U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB18-064)

Vulnerability Summary for the Week of February 26, 2018

Original release date: March 05, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.2018-02-235.0CVE-2018-7321
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.2018-02-235.0CVE-2018-7322
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.2018-02-235.0CVE-2018-7323
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.2018-02-235.0CVE-2018-7324
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.2018-02-235.0CVE-2018-7325
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.2018-02-235.0CVE-2018-7326
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.2018-02-235.0CVE-2018-7327
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.2018-02-235.0CVE-2018-7328
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.2018-02-235.0CVE-2018-7329
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.2018-02-235.0CVE-2018-7330
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.2018-02-235.0CVE-2018-7331
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.2018-02-235.0CVE-2018-7332
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.2018-02-235.0CVE-2018-7333
BID
CONFIRM
CONFIRM
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
alibaba_clone_script_project -- alibaba_clone_scriptCross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.2018-02-233.5CVE-2018-6867
EXPLOIT-DB
groupon_clone_script_project -- groupon_clone_scriptCross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.2018-02-233.5CVE-2018-6868
EXPLOIT-DB
learning_and_examination_management_system_script_project -- learning_and_examination_management_system_scriptCross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.2018-02-233.5CVE-2018-6866
EXPLOIT-DB
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3cx -- 3cx
 
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.2018-03-03not yet calculatedCVE-2018-7654
MISC
MISC
xpdfreader -- acroform
 
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7453
MISC
activepdf -- activepdf
 
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.2018-02-28not yet calculatedCVE-2018-7264
FULLDISC
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handless TIFF data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4916
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4915
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4913
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4914
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.2018-02-27not yet calculatedCVE-2018-4910
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.2018-02-27not yet calculatedCVE-2018-4911
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4908
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4909
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4912
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.2018-02-27not yet calculatedCVE-2018-4872
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4905
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4899
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4883
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data related to graphic object image attributes. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4906
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4904
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4901
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4900
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4903
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4902
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4907
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4889
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4895
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS font processing. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4894
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that parses TIFF metadata. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4897
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4896
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4891
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack.2018-02-27not yet calculatedCVE-2018-4890
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4893
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4888
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to handling of bitmap rectangles. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4886
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Unicode mapping module that is invoked when processing Enhanced Metafile Format (EMF) data (during image conversion). A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4887
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4898
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of Enhanced Metafile Format processing engine (within the image conversion module). A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4885
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contains a malformed JBIG2 stream. Successful exploitation could lead to arbitrary code execution.2018-02-27not yet calculatedCVE-2018-4892
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data that embeds an image in the bitmap (BMP) file format. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4884
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that reads bitmap image file (BMP) data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4881
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4882
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the conversion module that reads U3D data. A successful attack can lead to sensitive data exposure.2018-02-27not yet calculatedCVE-2018-4880
BID
SECTRACK
CONFIRM
adobe -- acrobat_reader
 
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2018-02-27not yet calculatedCVE-2018-4879
BID
SECTRACK
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.2018-02-27not yet calculatedCVE-2018-4875
BID
SECTRACK
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.2018-02-27not yet calculatedCVE-2018-4876
BID
SECTRACK
CONFIRM
amazon -- music_player
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.2018-03-01not yet calculatedCVE-2018-1169
MISC
gnu -- binutils
 
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.2018-03-02not yet calculatedCVE-2018-7642
MISC
MISC
apache -- tomcat
 
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.2018-02-28not yet calculatedCVE-2018-1304
BID
SECTRACK
MISC
apache -- tomcat
 
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.2018-02-23not yet calculatedCVE-2018-1305
BID
SECTRACK
MISC
apache -- geode
 
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.2018-02-25not yet calculatedCVE-2017-15696
MISC
apache -- geode
 
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.2018-02-27not yet calculatedCVE-2017-15692
MLIST
apache -- geode
 
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.2018-02-27not yet calculatedCVE-2017-15693
MLIST
apache -- james
 
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.2018-02-27not yet calculatedCVE-2012-3536
MISC
MISC
apache -- openmeetings
 
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.2018-02-28not yet calculatedCVE-2018-1286
MLIST
apache -- traffic_server
 
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.2018-02-27not yet calculatedCVE-2017-7671
MLIST
DEBIAN
apache -- traffic_server
 
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.2018-02-27not yet calculatedCVE-2017-5660
MLIST
DEBIAN
apache -- xerces-c_xml_parser_library
 
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.2018-03-01not yet calculatedCVE-2017-12627
MLIST
CONFIRM
asanhamayesh_cms -- asanhamayesh_cms
 
SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.2018-02-26not yet calculatedCVE-2018-7463
MISC
axxonsoft_client -- axxon_next
 
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.2018-02-27not yet calculatedCVE-2018-7467
MISC
blackcat_development -- blackcat_cms
 
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.2018-02-28not yet calculatedCVE-2015-5079
MISC
BUGTRAQ
MISC
blue_river -- mura_cms
 
Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.2018-02-26not yet calculatedCVE-2018-7486
MISC
bonitasoft -- bonita_bpmMultiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.2018-02-28not yet calculatedCVE-2015-3898
MISC
BUGTRAQ
MISC
suse -- linux_enterprise_software_development_kit_and_opensuse_leap
 
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.2018-03-01not yet calculatedCVE-2017-14804
SUSE
SUSE
SUSE
citrix -- netscaler
 
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.2018-03-01not yet calculatedCVE-2018-5314
BID
SECTRACK
CONFIRM
cimg -- cimg
 
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.2018-03-01not yet calculatedCVE-2018-7587
MISC
cimg -- cimg
 
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.2018-03-01not yet calculatedCVE-2018-7589
MISC
MISC
cimg -- cimg
 
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.2018-03-02not yet calculatedCVE-2018-7640
MISC
cimg -- cimg
 
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.2018-03-02not yet calculatedCVE-2018-7639
MISC
cimg -- cimg
 
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.2018-03-02not yet calculatedCVE-2018-7637
MISC
cimg -- cimg
 
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.2018-03-02not yet calculatedCVE-2018-7638
MISC
cimg -- cimg
 
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.2018-03-01not yet calculatedCVE-2018-7588
MISC
MISC
cimg -- cimg
 
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.2018-03-02not yet calculatedCVE-2018-7641
MISC
cms_made_simple -- cms_made_simple
 
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.2018-02-26not yet calculatedCVE-2018-7448
MISC
MISC
EXPLOIT-DB
comforte -- swap
 
comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used on HPE NonStop systems and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.2018-02-28not yet calculatedCVE-2018-6653
CONFIRM
concrete5 -- concrete5
 
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.2018-02-26not yet calculatedCVE-2017-18195
MISC
MISC
MISC
EXPLOIT-DB
suse -- linux_enterprise_server_for_sap
 
In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.2018-03-01not yet calculatedCVE-2017-9270
CONFIRM
SUSE
CONFIRM
dayrui -- finecms
 
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.2018-02-25not yet calculatedCVE-2018-7476
MISC
MISC
design_science -- mathtype
 
A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6638
MISC
MISC
design_science -- mathtype
 
An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6639
MISC
MISC
design_science -- mathtype
 
An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6641
MISC
MISC
design_science -- mathtype
 
A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d.2018-02-28not yet calculatedCVE-2018-6640
MISC
MISC
pegasystems -- pega_platform_designer_studio
 
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.2018-02-27not yet calculatedCVE-2017-17478
CONFIRM
flexense -- disksavvy_enterprise 
 
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.2018-02-27not yet calculatedCVE-2018-6481
MISC
MISC
EXPLOIT-DB
MISC
dovecot -- dovecot
 
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.2018-03-02not yet calculatedCVE-2017-15130
MLIST
CONFIRM
DEBIAN
MLIST
dovecot -- dovecot
 
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.2018-03-02not yet calculatedCVE-2017-14461
MISC
DEBIAN
MLIST
drupal -- drupal
 
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.2018-03-01not yet calculatedCVE-2017-6931
MISC
drupal -- drupal
 
In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.2018-03-01not yet calculatedCVE-2017-6926
MISC
drupal -- drupal
 
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.2018-03-01not yet calculatedCVE-2017-6929
MLIST
DEBIAN
MISC
drupal -- drupal
 
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.2018-03-01not yet calculatedCVE-2017-6932
MLIST
DEBIAN
MISC
drupal -- drupal
 
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().2018-03-01not yet calculatedCVE-2017-6930
MISC
drupal -- drupal
 
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.2018-03-01not yet calculatedCVE-2017-6928
MLIST
DEBIAN
MISC
drupal -- drupal
 
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.2018-03-01not yet calculatedCVE-2017-6927
BID
MLIST
DEBIAN
MISC
dualdesk -- dualdesk
 
Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500.2018-03-03not yet calculatedCVE-2018-7583
EXPLOIT-DB
gnu -- binutils
 
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.2018-03-02not yet calculatedCVE-2018-7643
MISC
gnu -- binutils
 
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.2018-02-28not yet calculatedCVE-2018-7568
MISC
gnu -- binutils
 
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.2018-02-28not yet calculatedCVE-2018-7569
MISC
gnu -- binutils
 
The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.2018-02-28not yet calculatedCVE-2018-7570
MISC
MISC
enalean -- tuleap
 
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.2018-03-01not yet calculatedCVE-2018-7634
CONFIRM
exponent_cms -- exponent_cms 
 
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.2018-03-03not yet calculatedCVE-2017-18213
MISC
MISC
f5 -- big-ip
 
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.2018-03-01not yet calculatedCVE-2017-6154
CONFIRM
f5 -- big-ip
 
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).2018-03-01not yet calculatedCVE-2017-6150
CONFIRM
f5 -- big-ip
 
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.2018-03-01not yet calculatedCVE-2018-5501
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.2018-03-01not yet calculatedCVE-2018-5500
CONFIRM
fasterxml_jackson-databind -- fasterxml_jackson-databind
 
FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.2018-02-26not yet calculatedCVE-2018-7489
CONFIRM
ffmpeg -- ffmpeg
 
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.2018-02-28not yet calculatedCVE-2018-7557
CONFIRM
foxit -- mobilepdf
 
A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this.2018-02-26not yet calculatedCVE-2017-16813
CONFIRM
foxit -- mobilepdf
 
A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files.2018-02-26not yet calculatedCVE-2017-16814
CONFIRM
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.2018-02-23not yet calculatedCVE-2018-7439
MISC
MISC
MLIST
DEBIAN
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.2018-02-23not yet calculatedCVE-2018-7435
MISC
MISC
MLIST
DEBIAN
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.2018-02-23not yet calculatedCVE-2018-7437
MISC
MISC
MLIST
DEBIAN
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.2018-02-23not yet calculatedCVE-2018-7438
MISC
MISC
MLIST
DEBIAN
freexl -- freexl
 
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.2018-02-23not yet calculatedCVE-2018-7436
MISC
MISC
MLIST
DEBIAN
ftpshell -- ftpshell
 
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.2018-03-01not yet calculatedCVE-2018-7573
MISC
gnu -- libcdio
 
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.2018-02-24not yet calculatedCVE-2017-18198
CONFIRM
BID
CONFIRM
gnu -- libcdio
 
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.2018-02-26not yet calculatedCVE-2017-18201
BID
CONFIRM
gnu -- libcdio
 
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.2018-02-24not yet calculatedCVE-2017-18199
CONFIRM
BID
CONFIRM
hoosk -- hoosk
 
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.2018-03-01not yet calculatedCVE-2018-7590
MISC
volkswagen -- customer_link_app_and_htc_customer-link_bridge
 
This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264.2018-03-01not yet calculatedCVE-2018-1170
MISC
tenda -- ac9_devices
 
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.2018-03-01not yet calculatedCVE-2018-7561
MISC
ibm -- bigfix_platform
 
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.2018-02-28not yet calculatedCVE-2016-0291
CONFIRM
XF
ibm -- bigfix_platform
 
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.2018-02-28not yet calculatedCVE-2016-0295
CONFIRM
XF
ibm -- daeja_viewone_professional
 
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435.2018-02-27not yet calculatedCVE-2018-1399
CONFIRM
MISC
ibm -- publishing_engine
 
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.2018-03-02not yet calculatedCVE-2017-1787
CONFIRM
MISC
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.2018-02-27not yet calculatedCVE-2018-1372
CONFIRM
MISC
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773.2018-03-02not yet calculatedCVE-2018-1373
CONFIRM
BID
MISC
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778.2018-02-26not yet calculatedCVE-2018-1377
CONFIRM
MISC
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818.2018-02-26not yet calculatedCVE-2017-1774
CONFIRM
MISC
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.2018-02-27not yet calculatedCVE-2018-1425
CONFIRM
MISC
ibm -- spectrum_scale
 
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.2018-03-02not yet calculatedCVE-2017-1654
CONFIRM
MISC
ibm -- tririga_application_platform
 
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382.2018-02-28not yet calculatedCVE-2016-0299
CONFIRM
XF
ibm -- websphere_portal
 
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.2018-02-27not yet calculatedCVE-2018-1416
CONFIRM
BID
MISC
icinga -- icinga
 
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.2018-02-27not yet calculatedCVE-2018-6535
CONFIRM
CONFIRM
icinga -- icinga
 
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.2018-02-27not yet calculatedCVE-2018-6532
CONFIRM
icinga -- icinga
 
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).2018-02-27not yet calculatedCVE-2018-6533
CONFIRM
icinga -- icinga
 
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.2018-02-27not yet calculatedCVE-2018-6534
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.2018-03-01not yet calculatedCVE-2017-18210
MISC
imagemagick -- imagemagick
 
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.2018-03-01not yet calculatedCVE-2017-18211
MISC
imagemagick -- imagemagick
 
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.2018-03-01not yet calculatedCVE-2017-18209
MISC
imagemagick -- imagemagick
 
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).2018-02-23not yet calculatedCVE-2018-7443
MISC
MLIST
imagemagick -- imagemagick
 
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.2018-02-25not yet calculatedCVE-2018-7470
CONFIRM
sam2p -- sam2p
 
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-26not yet calculatedCVE-2018-7487
MISC
wondercms -- wondercms
 
In index.php in WonderCMS 2.4.0, remote attackers can delete arbitrary files via directory traversal.2018-02-27not yet calculatedCVE-2018-7172
MISC
input-bmp.ci -- input-bmp.ci
 
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7554
MISC
MISC
invt_studio -- invt_studio
 
INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.2018-02-25not yet calculatedCVE-2018-7472
MISC
jerryscript -- jerryscript
 
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.2018-03-01not yet calculatedCVE-2017-18212
MISC
xpdfreader -- xpdf
 
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7455
MISC
xpdfreader -- xpdf
 
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7452
MISC
kingview -- kingview
 
KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations.2018-02-25not yet calculatedCVE-2018-7471
MISC
libtiff -- libtiff
 
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)2018-02-24not yet calculatedCVE-2018-7456
MISC
MISC
libzypp -- libzypp
 
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.2018-03-01not yet calculatedCVE-2017-7436
CONFIRM
SUSE
CONFIRM
libzypp -- libzypp
 
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.2018-03-01not yet calculatedCVE-2017-7435
CONFIRM
SUSE
CONFIRM
libzypp -- libzypp
 
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.2018-03-01not yet calculatedCVE-2017-9269
CONFIRM
SUSE
CONFIRM
limesurvey -- limesurvey
 
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.2018-02-28not yet calculatedCVE-2018-7556
CONFIRM
linux -- linux_kernel
 
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.2018-03-01not yet calculatedCVE-2017-18208
MISC
MISC
MISC
linux -- linux_kernel
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.2018-02-23not yet calculatedCVE-2017-15829
BID
CONFIRM
linux -- linux_kernel
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.2018-02-23not yet calculatedCVE-2017-15820
BID
CONFIRM
linux -- linux_kernel
 
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.2018-03-02not yet calculatedCVE-2018-1066
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.2018-03-02not yet calculatedCVE-2018-1065
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.2018-02-27not yet calculatedCVE-2017-18204
MISC
BID
MISC
MISC
linux -- linux_kernel
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.2018-02-23not yet calculatedCVE-2017-14884
BID
CONFIRM
linux -- linux_kernel
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.2018-02-23not yet calculatedCVE-2017-15817
BID
CONFIRM
linux -- linux_kernel
 
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.2018-02-26not yet calculatedCVE-2018-7492
MISC
BID
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.2018-02-27not yet calculatedCVE-2017-18203
MISC
MISC
MISC
linux -- linux_kernel
 
The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.2018-02-25not yet calculatedCVE-2017-18200
CONFIRM
CONFIRM
linux -- linux_kernel
 
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.2018-02-27not yet calculatedCVE-2017-18202
MISC
BID
MISC
MISC
linux -- linux_kernel 
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.2018-02-23not yet calculatedCVE-2017-17767
BID
CONFIRM
linux -- linux_kernel 
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.2018-02-23not yet calculatedCVE-2017-17765
BID
CONFIRM
linux -- linux_kernel 
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.2018-02-23not yet calculatedCVE-2017-17764
BID
CONFIRM
linux -- linux_kernel
 
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.2018-02-25not yet calculatedCVE-2018-7480
MISC
MISC
policycoreutils -- policycoreutils
 
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.2018-03-02not yet calculatedCVE-2018-1063
CONFIRM
lyadmin -- lyadmin
 
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.2018-02-27not yet calculatedCVE-2018-7547
MISC
sam2p -- sam2p
 
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7552
MISC
MISC
micro_focus -- operations_orchestration_software
 
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.2018-03-01not yet calculatedCVE-2018-6490
CONFIRM
MISC
microsoft -- identity_manager
 
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."2018-02-26not yet calculatedCVE-2018-0908
BID
CONFIRM
microsoft -- safenet_authentication_service_end_user_software_tools_for_windows
 
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7596
MISC
MISC
CONFIRM
microsoft -- safenet_authentication_service_for_ad_fs_agent
 
SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7963
MISC
MISC
CONFIRM
gemalto -- safenet_authentication_service_for_citrix_web_interface_agent
 
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7967
MISC
MISC
CONFIRM
gemalto -- safenet_authentication_service_for_outlook_web_app_agent
 
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7962
MISC
MISC
CONFIRM
gemalto -- safenet_authentication_service_iis_agent
 
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7597
MISC
MISC
CONFIRM
gemalto -- safenet_authentication_service_remote_web_workplace_agent
 
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7961
MISC
MISC
CONFIRM
gemalto -- safenet_authentication_service_token_validator_proxy_agent
 
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7598
MISC
MISC
CONFIRM
gemalto -- safenet_authentication_service_windows_logon_agent
 
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966.2018-03-02not yet calculatedCVE-2015-7965
MISC
MISC
CONFIRM
gemalto -- safenet_authentication_service_windows_logon_agent
 
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965.2018-03-02not yet calculatedCVE-2015-7966
MISC
MISC
CONFIRM
gemalto -- safenet_authetication_service_for_nps_agent
 
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.2018-03-02not yet calculatedCVE-2015-7964
MISC
MISC
CONFIRM
microsoft -- windows
 
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.2018-02-26not yet calculatedCVE-2018-7249
MISC
microsoft -- windows
 
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.2018-02-26not yet calculatedCVE-2018-7250
MISC
sam2p -- sam2p
 
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7551
MISC
MISC
openjpeg -- openjpeg
 
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.2018-03-02not yet calculatedCVE-2018-7648
MISC
MISC
micro_focus -- netiq_access_manager
 
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.2018-03-02not yet calculatedCVE-2017-14801
CONFIRM
micro_focus -- netiq_access_manager
 
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.2018-03-01not yet calculatedCVE-2017-14800
CONFIRM
micro_focus -- netiq_edirectory_pki
 
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.2018-03-02not yet calculatedCVE-2017-7429
CONFIRM
CONFIRM
CONFIRM
micro_focus -- netiq_edirectory
 
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.2018-03-02not yet calculatedCVE-2017-9285
CONFIRM
CONFIRM
CONFIRM
micro_focus -- netiq_identity_manager
 
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.2018-03-02not yet calculatedCVE-2017-9279
CONFIRM
CONFIRM
micro_focus -- netiq_identity_manager
 
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.2018-03-01not yet calculatedCVE-2017-7426
CONFIRM
micro_focus -- netiq_identity_manager
 
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.2018-03-02not yet calculatedCVE-2017-9280
CONFIRM
CONFIRM
micro_focus -- netiq_identity_manager
 
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.2018-03-02not yet calculatedCVE-2017-7434
CONFIRM
CONFIRM
micro_focus -- netiq_access_manager
 
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.2018-03-02not yet calculatedCVE-2017-7419
CONFIRM
CONFIRM
micro_focus -- netiq_access_manager
 
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.2018-03-01not yet calculatedCVE-2017-14799
CONFIRM
micro_focus -- netiq_identity_manager
 
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.2018-03-02not yet calculatedCVE-2017-9278
CONFIRM
CONFIRM
micro_focus -- netiq_imanager
 
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.2018-03-02not yet calculatedCVE-2017-5189
CONFIRM
CONFIRM
micro_focus -- netiq_privileged_account_manager
 
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.2018-03-02not yet calculatedCVE-2017-7438
CONFIRM
CONFIRM
node.js -- node.js
 
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.2018-03-03not yet calculatedCVE-2018-7651
CONFIRM
CONFIRM
CONFIRM
micro_focus -- novell_access_manager_admin_console_and_idp_servers
 
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.2018-03-02not yet calculatedCVE-2017-14802
CONFIRM
micro_focus -- novell_access_manager_imanager
 
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.2018-03-02not yet calculatedCVE-2017-9276
CONFIRM
micro_focus -- novell_edirectory
 
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.2018-03-02not yet calculatedCVE-2017-9267
CONFIRM
micro_focus -- novell_edirectory
 
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.2018-03-02not yet calculatedCVE-2017-9277
CONFIRM
CONFIRM
CONFIRM
microsoft -- windows
 
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.2018-02-28not yet calculatedCVE-2018-6947
EXPLOIT-DB
EXPLOIT-DB
MISC
CONFIRM
CONFIRM
CONFIRM
suse -- linux_enterprise_software_development_kit
 
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.2018-03-01not yet calculatedCVE-2017-9274
CONFIRM
SUSE
CONFIRM
open_build_service -- open_build_service 
 
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).2018-03-01not yet calculatedCVE-2017-9268
CONFIRM
CONFIRM
open_buildservice -- open_buildservice
 
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.2018-03-01not yet calculatedCVE-2017-5188
CONFIRM
CONFIRM
CONFIRM
open_buildservice -- open_buildservice
 
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.2018-03-02not yet calculatedCVE-2015-0796
CONFIRM
CONFIRM
suse -- opensuse_leap
 
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.2018-03-01not yet calculatedCVE-2017-9286
CONFIRM
SUSE
CONFIRM
parallels -- remote_application_server
 
In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences.2018-02-28not yet calculatedCVE-2017-9447
MISC
phpscriptsmall.com -- entrepreneur_job_portal_script
 
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).2018-02-28not yet calculatedCVE-2018-7469
MISC
phpscriptsmall.com -- school_management_script
 
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.2018-02-28not yet calculatedCVE-2018-7477
EXPLOIT-DB
php -- php
 
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.2018-03-01not yet calculatedCVE-2018-7584
CONFIRM
BID
CONFIRM
CONFIRM
phpscriptsmall.com -- schools_alert_management_script
 
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.2018-02-23not yet calculatedCVE-2018-6859
MISC
EXPLOIT-DB
piwigo -- piwigo
 
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.2018-02-24not yet calculatedCVE-2018-6883
MISC
MISC
piwigo -- piwigo
 
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.2018-02-25not yet calculatedCVE-2017-9426
MISC
EXPLOIT-DB
MISC
piwigo -- piwigo
 
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.2018-02-25not yet calculatedCVE-2017-9425
MISC
EXPLOIT-DB
MISC
postgresql -- postgresql
 
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.2018-03-02not yet calculatedCVE-2018-1058
CONFIRM
CONFIRM
postgresql -- postgresql
 
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.2018-03-01not yet calculatedCVE-2017-14798
SUSE
CONFIRM
CONFIRM
prestashop -- prestashop
 
In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values.2018-02-26not yet calculatedCVE-2018-7491
MISC
MISC
purevpn -- purevpn
 
An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking.2018-02-25not yet calculatedCVE-2018-7484
MISC
MISC
qemu -- qemu
 
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.2018-03-01not yet calculatedCVE-2018-7550
BID
CONFIRM
MLIST
red_hat -- satellite_6
 
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.2018-02-27not yet calculatedCVE-2017-15136
CONFIRM
ruby -- ruby
 
In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.2018-02-26not yet calculatedCVE-2017-16229
MISC
MISC
sam2p -- sam2p
 
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.2018-02-28not yet calculatedCVE-2018-7553
MISC
MISC
sap -- basis
 
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.2018-03-01not yet calculatedCVE-2018-2367
BID
CONFIRM
CONFIRM
sap -- crm
 
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.2018-03-01not yet calculatedCVE-2018-2380
BID
CONFIRM
CONFIRM
sap -- netweaver_portal
 
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2018-03-01not yet calculatedCVE-2018-2365
BID
CONFIRM
CONFIRM
sap -- netweaver_system_landscape_directory
 
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.2018-03-01not yet calculatedCVE-2018-2368
BID
CONFIRM
CONFIRM
segger -- embos/ip_ftp_server
 
SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.2018-03-03not yet calculatedCVE-2018-7449
EXPLOIT-DB
shibboleth -- service_provider
 
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.2018-02-27not yet calculatedCVE-2018-0489
BID
SECTRACK
MLIST
CONFIRM
DEBIAN
synology -- surveillance_station
 
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.2018-02-27not yet calculatedCVE-2017-16770
CONFIRM
synology -- surveillance_station
 
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.2018-02-27not yet calculatedCVE-2017-16767
CONFIRM
testlink -- testlink
 
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.2018-02-25not yet calculatedCVE-2018-7466
MISC
unisys -- clearpath_mcp_systems
 
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.2018-02-26not yet calculatedCVE-2018-5762
CONFIRM
unixodbc -- unixodbc
 
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.2018-02-26not yet calculatedCVE-2018-7485
BID
MISC
uwsgi -- uwsgi 
 
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.2018-02-26not yet calculatedCVE-2018-7490
CONFIRM
vesta_control_panel -- vesta_control_panel
 
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.2018-02-28not yet calculatedCVE-2015-4117
CONFIRM
EXPLOIT-DB
MISC
red_hat --cloudforms
 
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.2018-02-28not yet calculatedCVE-2017-12191
REDHAT
CONFIRM
389-ds-base -- 389-ds-base 
 
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.2018-03-01not yet calculatedCVE-2017-15134
BID
REDHAT
CONFIRM
MISC
wireless_ip_camera_360 -- wireless_ip_camera_360_devices
 
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.2018-02-26not yet calculatedCVE-2017-11634
MISC
wireless_ip_camera_360 -- wireless_ip_camera_360_devices
 
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.2018-02-26not yet calculatedCVE-2017-11635
MISC
wireless_ip_camera_360 -- wireless_ip_camera_360_devices
 
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.2018-02-26not yet calculatedCVE-2017-11632
MISC
wireless_ip_camera_360 -- wireless_ip_camera_360_devices
 
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.2018-02-26not yet calculatedCVE-2017-11633
MISC
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.2018-02-23not yet calculatedCVE-2018-7420
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.2018-02-23not yet calculatedCVE-2018-7419
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.2018-02-23not yet calculatedCVE-2018-7417
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.2018-02-23not yet calculatedCVE-2018-7418
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.2018-02-23not yet calculatedCVE-2018-7337
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.2018-02-23not yet calculatedCVE-2018-7334
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.2018-02-23not yet calculatedCVE-2018-7336
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.2018-02-23not yet calculatedCVE-2018-7335
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.2018-02-23not yet calculatedCVE-2018-7320
BID
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress
 
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.2018-03-02not yet calculatedCVE-2018-7433
MISC
wordpress -- wordpress
 
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.2018-03-01not yet calculatedCVE-2018-7586
CONFIRM
wowza_media_systems -- wowza_streaming_engine
 
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.2018-03-01not yet calculatedCVE-2018-7049
MISC
MISC
wowza_media_systems -- wowza_streaming_engine
 
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.2018-03-01not yet calculatedCVE-2018-7048
MISC
MISC
wowza_media_systems -- wowza_streaming_engine
 
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).2018-03-01not yet calculatedCVE-2018-7047
MISC
MISC
xen -- xen
 
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.2018-02-27not yet calculatedCVE-2018-7542
CONFIRM
xen -- xen
 
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.2018-02-27not yet calculatedCVE-2018-7541
CONFIRM
xen -- xen
 
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.2018-02-27not yet calculatedCVE-2018-7540
CONFIRM
xpdf -- xpdf
 
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.2018-02-24not yet calculatedCVE-2018-7454
MISC
yzmcms -- yzmcms
 
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.2018-03-01not yet calculatedCVE-2018-7579
MISC
yzmcms -- yzmcms
 
YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.2018-02-25not yet calculatedCVE-2018-7479
MISC
zonemaster -- zonemaster_web_gui
 
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.2018-03-03not yet calculatedCVE-2018-7652
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zsh -- zsh
 
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.2018-02-27not yet calculatedCVE-2017-18205
MISC
zsh -- zsh
 
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.2018-02-27not yet calculatedCVE-2014-10071
MISC
zsh -- zshIn params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.2018-02-27not yet calculatedCVE-2018-7549
MISC
zsh -- zsh
 
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.2018-02-27not yet calculatedCVE-2018-7548
MISC
zsh -- zsh
 
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.2018-02-27not yet calculatedCVE-2014-10072
MISC
zsh -- zsh
 
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.2018-02-27not yet calculatedCVE-2017-18206
MISC
zsh -- zsh
 
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.2018-02-27not yet calculatedCVE-2014-10070
MISC
MISC
zsh -- zsh
 
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.2018-02-27not yet calculatedCVE-2016-10714
MISC
zypper -- zypper
 
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.2018-03-01not yet calculatedCVE-2017-9271
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top