yet calculatedCVE-2017-1567
CONFIRM
MISC
ibm -- doors_web_accessIBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.2018-01-26not yet calculatedCVE-2017-1532
CONFIRM
MISC
ibm -- integration_busIBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.2018-01-19not yet calculatedCVE-2017-1693
CONFIRM
BID
MISC

ibm -- jazz_foundation

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.2018-01-26not yet calculatedCVE-2017-1653
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.2018-01-26not yet calculatedCVE-2017-1204
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.2018-01-26not yet calculatedCVE-2016-2983
CONFIRM
CONFIRM
MISC
ibm -- tealeaf_customer_experienceIBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.2018-01-26not yet calculatedCVE-2017-1279
CONFIRM
MISC
impulseadventure -- jpegsnoopImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.2018-01-25not yet calculatedCVE-2017-1000414
CONFIRM
CONFIRM
ipswitch -- whatsup_goldAn issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.2018-01-24not yet calculatedCVE-2018-5777
CONFIRM
ipswitch -- whatsup_goldAn issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.2018-01-24not yet calculatedCVE-2018-5778
CONFIRM
jbmc -- directadminJBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.2018-01-21not yet calculatedCVE-2017-18045
CONFIRM
jboss -- jboss_enterprise_application_platformIt was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.2018-01-24not yet calculatedCVE-2018-1048
CONFIRM
jenkins -- jenkinsJenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations.2018-01-25not yet calculatedCVE-2017-1000387
BID
CONFIRM
jenkins -- jenkinsThe Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.2018-01-25not yet calculatedCVE-2017-1000404
BID
CONFIRM
jenkins -- jenkinsThe Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to.2018-01-25not yet calculatedCVE-2017-1000400
CONFIRM
jenkins -- jenkinsThe Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API endpoint is now only available for tasks that the current user has access to.2018-01-25not yet calculatedCVE-2017-1000399
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.2018-01-25not yet calculatedCVE-2017-1000394
CONFIRM
jenkins -- jenkinsJenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.2018-01-25not yet calculatedCVE-2017-1000388
CONFIRM
jenkins -- jenkinsThe remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks.2018-01-25not yet calculatedCVE-2017-1000398
CONFIRM
jenkins -- jenkinsIn Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval.2018-01-25not yet calculatedCVE-2017-1000505
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.2018-01-25not yet calculatedCVE-2017-1000396
CONFIRM
jenkins -- jenkinsThe Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged.2018-01-25not yet calculatedCVE-2017-1000401
CONFIRM
jenkins -- jenkinsJenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.2018-01-25not yet calculatedCVE-2017-1000403
CONFIRM
jenkins -- jenkinsJenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.2018-01-25not yet calculatedCVE-2017-1000392
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator.2018-01-25not yet calculatedCVE-2017-1000395
CONFIRM
jenkins -- jenkinsSome URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.2018-01-25not yet calculatedCVE-2017-1000389
CONFIRM
jenkins -- jenkinsJenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output.2018-01-25not yet calculatedCVE-2017-1000386
BID
CONFIRM
jenkins -- jenkinsJenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.2018-01-25not yet calculatedCVE-2017-1000397
CONFIRM
jenkins -- jenkinsJenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000009
CONFIRM
jenkins -- jenkinsA race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.2018-01-24not yet calculatedCVE-2017-1000504
CONFIRM
jenkins -- jenkinsJenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000008
CONFIRM
jenkins -- jenkinsJenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.2018-01-25not yet calculatedCVE-2017-1000390
CONFIRM
jenkins -- jenkinsJenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.2018-01-23not yet calculatedCVE-2018-1000013
CONFIRM
jenkins -- jenkinsOn Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.2018-01-23not yet calculatedCVE-2018-1000015
CONFIRM
jenkins -- jenkinsUsers with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators.2018-01-24not yet calculatedCVE-2017-1000502
CONFIRM
jenkins -- jenkinsJenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000010
CONFIRM
jenkins -- jenkinsA race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.2018-01-24not yet calculatedCVE-2017-1000503
CONFIRM
jenkins -- jenkinsJenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.2018-01-25not yet calculatedCVE-2017-1000391
CONFIRM
jenkins -- jenkinsJenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000011
CONFIRM
jenkins -- jenkinsJenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators.2018-01-25not yet calculatedCVE-2017-1000393
CONFIRM
jenkins -- jenkinsJenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.2018-01-25not yet calculatedCVE-2017-1000402
CONFIRM
jenkins -- jenkinsJenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.2018-01-23not yet calculatedCVE-2018-1000014
BID
CONFIRM
jenkins -- jenkinsJenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.2018-01-23not yet calculatedCVE-2018-1000012
CONFIRM
joomla! -- joomla!SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.2018-01-24not yet calculatedCVE-2018-5984
EXPLOIT-DB
joomla! -- joomla!SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.2018-01-24not yet calculatedCVE-2018-5985
EXPLOIT-DB
kingsoft -- wps_officeThe WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.2018-01-25not yet calculatedCVE-2018-6217
MISC
knot_resolver -- knot_resolverImproper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.2018-01-22not yet calculatedCVE-2018-1000002
CONFIRM
labf -- nfsaxeBuffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.2018-01-21not yet calculatedCVE-2017-18047
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
lenovo -- fingerprint_manager_proSensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.2018-01-25not yet calculatedCVE-2017-3762
CONFIRM
lenovo -- integrated_management_module_2An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.2018-01-26not yet calculatedCVE-2017-3768
CONFIRM
libcurl -- libcurllibcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.2018-01-24not yet calculatedCVE-2018-1000005
SECTRACK
CONFIRM
CONFIRM
DEBIAN
libcurl -- libcurllibcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.2018-01-24not yet calculatedCVE-2018-1000007
SECTRACK
CONFIRM
DEBIAN
libming -- libmingThe printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.2018-01-27not yet calculatedCVE-2018-6358
CONFIRM
libming -- libmingThe decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-27not yet calculatedCVE-2018-6359
CONFIRM
libming -- libmingThe outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-25not yet calculatedCVE-2018-6315
CONFIRM
libvirt -- libvirtqemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.2018-01-25not yet calculatedCVE-2018-5748
MLIST
linux -- linux_kernelOn multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.2018-01-23not yet calculatedCVE-2015-1142857
MLIST
CONFIRM
MISC
linux -- linux_kernelThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.2018-01-26not yet calculatedCVE-2018-5750
CONFIRM
linux – linux_kernelcrypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.2018-01-24not yet calculatedCVE-2017-18075
CONFIRM
BID
CONFIRM
CONFIRM
mailman -- mailmanCross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-23not yet calculatedCVE-2018-5950
MLIST
mariadb_and_percona -- mariadb_ and_percona_xtradb_clustersql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.2018-01-25not yet calculatedCVE-2017-15365
CONFIRM
CONFIRM
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRM
matrixssl -- matrixsslMatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.2018-01-22not yet calculatedCVE-2017-1000417
MISC
MISC
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220011.2018-01-24not yet calculatedCVE-2018-6206
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22000d.2018-01-24not yet calculatedCVE-2018-6208
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.2018-01-24not yet calculatedCVE-2018-6207
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220009.2018-01-24not yet calculatedCVE-2018-6205
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.2018-01-24not yet calculatedCVE-2018-6204
MISC
maxsecure -- maxsecure_antivirusIn Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.2018-01-24not yet calculatedCVE-2018-6209
MISC
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0845
BID
CONFIRM
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0848
BID
CONFIRM
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0862
BID
CONFIRM
microsoft -- officeEquation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22not yet calculatedCVE-2018-0849
BID
CONFIRM
microworld_technologies -- escan_antivirusIn eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4.2018-01-24not yet calculatedCVE-2018-6201
MISC
microworld_technologies -- escan_antivirusIn eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C.2018-01-24not yet calculatedCVE-2018-6203
MISC
microworld_technologies -- escan_antivirusIn eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8.2018-01-24not yet calculatedCVE-2018-6202
MISC
mojang -- minecraft_servers_list_lite_and_premium_minecraft_servers_listinstall.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.2018-01-23not yet calculatedCVE-2018-5749
MISC
monstra -- monstra_cmsMonstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.2018-01-23not yet calculatedCVE-2017-18048
MISC
MISC
MISC
EXPLOIT-DB
moodle -- moodleIn Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.2018-01-22not yet calculatedCVE-2018-1043
BID
CONFIRM
moodle -- moodleIn Moodle 3.x, there is XSS via a calendar event name.2018-01-22not yet calculatedCVE-2018-1045
BID
CONFIRM
moodle -- moodleIn Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.2018-01-22not yet calculatedCVE-2018-1044
BID
CONFIRM
moodle -- moodleMoodle 3.x has Server Side Request Forgery in the filepicker.2018-01-22not yet calculatedCVE-2018-1042
BID
CONFIRM
mpv -- mpvmpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.2018-01-27not yet calculatedCVE-2018-6360
MISC
MISC
nari -- pcs-9611An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.2018-01-25not yet calculatedCVE-2018-5447
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099.2018-01-22not yet calculatedCVE-2017-16590
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5100.2018-01-22not yet calculatedCVE-2017-16591
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103.2018-01-22not yet calculatedCVE-2017-16592
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.2018-01-22not yet calculatedCVE-2017-16610
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080.2018-01-22not yet calculatedCVE-2017-17407
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.2018-01-22not yet calculatedCVE-2017-16608
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753.2018-01-22not yet calculatedCVE-2017-17406
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197.2018-01-22not yet calculatedCVE-2017-16606
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196.2018-01-22not yet calculatedCVE-2017-16605
BID
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194.2018-01-22not yet calculatedCVE-2017-16603
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.2018-01-22not yet calculatedCVE-2017-16609
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118.2018-01-22not yet calculatedCVE-2017-16595
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104.2018-01-22not yet calculatedCVE-2017-16593
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193.2018-01-22not yet calculatedCVE-2017-16602
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191.2018-01-22not yet calculatedCVE-2017-16600
BID
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5119.2018-01-22not yet calculatedCVE-2017-16596
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718.2018-01-22not yet calculatedCVE-2017-16607
BID
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the ip parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5138.2018-01-22not yet calculatedCVE-2017-16598
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117.2018-01-22not yet calculatedCVE-2017-16594
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192.2018-01-22not yet calculatedCVE-2017-16601
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5137.2018-01-22not yet calculatedCVE-2017-16597
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195.2018-01-22not yet calculatedCVE-2017-16604
MISC
netgain_systems -- enterprise_managerThis vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190.2018-01-22not yet calculatedCVE-2017-16599
MISC
netiq -- access_manager_and_administrative_consoleA Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.2018-01-25not yet calculatedCVE-2018-1342
CONFIRM
netis -- wf2419_devicesNetis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.2018-01-25not yet calculatedCVE-2018-5967
MISC
netis -- wf2419_devicesNetis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.2018-01-24not yet calculatedCVE-2018-6190
MISC
nonecms -- nonecmsThe copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.2018-01-23not yet calculatedCVE-2018-6029
MISC
nonecms -- nonecmsDirectory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.2018-01-23not yet calculatedCVE-2018-6022
MISC
omniauth -- omniauthIn strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.2018-01-26not yet calculatedCVE-2017-18076
CONFIRM
CONFIRM
CONFIRM
openssh -- opensshsshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.2018-01-21not yet calculatedCVE-2016-10708
MISC
BID
MISC
MISC
ovirt -- ovirt-hosted-engine-setupAn information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.2018-01-24not yet calculatedCVE-2018-1000018
CONFIRM
CONFIRM
perfex_crm -- perfex_crmIn Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.2018-01-26not yet calculatedCVE-2017-17976
MISC
EXPLOIT-DB
pfsense -- pfsensepfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.2018-01-21not yet calculatedCVE-2016-10709
EXPLOIT-DB
MISC
MISC
MISC
photography_cms -- photography_cmsCross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.2018-01-24not yet calculatedCVE-2018-5969
EXPLOIT-DB
phpfreechat -- phpfreechatphpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands.2018-01-25not yet calculatedCVE-2018-5954
MISC
EXPLOIT-DB
podofo -- podofoIn PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.2018-01-27not yet calculatedCVE-2018-6352
MISC
powerdns -- powerdnsImproper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.2018-01-22not yet calculatedCVE-2018-1000003
CONFIRM
powerdns -- powerdns_authoritative
 
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.2018-01-23not yet calculatedCVE-2017-15091
BID
CONFIRM
powerdns -- powerdns_recursorWhen api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.2018-01-23not yet calculatedCVE-2017-15093
BID
CONFIRM
powerdns -- powerdns_recursorA cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.2018-01-23not yet calculatedCVE-2017-15092
BID
CONFIRM
powerdns -- powerdns_recursorAn issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).2018-01-23not yet calculatedCVE-2017-15094
BID
CONFIRM
powerdns -- powerdns_recursorAn issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.2018-01-23not yet calculatedCVE-2017-15090
BID
CONFIRM
putra -- rsvp_invitation_onlineCross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.2018-01-24not yet calculatedCVE-2018-5976
EXPLOIT-DB
qemu -- qemuThe vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.2018-01-23not yet calculatedCVE-2018-5683
MLIST
BID
MLIST
qemu -- qemuThe cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.2018-01-23not yet calculatedCVE-2017-18030
MLIST
BID
CONFIRM
ravpower -- filehubRAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.2018-01-24not yet calculatedCVE-2018-5319
EXPLOIT-DB
ravpower -- filehub
 
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.2018-01-25not yet calculatedCVE-2018-5997
EXPLOIT-DB
reservo -- image_hostingReservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.2018-01-24not yet calculatedCVE-2018-5705
MISC
EXPLOIT-DB
resteasy -- resteasyIt was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.2018-01-25not yet calculatedCVE-2018-1051
CONFIRM
rise -- ultimate_project_managerSQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.2018-01-23not yet calculatedCVE-2017-17999
MISC
EXPLOIT-DB
routers2 -- routers2A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.2018-01-24not yet calculatedCVE-2018-6193
MISC
rubrik – cdmA man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.2018-01-22not yet calculatedCVE-2018-5761
CONFIRM
CONFIRM
rubygems -- rails_gemAn exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12097
BID
MISC
rubygems -- rails_gemAn exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12098
BID
MISC
seelook -- nootkaNootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2018-01-26not yet calculatedCVE-2018-0506
JVN
siemens -- telecontrol_server_basicA vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.2018-01-25not yet calculatedCVE-2018-4837
BID
CONFIRM
siemens -- telecontrol_server_basicA vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.2018-01-25not yet calculatedCVE-2018-4835
CONFIRM
siemens -- telecontrol_server_basicA vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.2018-01-25not yet calculatedCVE-2018-4836
CONFIRM
silverstripe -- silverstripeIn the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.2018-01-23not yet calculatedCVE-2017-18049
EXPLOIT-DB
MISC
sophos -- puremessage_for_unixCross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-26not yet calculatedCVE-2016-6217
CONFIRM
soyket_chowdhury -- vehicle_sales_management_systemSoyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.2018-01-24not yet calculatedCVE-2017-1000474
MISC
subsonic -- subsonicSubsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data.2018-01-22not yet calculatedCVE-2018-6014
MISC
MISC
sugarcrm -- sugarcrm_community_editionMultiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.2018-01-25not yet calculatedCVE-2018-6308
MISC
symantec -- reporterSymantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.2018-01-23not yet calculatedCVE-2017-15531
BID
CONFIRM
tinder -- tinderFixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.2018-01-24not yet calculatedCVE-2018-6018
MISC
MISC
tinder -- tinderUnencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.2018-01-24not yet calculatedCVE-2018-6017
MISC
MISC
tinysvcmds -- tinysvcmdsAn exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.2018-01-19not yet calculatedCVE-2017-12130
BID
MISC
trend_micro -- mobile_securityAn uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.2018-01-19not yet calculatedCVE-2017-14082
BID
MISC
CONFIRM
trend_micro -- smart_protection_serverA session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.2018-01-19not yet calculatedCVE-2017-11398
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_serverA vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.2018-01-19not yet calculatedCVE-2017-14094
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_serverA stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.2018-01-19not yet calculatedCVE-2017-14096
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_serverA vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.2018-01-19not yet calculatedCVE-2017-14095
BID
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_server
 
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.2018-01-19not yet calculatedCVE-2017-14097
BID
CONFIRM
MISC
EXPLOIT-DB
unbound -- unboundA flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.2018-01-23not yet calculatedCVE-2017-15105
BID
CONFIRM
vbulletin -- vbulletinvBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.2018-01-24not yet calculatedCVE-2018-6200
MISC
w3m_project -- w3mw3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.2018-01-24not yet calculatedCVE-2018-6198
CONFIRM
CONFIRM
CONFIRM
w3m_project -- w3mw3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.2018-01-24not yet calculatedCVE-2018-6196
CONFIRM
CONFIRM
w3m_project -- w3mw3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.2018-01-24not yet calculatedCVE-2018-6197
CONFIRM
CONFIRM
wbce_cms -- wbce_cmsCross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.2018-01-25not yet calculatedCVE-2018-6313
MISC
wildfly -- wildflyA flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.2018-01-24not yet calculatedCVE-2018-1047
CONFIRM
CONFIRM
wondercms -- wondercmsWonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages.2018-01-26not yet calculatedCVE-2017-14523
MISC
wondercms -- wondercmsIn WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.2018-01-26not yet calculatedCVE-2017-14521
MISC
wondercms -- wondercmsIn WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript.2018-01-26not yet calculatedCVE-2017-14522
MISC
wordpress -- wordpressThe Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).2018-01-22not yet calculatedCVE-2018-6002
MISC
wordpress -- wordpressAn issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.2018-01-26not yet calculatedCVE-2018-6015
MISC
wordpress -- wordpressThe Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter).2018-01-22not yet calculatedCVE-2018-6001
MISC
wordpress -- wordpressThe acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.2018-01-27not yet calculatedCVE-2018-6357
MISC
MISC
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12184
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12186
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12183
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12178
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12182
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12187
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12179
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12185
CONFIRM
CONFIRM
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12176
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12180
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12177
CONFIRM
CONFIRM
GENTOO
DEBIAN
x.org -- x11_serverxorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.2018-01-24not yet calculatedCVE-2017-12181
CONFIRM
CONFIRM
GENTOO
DEBIAN
yii_framework -- yii_frameworkIn Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.2018-01-22not yet calculatedCVE-2018-6010
CONFIRM
yii_framework -- yii_frameworkIn Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.2018-01-22not yet calculatedCVE-2018-6009
CONFIRM
zeit_next.js -- zeit_next.jsZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.2018-01-24not yet calculatedCVE-2018-6184
CONFIRM
zenario -- zenarioZenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.2018-01-21not yet calculatedCVE-2018-5960
MISC
zillya! -- zillya!_antivirusIn Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424.2018-01-21not yet calculatedCVE-2018-5958
MISC
zillya! -- zillya!_antivirusIn Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.2018-01-21not yet calculatedCVE-2018-5957
MISC
zillya! -- zillya!_antivirusIn Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414.2018-01-21not yet calculatedCVE-2018-5956
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top