U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB18-078)

Vulnerability Summary for the Week of March 12, 2018

Original release date: March 19, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10-strike -- network_monitor
 
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.2018-03-12not yet calculatedCVE-2018-6016
FULLDISC
abine_blur -- abine_blur
 
The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured.2018-03-11not yet calculatedCVE-2018-7213
MISC
MISC
afflib -- afflib
 
The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.2018-03-11not yet calculatedCVE-2018-8050
MISC
ajenti -- ajenti
 
Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.2018-03-13not yet calculatedCVE-2018-1000126
MISC
ajenti -- ajenti
 
Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter ..2018-03-13not yet calculatedCVE-2018-1000081
MISC
ajenti -- ajenti
 
Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.2018-03-13not yet calculatedCVE-2018-1000080
MISC
ajenti -- ajenti
 
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.2018-03-13not yet calculatedCVE-2018-1000083
MISC
ajenti -- ajenti
 
Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed..2018-03-13not yet calculatedCVE-2018-1000082
MISC
alienvault -- alienvault
 
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.2018-03-14not yet calculatedCVE-2018-7279
CONFIRM
CONFIRM
apache -- alluraIn Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.2018-03-15not yet calculatedCVE-2018-1319
MLIST
apache -- commons_compressA specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.2018-03-16not yet calculatedCVE-2018-1324
MLIST
apache -- http_server_mod_cluster
 
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.2018-03-09not yet calculatedCVE-2016-8612
REDHAT
BID
REDHAT
REDHAT
CONFIRM
apache -- tomcat_jk_isapi_connectorThe IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.2018-03-12not yet calculatedCVE-2018-1323
BID
MISC
appweb -- appweb
 
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.2018-03-14not yet calculatedCVE-2018-8715
MISC
MISC
asus -- rt-n14uhp_devices
 
ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter.2018-03-16not yet calculatedCVE-2017-12590
MISC
asyncssh -- asyncssh
 
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.2018-03-12not yet calculatedCVE-2018-7749
CONFIRM
MLIST
atlassian -- jira
 
The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.2018-03-16not yet calculatedCVE-2016-10716
MISC
MISC
atlassian -- jira
 
The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.2018-03-16not yet calculatedCVE-2016-10715
MISC
aurea -- jive-n
 
The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files.2018-03-12not yet calculatedCVE-2018-5758
MISC
authentikat-jwt -- authentikat-jwt
 
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.2018-03-17not yet calculatedCVE-2017-18239
MISC
MISC
MISC
bitdefender -- bitdefender
 
BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group.2018-03-12not yet calculatedCVE-2018-6183
FULLDISC
bitmessage -- pybitmessage
 
Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. This attack appears to be exploitable via remote attacker using a malformed message which must be processed by the victim - e.g. arrive from any sender on bitmessage network. This vulnerability appears to have been fixed in v0.6.3.2018-03-13not yet calculatedCVE-2018-1000070
MISC
blackberry -- uem_management_console
 
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.2018-03-13not yet calculatedCVE-2017-17442
CONFIRM
bmc_remedy -- ar_system
 
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.2018-03-10not yet calculatedCVE-2017-18223
CONFIRM
bmc_remedy -- ar_system
 
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.2018-03-12not yet calculatedCVE-2017-18228
MISC
bui -- bui
 
The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text.2018-03-14not yet calculatedCVE-2018-8108
MISC
bylancer -- bookme_control_panel
 
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.2018-03-17not yet calculatedCVE-2018-8737
MISC
clamav -- clamav
 
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.2018-03-13not yet calculatedCVE-2018-1000085
MLIST
MISC
MLIST
UBUNTU
UBUNTU
cloudme -- cloudme
 
An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892.2018-03-14not yet calculatedCVE-2018-7886
MISC
clusterlabs -- clusterlabs
 
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.2018-03-12not yet calculatedCVE-2017-2661
CONFIRM
CONFIRM
cms_made_simple -- cms_made_simple
 
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.2018-03-11not yet calculatedCVE-2018-8058
MISC
cms_made_simple -- cms_made_simple
 
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6.2018-03-13not yet calculatedCVE-2018-1000092
MISC
cms_made_simple -- cms_made_simple
 
CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.2018-03-11not yet calculatedCVE-2018-7893
MISC
cms_made_simple -- cms_made_simple
 
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.2018-03-12not yet calculatedCVE-2018-1000094
MISC
coppermine -- photo_gallery
 
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-03-16not yet calculatedCVE-2014-4612
CONFIRM
MLIST
MLIST
CONFIRM
BID
CONFIRM
CONFIRM
cryptonote -- cryptonote
 
CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior.2018-03-13not yet calculatedCVE-2018-1000093
MISC
MISC
MISC
curl -- curl
 
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage2018-03-14not yet calculatedCVE-2018-1000122
SECTRACK
CONFIRM
UBUNTU
DEBIAN
curl -- curl
 
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.2018-03-14not yet calculatedCVE-2018-1000120
BID
SECTRACK
CONFIRM
UBUNTU
DEBIAN
curl -- curl
 
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service2018-03-14not yet calculatedCVE-2018-1000121
BID
SECTRACK
CONFIRM
UBUNTU
DEBIAN
datalust -- seq
 
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.2018-03-13not yet calculatedCVE-2018-8096
MISC
MISC
dell -- emc_data_protection_advisor
 
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).2018-03-16not yet calculatedCVE-2017-8013
FULLDISC
BID
SECTRACK
dell -- emc_data_protection_advisor
 
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.2018-03-12not yet calculatedCVE-2018-1206
CONFIRM
BID
SECTRACK
dell -- storage_manager
 
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.2018-03-16not yet calculatedCVE-2017-14384
CONFIRM
delta_electronics -- delta_industrial_automation_dopsoft
 
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.2018-03-15not yet calculatedCVE-2018-5476
BID
MISC
delta_electronics -- delta_industrial_automation_screen_editor
 
An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area.2018-03-15not yet calculatedCVE-2017-16747
BID
MISC
delta_electronics -- delta_industrial_automation_screen_editor
 
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.2018-03-15not yet calculatedCVE-2017-16745
BID
MISC
delta_electronics -- delta_industrial_automation_screen_editor
 
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code.2018-03-15not yet calculatedCVE-2017-16751
BID
MISC
delta_electronics -- delta_industrial_automation_screen_editor
 
A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.2018-03-15not yet calculatedCVE-2017-16749
BID
MISC
dewesoft -- x3_sp1_devices
 
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.2018-03-14not yet calculatedCVE-2018-7756
MISC
EXPLOIT-DB
django -- django
 
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.2018-03-09not yet calculatedCVE-2018-7536
BID
MLIST
UBUNTU
CONFIRM
django -- django
 
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.2018-03-09not yet calculatedCVE-2018-7537
BID
MLIST
UBUNTU
CONFIRM
django-anymail -- django-anymail
 
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.2018-03-13not yet calculatedCVE-2018-1000089
MISC
MISC
doorkeeper -- doorkeeper
 
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.2018-03-13not yet calculatedCVE-2018-1000088
MISC
MISC
MISC
MISC
enalean -- tuleap
 
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.2018-03-12not yet calculatedCVE-2018-7538
FULLDISC
MISC
CONFIRM
EXPLOIT-DB
eve -- eve
 
io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.2018-03-14not yet calculatedCVE-2018-8097
MISC
MISC
exempi -- exempi
 
An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.2018-03-15not yet calculatedCVE-2017-18235
CONFIRM
CONFIRM
exempi -- exempi
 
An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.2018-03-15not yet calculatedCVE-2017-18237
CONFIRM
CONFIRM
exempi -- exempi
 
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.2018-03-15not yet calculatedCVE-2017-18233
CONFIRM
CONFIRM
exempi -- exempi
 
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.2018-03-15not yet calculatedCVE-2017-18238
CONFIRM
CONFIRM
exempi -- exempi
 
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.2018-03-15not yet calculatedCVE-2017-18234
CONFIRM
CONFIRM
exempi -- exempi
 
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.2018-03-15not yet calculatedCVE-2017-18236
CONFIRM
CONFIRM
flexense -- syncbreeze_enterprise
 
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.2018-03-12not yet calculatedCVE-2018-8065
MISC
MISC
foreman -- foreman
 
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.2018-03-12not yet calculatedCVE-2017-2667
CONFIRM
BID
REDHAT
CONFIRM
foxconn -- femtocell
 
One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications.2018-03-10not yet calculatedCVE-2018-6311
MISC
foxconn -- femtocell
 
A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used.2018-03-10not yet calculatedCVE-2018-6312
MISC
freebsd -- freebsd
 
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.2018-03-09not yet calculatedCVE-2018-6916
SECTRACK
FREEBSD
freeplane -- freeplane
 
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the vicim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.2018-03-13not yet calculatedCVE-2018-1000069
MISC
MISC
gemalto -- sentinel_ldk_rte
 
Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service2018-03-13not yet calculatedCVE-2018-6304
MISC
gemalto -- sentinel_ldk_rte
 
Denial of service in Gemalto's Sentinel LDK RTE version before 7.652018-03-13not yet calculatedCVE-2018-6305
MISC
gentoo -- gentooThe Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.2018-03-12not yet calculatedCVE-2017-18225
CONFIRM
gentoo -- gentoo
 
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.2018-03-12not yet calculatedCVE-2017-18226
CONFIRM
glpi_project -- glpiA remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.2018-03-12not yet calculatedCVE-2018-7562
CONFIRM
MISC
glpi_project -- glpi
 
An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.2018-03-12not yet calculatedCVE-2018-7563
CONFIRM
MISC
google -- android
 
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287.2018-03-12not yet calculatedCVE-2017-6287
CONFIRM
google -- android
 
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288.2018-03-12not yet calculatedCVE-2017-6288
CONFIRM
google -- android
 
NVIDIA libnvomx contains a possible out of bounds write due to a missing bounds check which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-64893247. Reference: N-CVE-2017-6286.2018-03-12not yet calculatedCVE-2017-6286
BID
CONFIRM
google -- android
 
NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281.2018-03-12not yet calculatedCVE-2017-6281
BID
CONFIRM
google -- android
 
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285.2018-03-12not yet calculatedCVE-2017-6285
CONFIRM
google -- android
 
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.2018-03-13not yet calculatedCVE-2018-1000109
CONFIRM
graphicsmagick -- graphicsmagick
 
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.2018-03-13not yet calculatedCVE-2017-18229
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick
 
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.2018-03-13not yet calculatedCVE-2017-18230
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick
 
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.2018-03-13not yet calculatedCVE-2017-18231
CONFIRM
CONFIRM
hanwha_techwin -- smartcams
 
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6296
MISC
hanwha_techwin -- smartcams
 
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6302
MISC
hanwha_techwin -- smartcams
 
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6295
MISC
hanwha_techwin -- smartcams
 
Authentication bypass in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6299
MISC
hanwha_techwin -- smartcams
 
Remote code execution in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6298
MISC
hanwha_techwin -- smartcams
 
Unsecured way of firmware update in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6294
MISC
hanwha_techwin -- smartcams
 
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6301
MISC
hanwha_techwin -- smartcams
 
Buffer overflow in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6297
MISC
hanwha_techwin -- smartcams
 
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6303
MISC
hanwha_techwin -- smartcams
 
Remote password change in Hanwha Techwin Smartcams2018-03-13not yet calculatedCVE-2018-6300
MISC
hola -- hola
 
An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.2018-03-12not yet calculatedCVE-2018-6623
FULLDISC
huawei -- cloudengine
 
Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak.2018-03-09not yet calculatedCVE-2016-8784
CONFIRM
BID
huawei -- cloudengine
 
Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.2018-03-09not yet calculatedCVE-2016-8782
CONFIRM
BID
huawei -- ensp
 
Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal.2018-03-09not yet calculatedCVE-2017-17321
CONFIRM
BID
huawei -- honor_6_and_p9_plus
 
Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege.2018-03-09not yet calculatedCVE-2016-8783
CONFIRM
BID
huawei -- mate_9_pro
 
The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone.2018-03-09not yet calculatedCVE-2017-17279
CONFIRM
BID
huawei -- multiple_products
 
Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage.2018-03-09not yet calculatedCVE-2016-8785
CONFIRM
BID
huawei -- multiple_products
 
Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.2018-03-09not yet calculatedCVE-2016-8786
CONFIRM
BID
i_librarian -- i-librarian
 
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.2018-03-13not yet calculatedCVE-2018-1000124
CONFIRM
ibm -- application_performance_management_response_time_monitoring_agent
 
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597.2018-03-13not yet calculatedCVE-2018-1441
CONFIRM
XF
ibm -- business_process_manager
 
IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.2018-03-15not yet calculatedCVE-2015-7463
CONFIRM
XF
ibm -- forms_server
 
Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006.2018-03-15not yet calculatedCVE-2016-0223
CONFIRM
XF
ibm -- infosphere_information_governance_catalog
 
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.2018-03-12not yet calculatedCVE-2016-0250
CONFIRM
XF
ibm -- multiple_products
 
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296.2018-03-15not yet calculatedCVE-2015-7453
CONFIRM
XF
ibm -- multiple_products
 
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604.2018-03-12not yet calculatedCVE-2016-0261
CONFIRM
XF
ibm -- multiple_products
 
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429.2018-03-15not yet calculatedCVE-2015-7471
CONFIRM
XF
ibm -- multiple_products
 
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098.2018-03-15not yet calculatedCVE-2015-7440
CONFIRM
XF
ibm -- notes
 
IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.2018-03-13not yet calculatedCVE-2018-1435
CONFIRM
BID
XF
ibm -- notes
 
IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.2018-03-13not yet calculatedCVE-2018-1437
CONFIRM
BID
XF
ibm -- security_guardium_database_activity_monitor
 
IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.2018-03-12not yet calculatedCVE-2016-0235
CONFIRM
XF
ibm -- security_guardium_database_activity_monitor
 
IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.2018-03-12not yet calculatedCVE-2016-0237
CONFIRM
XF
ibm -- trivoli_workload_automation_for_aix
 
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.2018-03-13not yet calculatedCVE-2018-1386
CONFIRM
XF
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.2018-03-13not yet calculatedCVE-2017-1741
CONFIRM
SECTRACK
XF
ibm -- websphere_portal
 
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.2018-03-13not yet calculatedCVE-2018-1444
SECTRACK
XF
CONFIRM
idm -- ipa
 
Ipa before version 4.4.0-14 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.2018-03-13not yet calculatedCVE-2016-9575
REDHAT
BID
CONFIRM
inversoft -- prime-jwt
 
inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227.2018-03-13not yet calculatedCVE-2018-1000125
CONFIRM
CONFIRM
ios_keychain -- ios_keychain
 
Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf.2018-03-13not yet calculatedCVE-2018-1000123
CONFIRM
iredmail -- iredmail
 
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.2018-03-13not yet calculatedCVE-2018-1000072
MISC
MISC
jasper -- jasper
 
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.2018-03-12not yet calculatedCVE-2016-9600
REDHAT
CONFIRM
jasper -- jasper
 
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.2018-03-09not yet calculatedCVE-2016-9591
BID
REDHAT
CONFIRM
GENTOO
DEBIAN
jboss -- resteasy
 
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.2018-03-09not yet calculatedCVE-2016-9606
REDHAT
REDHAT
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
jenkins -- jenkins
 
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.2018-03-13not yet calculatedCVE-2018-1000108
CONFIRM
jenkins -- jenkins
 
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.2018-03-13not yet calculatedCVE-2018-1000111
CONFIRM
jenkins -- jenkins
 
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.2018-03-13not yet calculatedCVE-2018-1000107
CONFIRM
jenkins -- jenkins
 
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.2018-03-13not yet calculatedCVE-2018-1000106
CONFIRM
jenkins -- jenkins
 
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.2018-03-13not yet calculatedCVE-2018-1000104
CONFIRM
jenkins -- jenkins
 
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.2018-03-13not yet calculatedCVE-2018-1000112
CONFIRM
jenkins -- jenkins
 
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.2018-03-13not yet calculatedCVE-2018-1000105
CONFIRM
jenkins -- jenkins
 
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.2018-03-13not yet calculatedCVE-2018-1000110
CONFIRM
jenkins -- jenkins
 
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript2018-03-13not yet calculatedCVE-2018-1000113
CONFIRM
jenkins -- jenkins
 
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.2018-03-13not yet calculatedCVE-2018-1000114
CONFIRM
jolokia -- jolokia
 
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.2018-03-14not yet calculatedCVE-2018-1000129
CONFIRM
CONFIRM
jolokia -- jolokia
 
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.2018-03-14not yet calculatedCVE-2018-1000130
CONFIRM
joomla! -- joomla!
 
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.2018-03-14not yet calculatedCVE-2018-8045
BID
SECTRACK
CONFIRM
joyplus-cms -- joyplus-cms
 
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.2018-03-14not yet calculatedCVE-2018-8717
MISC
jpxstream -- jpxstream
 
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8106
MISC
jpxstream -- jpxstream
 
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8105
MISC
jpxstream -- jpxstream
 
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8100
MISC
jpxstream -- jpxstream
 
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8107
MISC
jpxstream -- jpxstream
 
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8101
MISC
kadnode -- kadnode
 
KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution.2018-03-13not yet calculatedCVE-2018-1000091
MISC
keepkey -- keepkey
 
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.2018-03-14not yet calculatedCVE-2018-6875
CONFIRM
kingsoft -- wps_office_free
 
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.2018-03-12not yet calculatedCVE-2018-6400
FULLDISC
kontena -- kontena
 
server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /code#code= in a URI.2018-03-15not yet calculatedCVE-2018-8728
MISC
MISC
MISC
kubernetes -- kubernetes
 
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.2018-03-13not yet calculatedCVE-2017-1002102
REDHAT
CONFIRM
kubernetes -- kubernetes
 
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.2018-03-13not yet calculatedCVE-2017-1002101
REDHAT
CONFIRM
libevt -- libevt
 
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size.2018-03-17not yet calculatedCVE-2018-8754
MISC
libgit2 -- libgit2
 
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.2018-03-13not yet calculatedCVE-2018-8099
CONFIRM
CONFIRM
libgit2 -- libgit2
 
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.2018-03-13not yet calculatedCVE-2018-8098
CONFIRM
CONFIRM
CONFIRM
libtiff -- libtiff
 
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.2018-03-11not yet calculatedCVE-2014-8129
MISC
MISC
APPLE
APPLE
MLIST
REDHAT
REDHAT
CONFIRM
CONFIRM
MISC
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
libtiff -- libtiff
 
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.2018-03-11not yet calculatedCVE-2016-5314
CONFIRM
SUSE
SUSE
SUSE
SUSE
MLIST
MLIST
MLIST
CONFIRM
BID
BID
CONFIRM
CONFIRM
GENTOO
DEBIAN
libtiff -- libtiff
 
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.2018-03-11not yet calculatedCVE-2014-8130
CONFIRM
APPLE
APPLE
MLIST
REDHAT
REDHAT
CONFIRM
CONFIRM
MISC
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
libvips -- libvips
 
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.2018-03-09not yet calculatedCVE-2018-7998
MISC
MISC
MLIST
linux -- linux_kernel
 
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).2018-03-10not yet calculatedCVE-2018-8043
MISC
MISC
linux -- linux_kernel
 
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.2018-03-15not yet calculatedCVE-2017-18232
MISC
BID
MISC
linux -- linux_kernel
 
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.2018-03-11not yet calculatedCVE-2017-18224
MISC
BID
MISC
linux -- linux_kernel
 
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.2018-03-16not yet calculatedCVE-2018-1068
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
linux -- linux_kernel
 
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.2018-03-13not yet calculatedCVE-2018-8087
MISC
MISC
memcached -- memcached
 
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.2018-03-13not yet calculatedCVE-2018-1000127
CONFIRM
CONFIRM
CONFIRM
mercurial -- mercurial
 
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.2018-03-14not yet calculatedCVE-2018-1000132
CONFIRM
microsoft -- .net_core_and_powershell_core
 
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".2018-03-14not yet calculatedCVE-2018-0875
BID
SECTRACK
REDHAT
CONFIRM
microsoft -- asp.net_core
 
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.2018-03-14not yet calculatedCVE-2018-0808
BID
SECTRACK
CONFIRM
microsoft -- asp.net_core
 
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0787
BID
SECTRACK
CONFIRM
CONFIRM
microsoft -- chakracore_and_windows_10
 
ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0936
BID
SECTRACK
CONFIRM
microsoft -- chakracore_and_windows_10
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0930
BID
CONFIRM
microsoft -- chakracore
 
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0925
BID
CONFIRM
microsoft -- sharepoint_enterprise_server
 
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0917
BID
SECTRACK
CONFIRM
microsoft -- sharepoint_foundation_2013_sp1_and_ sharepoint_enterprise_server_2016
 
Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944.2018-03-14not yet calculatedCVE-2018-0947
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0900
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0811
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0901
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0895
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0896
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka "Win32k Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0977
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0897
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0899
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0904
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.2018-03-14not yet calculatedCVE-2018-0926
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0898
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0814
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0894
BID
SECTRACK
CONFIRM
microsoft -- windows_kernel
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.2018-03-14not yet calculatedCVE-2018-0813
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0876
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.2018-03-14not yet calculatedCVE-2018-0924
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0929
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0919
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0932
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0944
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0942
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.2018-03-14not yet calculatedCVE-2018-0891
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0911
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0910
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902.2018-03-14not yet calculatedCVE-2018-0884
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass".2018-03-14not yet calculatedCVE-2018-0907
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936.2018-03-14not yet calculatedCVE-2018-0937
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0893
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0909
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0879
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".2018-03-14not yet calculatedCVE-2018-0903
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".2018-03-14not yet calculatedCVE-2018-0922
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.2018-03-14not yet calculatedCVE-2018-0889
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0914
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882.2018-03-14not yet calculatedCVE-2018-0880
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0915
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0913
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0916
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."2018-03-12not yet calculatedCVE-2016-9952
CONFIRM
CONFIRM
microsoft -- windows
 
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0921
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0983
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".2018-03-14not yet calculatedCVE-2018-0885
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924.2018-03-14not yet calculatedCVE-2018-0941
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0868
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0940
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0933
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0878
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925.2018-03-14not yet calculatedCVE-2018-0935
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880.2018-03-14not yet calculatedCVE-2018-0882
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0927
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".2018-03-14not yet calculatedCVE-2018-0886
BID
SECTRACK
MISC
CONFIRM
microsoft -- windows
 
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0923
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891.2018-03-14not yet calculatedCVE-2018-0939
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.2018-03-14not yet calculatedCVE-2018-0912
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0931
BID
CONFIRM
microsoft -- windows
 
The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884.2018-03-14not yet calculatedCVE-2018-0902
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0877
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.2018-03-12not yet calculatedCVE-2016-9953
CONFIRM
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0934
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816.2018-03-14not yet calculatedCVE-2018-0817
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability".2018-03-14not yet calculatedCVE-2018-0883
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability".2018-03-14not yet calculatedCVE-2018-0881
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability".2018-03-14not yet calculatedCVE-2018-0888
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817.2018-03-14not yet calculatedCVE-2018-0815
BID
SECTRACK
CONFIRM
microsoft -- windows
 
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817.2018-03-14not yet calculatedCVE-2018-0816
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0874
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0872
BID
SECTRACK
CONFIRM
microsoft -- windows
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.2018-03-14not yet calculatedCVE-2018-0873
BID
SECTRACK
CONFIRM
mitel -- connect_onsite
 
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.2018-03-14not yet calculatedCVE-2018-5782
CONFIRM
CONFIRM
mitel -- connect_onsite
 
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.2018-03-14not yet calculatedCVE-2018-5779
CONFIRM
CONFIRM
mitel -- connect_onsite
 
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.2018-03-14not yet calculatedCVE-2018-5781
CONFIRM
CONFIRM
mitel -- connect_onsite
 
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.2018-03-14not yet calculatedCVE-2018-5780
CONFIRM
CONFIRM
mitel -- mitel_st
 
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.2018-03-13not yet calculatedCVE-2017-16251
CONFIRM
CONFIRM
mitel -- mitel_st
 
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.2018-03-13not yet calculatedCVE-2017-16250
CONFIRM
CONFIRM
netiq -- access_manager
 
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.2018-03-14not yet calculatedCVE-2018-7678
BID
CONFIRM
netiq -- access_manager
 
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.2018-03-14not yet calculatedCVE-2018-7677
BID
CONFIRM
npr -- visuals_team_pym.js
 
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later.2018-03-13not yet calculatedCVE-2018-1000086
MISC
MISC
MISC
opendaylight -- opendaylight
 
OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.2018-03-16not yet calculatedCVE-2018-1078
CONFIRM
osisoft -- pi_web_api
 
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.2018-03-14not yet calculatedCVE-2018-7500
BID
MISC
osisoft -- pi_web_api
 
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.2018-03-14not yet calculatedCVE-2018-7508
BID
MISC
osisoft – pi_data_archive
 
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server.2018-03-14not yet calculatedCVE-2018-7531
BID
MISC
osisoft – pi_data_archive
 
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server.2018-03-14not yet calculatedCVE-2018-7529
BID
MISC
osisoft – pi_data_archive
 
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system.2018-03-14not yet calculatedCVE-2018-7533
BID
MISC
osisoft – pi_vision
 
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting.2018-03-14not yet calculatedCVE-2018-7504
BID
MISC
osisoft – pi_vision
 
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure.2018-03-14not yet calculatedCVE-2018-7496
BID
MISC
ovirt -- ovirt
 
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.2018-03-12not yet calculatedCVE-2018-1000095
MISC
MISC
panda -- global_protection
 
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.2018-03-12not yet calculatedCVE-2018-6322
FULLDISC
panda -- global_protection
 
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.2018-03-12not yet calculatedCVE-2018-6321
FULLDISC
paramiko -- paramiko
 
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.2018-03-13not yet calculatedCVE-2018-7750
CONFIRM
CONFIRM
CONFIRM
pitchfork -- pitchfork
 
Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2.2018-03-16not yet calculatedCVE-2018-1000133
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
pivotal -- concourse
 
Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source project has been registered by an unknown actor, and is therefore no longer the official website for Concourse CI. The new official domain is concourse-ci.org. At approximately 4 am EDT on March 7, 2018 the Concourse OSS team began receiving reports that the Concourse domain was not responding. The Concourse OSS team discovered, upon investigation with both the original and the new domain registrars, that the originating domain registrar had made the domain available for purchase. This was done despite the domain being renewed by the Concourse OSS team through August 2018. For a customer to be affected, they would have needed to access a download from a "concourse-dot-ci" domain web site after March 6, 2018 18:00:00 EST. Accessing that domain is NOT recommended by Pivotal. Anyone who had been using that domain should immediately begin using the concourse-ci.org domain instead. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub.2018-03-13not yet calculatedCVE-2018-1227
CONFIRM
pivotal -- gemfire_for_pivotal_cloud_foundry
 
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.2018-03-16not yet calculatedCVE-2016-9880
BID
CONFIRM
pivotal -- pivotal_application_service
 
Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.2018-03-16not yet calculatedCVE-2018-1200
BID
CONFIRM
piwigo -- piwigo
 
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.2018-03-16not yet calculatedCVE-2014-4613
OSVDB
MISC
CONFIRM
CONFIRM
MLIST
MLIST
EXPLOIT-DB
BID
qcms -- qcms
 
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.2018-03-12not yet calculatedCVE-2018-8069
MISC
qcms -- qcms
 
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.2018-03-12not yet calculatedCVE-2018-8070
MISC
qemu -- qemu
 
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.2018-03-12not yet calculatedCVE-2018-7858
MLIST
BID
CONFIRM
MLIST
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer overflow and then leads to potential heap overwrite.2018-03-16not yet calculatedCVE-2017-15831
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access.2018-03-15not yet calculatedCVE-2017-14882
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution.2018-03-16not yet calculatedCVE-2017-18065
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow.2018-03-16not yet calculatedCVE-2017-18055
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for nlo_event in wma_nlo_match_evt_handler(), which is received from firmware, leads to potential out of bound memory access.2018-03-15not yet calculatedCVE-2017-18063
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read.2018-03-15not yet calculatedCVE-2017-18056
BID
CONFIRM
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas().2018-03-16not yet calculatedCVE-2017-18061
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service.2018-03-15not yet calculatedCVE-2017-14878
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18058
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18057
CONFIRM
MISC
qualcomm -- android
 
In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow.2018-03-15not yet calculatedCVE-2017-17773
BID
CONFIRM
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.2018-03-16not yet calculatedCVE-2017-14889
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.2018-03-15not yet calculatedCVE-2017-18067
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition.2018-03-16not yet calculatedCVE-2018-3561
CONFIRM
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will overflow the allocated buffer.2018-03-15not yet calculatedCVE-2016-10393
BID
CONFIRM
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing UTF event in wma_process_utf_event().2018-03-16not yet calculatedCVE-2017-18062
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.2018-03-15not yet calculatedCVE-2017-18068
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.2018-03-15not yet calculatedCVE-2017-15815
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur.2018-03-16not yet calculatedCVE-2017-14887
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().2018-03-16not yet calculatedCVE-2017-18066
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.2018-03-16not yet calculatedCVE-2017-15834
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2018-03-16not yet calculatedCVE-2017-15814
CONFIRM
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which represents the sum of all the peer_stats->num_rates. The current behavior in this function is to validate only the num_rates of the first peer stats (peer_stats->num_rates) against WMA_SVC_MSG_MAX_SIZE, but not the sum of all the peer's num_rates (num_rates) which may lead to a buffer overflow when the firmware buffer is copied in to the allocated buffer (peer_stats) as the size for the memory allocation - link_stats_results_size is based on num_rates.2018-03-15not yet calculatedCVE-2017-14885
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18053
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18051
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device.2018-03-16not yet calculatedCVE-2018-3560
CONFIRM
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs.2018-03-16not yet calculatedCVE-2017-11082
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18052
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18059
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.2018-03-16not yet calculatedCVE-2017-18054
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is received from firmware leads to potential buffer overflow.2018-03-15not yet calculatedCVE-2017-18064
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread.2018-03-15not yet calculatedCVE-2017-18069
BID
CONFIRM
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.2018-03-16not yet calculatedCVE-2017-15833
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18060
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API.2018-03-16not yet calculatedCVE-2017-11074
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite.2018-03-15not yet calculatedCVE-2017-15821
BID
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.2018-03-16not yet calculatedCVE-2017-15830
CONFIRM
MISC
qualcomm -- android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read.2018-03-16not yet calculatedCVE-2017-18050
CONFIRM
MISC
red_hat -- enterprise_linux
 
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.2018-03-12not yet calculatedCVE-2017-2628
REDHAT
BID
CONFIRM
red_hat -- jboss_enterprise_application_platform
 
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.2018-03-09not yet calculatedCVE-2016-9585
BID
CONFIRM
red_hat -- keycloakRed Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.2018-03-12not yet calculatedCVE-2016-8629
REDHAT
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
red_hat -- keycloakRed Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.2018-03-12not yet calculatedCVE-2017-2585
REDHAT
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
red_hat -- openshift_enterpriseRed Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.2018-03-09not yet calculatedCVE-2018-1069
BID
CONFIRM
red_hat -- wildfly
 
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.2018-03-12not yet calculatedCVE-2016-9589
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
roundcube -- roundcube
 
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.2018-03-13not yet calculatedCVE-2018-1000071
MISC
MISC
ruby -- ruby
 
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000079
MISC
MISC
MISC
ruby -- ruby
 
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000077
MISC
MISC
ruby -- ruby
 
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000078
MISC
MISC
ruby -- ruby
 
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000073
MISC
MISC
ruby -- ruby
 
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000076
MISC
MISC
ruby -- ruby
 
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000074
MISC
MISC
ruby -- ruby
 
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.2018-03-13not yet calculatedCVE-2018-1000075
MISC
MISC
samba -- samba
 
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.2018-03-13not yet calculatedCVE-2018-1050
BID
SECTRACK
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
samba -- samba
 
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).2018-03-13not yet calculatedCVE-2018-1057
BID
SECTRACK
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
CONFIRM
samba -- samba
 
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.2018-03-12not yet calculatedCVE-2017-2619
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
DEBIAN
EXPLOIT-DB
CONFIRM
sap -- business_client
 
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.2018-03-14not yet calculatedCVE-2018-2398
BID
CONFIRM
CONFIRM
sap -- business_objects_business_intelligence_platform
 
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.2018-03-14not yet calculatedCVE-2018-2397
BID
CONFIRM
CONFIRM
sap -- business_process_automation_by_redwood
 
SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability.2018-03-14not yet calculatedCVE-2018-2401
BID
CONFIRM
CONFIRM
sap -- business_process_automation_by_redwood
 
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.2018-03-14not yet calculatedCVE-2018-2366
BID
CONFIRM
CONFIRM
sap -- business_process_automation_by_redwood
 
Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted.2018-03-14not yet calculatedCVE-2018-2400
BID
CONFIRM
CONFIRM
sap -- hana
 
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.2018-03-14not yet calculatedCVE-2018-2402
BID
CONFIRM
CONFIRM
sap -- process_monitoring_infrastructure
 
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.2018-03-14not yet calculatedCVE-2018-2399
BID
CONFIRM
CONFIRM
schedmd -- slurm
 
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.2018-03-15not yet calculatedCVE-2018-7033
CONFIRM
CONFIRM
schneider_electric -- somove_and_dtm_software
 
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.2018-03-09not yet calculatedCVE-2018-7239
BID
MISC
CONFIRM
securenvoy -- securmail
 
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.2018-03-14not yet calculatedCVE-2018-7705
FULLDISC
EXPLOIT-DB
MISC
securenvoy -- securmail
 
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.2018-03-14not yet calculatedCVE-2018-7706
FULLDISC
EXPLOIT-DB
MISC
securenvoy -- securmail
 
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.2018-03-14not yet calculatedCVE-2018-7702
FULLDISC
EXPLOIT-DB
MISC
securenvoy -- securmail
 
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.2018-03-14not yet calculatedCVE-2018-7704
FULLDISC
EXPLOIT-DB
MISC
securenvoy -- securmail
 
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.2018-03-14not yet calculatedCVE-2018-7707
FULLDISC
EXPLOIT-DB
MISC
securenvoy -- securmail
 
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.2018-03-14not yet calculatedCVE-2018-7701
FULLDISC
EXPLOIT-DB
MISC
securenvoy -- securmail
 
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.2018-03-14not yet calculatedCVE-2018-7703
FULLDISC
EXPLOIT-DB
MISC
servicenow_itsm -- servicenow_itsm
 
ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do).2018-03-15not yet calculatedCVE-2018-8720
MISC
sharutils -- sharutils
 
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..2018-03-12not yet calculatedCVE-2018-1000097
BUGTRAQ
spacewalk -- spacewalk
 
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.2018-03-14not yet calculatedCVE-2018-1077
CONFIRM
spice-gtk -- spice-gtk
 
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.2018-03-14not yet calculatedCVE-2017-12194
BID
CONFIRM
spring_security -- spring_security
 
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.2018-03-16not yet calculatedCVE-2018-1199
CONFIRM
sqlite -- sqlite
 
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.2018-03-16not yet calculatedCVE-2018-8740
MISC
MISC
MISC
MISC
squirrelmail -- squirrelmailA directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.2018-03-17not yet calculatedCVE-2018-8741
MISC
MISC
MISC
MISC
suse -- portus
 
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.2018-03-11not yet calculatedCVE-2018-8059
MISC
teluu_pjsip -- teluu_pjsip
 
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.2018-03-12not yet calculatedCVE-2018-1000098
MISC
MISC
teluu_pjsip -- teluu_pjsip
 
Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.2018-03-12not yet calculatedCVE-2018-1000099
MISC
MISC
MISC
textpattern -- textpattern
 
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.2018-03-13not yet calculatedCVE-2018-1000090
MISC
textpattern_cms -- textpattern_cms

 
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.2018-03-14not yet calculatedCVE-2018-7474
FULLDISC
EXPLOIT-DB
tiny-json-http -- tiny-json-http
 
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks.2018-03-12not yet calculatedCVE-2018-1000096
MISC
titanhq -- webtitan_gateway
 
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.2018-03-12not yet calculatedCVE-2017-18227
MISC
MISC
MISC
trend_micro -- email_encryption_gateway
 
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.2018-03-15not yet calculatedCVE-2018-6229
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.2018-03-15not yet calculatedCVE-2018-6222
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.2018-03-15not yet calculatedCVE-2018-6230
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.2018-03-15not yet calculatedCVE-2018-6227
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.2018-03-15not yet calculatedCVE-2018-6223
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.2018-03-15not yet calculatedCVE-2018-6219
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.2018-03-15not yet calculatedCVE-2018-6225
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.2018-03-15not yet calculatedCVE-2018-6228
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.2018-03-15not yet calculatedCVE-2018-6220
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.2018-03-15not yet calculatedCVE-2018-6224
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.2018-03-15not yet calculatedCVE-2018-6221
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- email_encryption_gateway
 
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.2018-03-15not yet calculatedCVE-2018-6226
CONFIRM
MISC
EXPLOIT-DB
trend_micro -- smart_protection_server
 
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.2018-03-15not yet calculatedCVE-2018-6231
CONFIRM
MISC
unboundid -- ldap_sdk
 
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.2018-03-16not yet calculatedCVE-2018-1000134
CONFIRM
unitrends -- unitrends_backups
 
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.2018-03-14not yet calculatedCVE-2018-6328
CONFIRM
CONFIRM
unitrends -- unitrends_backups
 
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.2018-03-14not yet calculatedCVE-2018-6329
CONFIRM
CONFIRM
vmware -- workstation_and_fusion
 
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.2018-03-15not yet calculatedCVE-2018-6957
SECTRACK
CONFIRM
vpn_unlimited -- vpn_unlimited
 
VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.2018-03-16not yet calculatedCVE-2018-8739
MISC
weblog_expert -- web_server_enterprise
 
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.2018-03-09not yet calculatedCVE-2018-7582
MISC
MISC
EXPLOIT-DB
weblog_expert -- web_server_enterprise
 
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.2018-03-09not yet calculatedCVE-2018-7581
MISC
MISC
EXPLOIT-DB
webmin -- webmin
 
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request.2018-03-14not yet calculatedCVE-2018-8712
MISC
western_bridge_cobub_razor -- western_bridge_cobub_razor
 
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.2018-03-11not yet calculatedCVE-2018-8057
MISC
MISC
western_bridge_cobub_razor -- western_bridge_cobub_razor
 
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.2018-03-11not yet calculatedCVE-2018-8056
MISC
MISC
wicket -- jquery
 
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.2018-03-12not yet calculatedCVE-2017-15719
CONFIRM
CONFIRM
wolfcms -- wolfcms
 
WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the "Create New File" and "Create New Directory" input box from 'files'.2018-03-13not yet calculatedCVE-2018-1000087
MISC
MISC
wolfcms -- wolfcms
 
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name .2018-03-13not yet calculatedCVE-2018-1000084
MISC
wordpress -- wordpress
 
A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack.2018-03-14not yet calculatedCVE-2018-8711
MISC
MISC
MISC
wordpress -- wordpress
 
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.2018-03-14not yet calculatedCVE-2018-1000131
MISC
CONFIRM
MISC
wordpress -- wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.2018-03-15not yet calculatedCVE-2018-8729
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.2018-03-14not yet calculatedCVE-2018-8710
MISC
MISC
MISC
xpdf -- xpdf
 
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8103
MISC
xpdf -- xpdf
 
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8104
MISC
xpdf -- xpdf
 
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.2018-03-13not yet calculatedCVE-2018-8102
MISC
yzmcms -- yzmcms
 
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.2018-03-13not yet calculatedCVE-2018-8078
MISC
zenmate -- zenmate
 
ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker.2018-03-15not yet calculatedCVE-2018-8076
MISC
zoho -- manageengine_desktop_central
 
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.2018-03-15not yet calculatedCVE-2018-8722
CONFIRM
zoho -- manageengine_eventlog_analyzer
 
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen2018-03-15not yet calculatedCVE-2018-8721
BID
CONFIRM
zoho -- manageengine_eventlog_analyzer
 
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-03-13not yet calculatedCVE-2018-7405
CONFIRM
CONFIRM
zsh -- zsh
 
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.2018-03-09not yet calculatedCVE-2018-1071
BID
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top