Vulnerability Summary for the Week of March 19, 2018

Released
Mar 26, 2018
Document ID
SB18-085

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.2018-03-20not yet calculatedCVE-2018-8873
MISC
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018.2018-03-18not yet calculatedCVE-2018-8765
MISC
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044.2018-03-22not yet calculatedCVE-2018-8896
MISC
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054.2018-03-20not yet calculatedCVE-2018-8874
MISC
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c.2018-03-20not yet calculatedCVE-2018-8875
MISC
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.2018-03-22not yet calculatedCVE-2018-8895
MISC
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108.2018-03-22not yet calculatedCVE-2018-8894
MISC
2345_security_guard -- 2345_security_guard
 
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098.2018-03-20not yet calculatedCVE-2018-8876
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.2018-03-24not yet calculatedCVE-2018-8998
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.2018-03-24not yet calculatedCVE-2018-8999
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.2018-03-24not yet calculatedCVE-2018-9000
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.2018-03-24not yet calculatedCVE-2018-9005
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.2018-03-24not yet calculatedCVE-2018-9006
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.2018-03-24not yet calculatedCVE-2018-9007
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.2018-03-24not yet calculatedCVE-2018-9001
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.2018-03-24not yet calculatedCVE-2018-9004
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.2018-03-24not yet calculatedCVE-2018-9002
MISC
advanced_systemcare_ultimate -- advanced_systemcare_ultimate
 
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.2018-03-24not yet calculatedCVE-2018-9003
MISC
ajaxdiscussion.php -- ajaxdiscussion.php
 
I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.2018-03-23not yet calculatedCVE-2018-1000141
MISC
alkacon -- opencms
 
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation.2018-03-20not yet calculatedCVE-2018-8811
MISC
alkacon -- opencms
 
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.2018-03-20not yet calculatedCVE-2018-8815
MISC
amd -- epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips
 
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.2018-03-22not yet calculatedCVE-2018-8936
MISC
MISC
MISC
MISC
amd -- epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips
 
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.2018-03-22not yet calculatedCVE-2018-8930
MISC
MISC
MISC
MISC
amd -- epyc_server_processor_chips
 
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.2018-03-22not yet calculatedCVE-2018-8933
MISC
MISC
MISC
MISC
amd -- ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chipsThe AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.2018-03-22not yet calculatedCVE-2018-8931
MISC
MISC
MISC
MISC
amd -- ryzen_and_ryzen_pro_processor_chips
 
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.2018-03-22not yet calculatedCVE-2018-8932
MISC
MISC
MISC
MISC
amd -- ryzen_and_ryzen_pro_processor_chips
 
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.2018-03-22not yet calculatedCVE-2018-8935
MISC
MISC
MISC
MISC
amd -- ryzen_and_ryzen_pro_processor_chips
 
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.2018-03-22not yet calculatedCVE-2018-8934
MISC
MISC
MISC
MISC
apache -- apache_commons_components
 
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.2018-03-16not yet calculatedCVE-2018-1324
BID
SECTRACK
MLIST
apache -- commons-email
 
If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).2018-03-20not yet calculatedCVE-2018-1294
MLIST
apache -- syncope
 
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can recover sensitive security values using the fiql and orderby parameters.2018-03-20not yet calculatedCVE-2018-1322
MISC
apache -- syncope
 
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.2018-03-20not yet calculatedCVE-2018-1321
MISC

atlassian -- bitbucket_server

 

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.2018-03-22not yet calculatedCVE-2018-5225
BID
CONFIRM
atlassian -- fisheye_and_crucible
 
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.2018-03-22not yet calculatedCVE-2017-18094
CONFIRM
CONFIRM
authentikat-jwt -- authentikat-jwt
 
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.2018-03-17not yet calculatedCVE-2017-18239
MISC
MISC
MISC
beckhoff -- twincat
 
Kernal drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.2018-03-23not yet calculatedCVE-2018-7502
BID
MISC
MISC
bmc_remedy -- action_request_system
 
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.2018-03-24not yet calculatedCVE-2015-9257
CONFIRM
bose -- soundtouch_devices
 
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.2018-03-24not yet calculatedCVE-2017-17749
MISC
bose -- soundtouch_devices
 
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.2018-03-24not yet calculatedCVE-2017-17750
MISC
bose -- soundtouch_devices
 
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.2018-03-24not yet calculatedCVE-2017-17751
MISC
bylancer -- bookme_control_panel
 
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.2018-03-17not yet calculatedCVE-2018-8737
MISC
cloud_controller -- cloud_controller
 
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.2018-03-19not yet calculatedCVE-2018-1195
CONFIRM
cloud_foundry_foundation -- garden
 
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet.2018-03-19not yet calculatedCVE-2015-5350
CONFIRM
cloud_foundry_foundation -- gorouter
 
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.2018-03-19not yet calculatedCVE-2018-1221
CONFIRM
cloud_foundry_foundation -- windows_stemcells
 
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.2018-03-19not yet calculatedCVE-2018-1197
CONFIRM
core_ftp_server -- core_ftp_server
 
Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.2018-03-20not yet calculatedCVE-2014-1215
BUGTRAQ
MISC
covercms -- covercms
 
CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php.2018-03-23not yet calculatedCVE-2018-8957
MISC
MISC
MISC
creditwest_bank -- cms_project
 
Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.2018-03-24not yet calculatedCVE-2018-8972
MISC
dell -- storage_manager
 
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.2018-03-16not yet calculatedCVE-2017-14384
CONFIRM
BID
dell_emc -- idrac
 
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.2018-03-23not yet calculatedCVE-2018-1211
MISC
dell_emc -- idrac
 
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.2018-03-23not yet calculatedCVE-2018-1207
MISC
MISC
dell_emc -- networker
 
In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.2018-03-19not yet calculatedCVE-2018-1218
FULLDISC
SECTRACK
dsmall -- dsmall
 
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.2018-03-22not yet calculatedCVE-2018-8906
MISC
dtisqlinstaller.exe -- dtisqlinstaller.exe
 
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.2018-03-19not yet calculatedCVE-2018-5551
MISC
dtisqlinstaller.exe -- dtisqlinstaller.exe
 
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".2018-03-19not yet calculatedCVE-2018-5552
MISC
eaton -- elcsoft
 
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.2018-03-20not yet calculatedCVE-2018-7511
CONFIRM
BID
MISC
electron -- electron
 
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.2018-03-23not yet calculatedCVE-2018-1000136
MISC
elfutils -- elfutils
 
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.2018-03-18not yet calculatedCVE-2018-8769
CONFIRM
emc -- data_protection_advisor
 
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).2018-03-16not yet calculatedCVE-2017-8013
FULLDISC
BID
SECTRACK
enhavo -- enhavo
 
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.2018-03-20not yet calculatedCVE-2018-8832
MISC
exiv2 -- exiv2
 
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.2018-03-24not yet calculatedCVE-2018-8977
MISC
exiv2 -- exiv2
 
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.2018-03-24not yet calculatedCVE-2018-8976
MISC
f5 -- big-ip
 
In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.2018-03-22not yet calculatedCVE-2018-5504
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.2018-03-22not yet calculatedCVE-2018-5502
SECTRACK
CONFIRM
f5 -- big-ip
 
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.2018-03-19not yet calculatedCVE-2014-4024
XF
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.2018-03-22not yet calculatedCVE-2018-5509
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP.2018-03-22not yet calculatedCVE-2018-5505
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action.2018-03-22not yet calculatedCVE-2018-5503
SECTRACK
CONFIRM
flafla -- arsenol
 
Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0534
JVN
flafla -- arsenol
 
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi.2018-03-22not yet calculatedCVE-2018-0536
JVN
fortinet -- fortiweb
 
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 and above under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. A fix is scheduled in upcoming FortiWeb v6.1.0.2018-03-20not yet calculatedCVE-2017-14191
BID
CONFIRM
frog_cms -- frog_cms
 
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.2018-03-22not yet calculatedCVE-2014-4912
EXPLOIT-DB
functions.php -- functions.php
 
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.2018-03-23not yet calculatedCVE-2018-1000138
MISC
MISC
general_electric -- centricity_pacs_ra1000_devices
 
GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14008
BID
MISC
general_electric -- gemnet_license_server
 
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14004
MISC
general_electric -- infinia_and_infinia_with_hawkeye_4_medical_imaging_systems
 
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14002
BID
MISC
general_electric -- xeleris_medical_imaging_systems
 
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.2018-03-20not yet calculatedCVE-2017-14006
MISC
gentoo -- collectd
 
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).2018-03-18not yet calculatedCVE-2017-18240
BID
CONFIRM
GENTOO
geutebruck -- ip_camerasUnauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.2018-03-22not yet calculatedCVE-2018-7532
BID
MISC
geutebruck -- ip_cameras
 
A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans.2018-03-22not yet calculatedCVE-2018-7516
BID
MISC
geutebruck -- ip_cameras
 
A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.2018-03-22not yet calculatedCVE-2018-7524
BID
MISC
geutebruck -- ip_cameras
 
An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords.2018-03-22not yet calculatedCVE-2018-7520
BID
MISC
geutebruck -- ip_cameras
 
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.2018-03-22not yet calculatedCVE-2018-7528
BID
MISC
geutebruck -- ip_cameras
 
A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.2018-03-22not yet calculatedCVE-2018-7512
BID
MISC
gitlab -- community_and_enterprise_editions
 
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.2018-03-21not yet calculatedCVE-2018-3710
CONFIRM
MISC
CONFIRM
MISC
DEBIAN
gitlab -- community_and_enterprise_editions
 
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.2018-03-21not yet calculatedCVE-2017-0914
CONFIRM
MISC
gitlab -- community_and_enterprise_editions
 
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.2018-03-22not yet calculatedCVE-2017-0920
CONFIRM
MISC
gitlab -- community_edition
 
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.2018-03-21not yet calculatedCVE-2017-0924
CONFIRM
MISC
gitlab -- community_edition
 
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.2018-03-21not yet calculatedCVE-2017-0915
CONFIRM
MISC
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.2018-03-21not yet calculatedCVE-2017-0917
CONFIRM
MISC
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.2018-03-21not yet calculatedCVE-2017-0926
CONFIRM
CONFIRM
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.2018-03-21not yet calculatedCVE-2017-0918
CONFIRM
MISC
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.2018-03-21not yet calculatedCVE-2017-0927
CONFIRM
CONFIRM
gitlab -- community_edition
 
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.2018-03-21not yet calculatedCVE-2017-0916
CONFIRM
MISC
DEBIAN
gitlab -- community_edition
 
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.2018-03-21not yet calculatedCVE-2017-0923
CONFIRM
MISC
gitlab -- enterprise_edition
 
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.2018-03-21not yet calculatedCVE-2017-0925
CONFIRM
CONFIRM
DEBIAN
gitlab -- enterprise_edition
 
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.2018-03-21not yet calculatedCVE-2017-0922
CONFIRM
MISC
gitlab -- gitlab
 
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.2018-03-24not yet calculatedCVE-2018-8971
MISC
gnome -- networkmanager
 
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.2018-03-20not yet calculatedCVE-2018-1000135
BID
CONFIRM
CONFIRM
CONFIRM
gnu -- binutils
 
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.2018-03-22not yet calculatedCVE-2018-8945
MISC
wire.com -- wire_application_for_android
 
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.2018-03-22not yet calculatedCVE-2018-8909
MISC
grav_cms -- grav_cms
 
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.2018-03-19not yet calculatedCVE-2018-5233
MLIST
MISC
gundam_cult_qqq -- qqq_systems
 
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi.2018-03-22not yet calculatedCVE-2018-0537
JVN
gundam_cult_qqq -- qqq_systems
 
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0538
JVN
gundam_cult_qqq -- qqq_systems
 
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0539
JVN
heimdal_security -- heimdal_pro_and_heimdal_free_and_heimdal_corp
 
A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.2018-03-22not yet calculatedCVE-2018-5349
MISC
heimdal_security -- heimdal_pro
 
An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerablity is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.2018-03-22not yet calculatedCVE-2018-5731
MISC
hisayuki_nomura -- tiny_ftp_daemon
 
Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0541
JVN
huawei -- fusionsphere_openstack
 
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation.2018-03-20not yet calculatedCVE-2017-8187
CONFIRM
huawei -- hg532
 
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.2018-03-20not yet calculatedCVE-2017-17215
CONFIRM
BID
huawei -- iptv_stb
 
Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free.2018-03-20not yet calculatedCVE-2017-8176
MISC
CONFIRM
huawei -- mate_9_pro_smartphones
 
Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.2018-03-20not yet calculatedCVE-2017-17320
CONFIRM
huawei -- multiple_devices
 
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.2018-03-23not yet calculatedCVE-2017-15326
CONFIRM
huawei -- multiple_smartphones
 
Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal.2018-03-20not yet calculatedCVE-2017-17306
CONFIRM
huawei -- p9_smartphones
 
Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.2018-03-20not yet calculatedCVE-2017-17319
CONFIRM
huawei -- smartphones_with_vns-l21autc555b141_software
 
Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal.2018-03-20not yet calculatedCVE-2017-17307
CONFIRM
ibm -- data_server_driver_for_jdbc_and_sqlj
 
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.2018-03-22not yet calculatedCVE-2017-1677
CONFIRM
BID
MISC
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.2018-03-22not yet calculatedCVE-2018-1448
CONFIRM
MISC
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.2018-03-22not yet calculatedCVE-2017-1571
CONFIRM
MISC
ibm -- gskit
 
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.2018-03-22not yet calculatedCVE-2018-1427
CONFIRM
MISC
ibm -- gskit
 
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.2018-03-22not yet calculatedCVE-2018-1428
CONFIRM
MISC
ibm -- gskit
 
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.2018-03-22not yet calculatedCVE-2018-1426
CONFIRM
MISC
ibm -- ibm_connections
 
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.2018-03-20not yet calculatedCVE-2015-7458
CONFIRM
XF
ibm -- ibm_connections
 
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.2018-03-20not yet calculatedCVE-2015-7459
CONFIRM
XF
ibm -- ibm_connections
 
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.2018-03-20not yet calculatedCVE-2015-7460
CONFIRM
XF
ibm -- ibm_connections
 
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.2018-03-20not yet calculatedCVE-2015-7461
CONFIRM
XF
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379.2018-03-23not yet calculatedCVE-2017-1655
CONFIRM
BID
MISC
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006.2018-03-23not yet calculatedCVE-2017-1762
CONFIRM
BID
MISC
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127.2018-03-23not yet calculatedCVE-2017-1629
CONFIRM
BID
MISC
ibm -- ibm_jazz_foundation
 
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.2018-03-23not yet calculatedCVE-2017-1524
CONFIRM
BID
MISC
ibm -- ibm_jazz_foundation
 
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221.2018-03-20not yet calculatedCVE-2015-7449
CONFIRM
XF
ibm -- mq_appliance
 
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077.2018-03-23not yet calculatedCVE-2018-1429
CONFIRM
BID
SECTRACK
MISC
ibm -- predictive_solutions_foundation
 
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.2018-03-22not yet calculatedCVE-2016-9711
CONFIRM
MISC
ibm -- rational_collaborative_lifecycle_management
 
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.2018-03-23not yet calculatedCVE-2017-1602
CONFIRM
BID
MISC
ibm -- tivoli_monitoring_v6
 
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.2018-03-22not yet calculatedCVE-2017-1789
CONFIRM
MISC
ibm -- websphere_application_server_9
 
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031.2018-03-22not yet calculatedCVE-2017-1788
CONFIRM
MISC
identityserver -- identityserver4
 
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.2018-03-22not yet calculatedCVE-2018-8899
MISC
MISC
MISC
MISC
imagemagick -- imagemagick
 
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.2018-03-20not yet calculatedCVE-2018-8804
CONFIRM
imagemagick -- imagemagick
 
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.2018-03-23not yet calculatedCVE-2018-8960
MISC
intel -- sgx_sdk
 
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.2018-03-20not yet calculatedCVE-2018-3626
BID
CONFIRM
intel -- software_guard_extensions_platform_software_component
 
An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator.2018-03-20not yet calculatedCVE-2017-5736
BID
CONFIRM
invision_power_board -- invision_power_board
 
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.2018-03-20not yet calculatedCVE-2014-4928
MISC
jboss -- enterprise_application_platform_and_application_serverThe Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed.2018-03-19not yet calculatedCVE-2014-3626
CONFIRM
joyent_smartos -- joyent_smartos
 
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106.2018-03-19not yet calculatedCVE-2018-1171
CONFIRM
MISC
joyplus-cms -- joyplus-cms
 
joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter.2018-03-18not yet calculatedCVE-2018-8767
MISC
joyplus-cms -- joyplus-cms
 
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.2018-03-18not yet calculatedCVE-2018-8766
MISC
jungo_connectivity -- driverwizard_windriver
 
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file.2018-03-20not yet calculatedCVE-2018-8821
MISC
jupyter_notebook -- jupyter_notebook
 
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.2018-03-18not yet calculatedCVE-2018-8768
CONFIRM
k_okada -- vix
 
Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-03-22not yet calculatedCVE-2018-0540
JVN
kagaminokuni -- php_2chbbs
 
Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0535
JVN
kamailio -- kamailio
 
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.2018-03-20not yet calculatedCVE-2018-8828
MISC
MISC
DEBIAN
kentico -- kentico
 
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.2018-03-23not yet calculatedCVE-2017-17736
MISC
kentico -- kentico
 
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.2018-03-19not yet calculatedCVE-2018-6842
MISC
kentico -- kentico
 
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.2018-03-19not yet calculatedCVE-2018-6843
MISC
libav -- libav
 
The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.2018-03-22not yet calculatedCVE-2017-18242
MISC
libav -- libav
 
The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file.2018-03-23not yet calculatedCVE-2017-18245
MISC
libav -- libav
 
The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file.2018-03-23not yet calculatedCVE-2017-18247
MISC
libav -- libav
 
The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.2018-03-22not yet calculatedCVE-2017-18244
MISC
libav -- libav
 
The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file.2018-03-23not yet calculatedCVE-2017-18246
MISC
libav -- libav
 
The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.2018-03-22not yet calculatedCVE-2017-18243
MISC
libevt -- libevt
 
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size.2018-03-17not yet calculatedCVE-2018-8754
MISC
libming -- libming
 
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.2018-03-24not yet calculatedCVE-2018-9009
MISC
libming -- libming
 
In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8961
MISC
libming -- libming
 
In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8962
MISC
libming -- libming
 
In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8964
MISC
libming -- libming
 
In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-20not yet calculatedCVE-2018-8807
MISC
libming -- libming
 
In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-23not yet calculatedCVE-2018-8963
MISC
libming -- libming
 
In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file.2018-03-20not yet calculatedCVE-2018-8806
MISC
libressl -- libressl
 
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.2018-03-24not yet calculatedCVE-2018-8970
MISC
MISC
MISC
libtiff -- libtiff
 
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.2018-03-22not yet calculatedCVE-2018-8905
MISC
MISC
linux -- linux_kernel
 
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.2018-03-16not yet calculatedCVE-2018-1068
BID
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
linux -- linux_kernel
 
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.2018-03-21not yet calculatedCVE-2017-18241
MISC
MISC
linux -- linux_kernel
 
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.2018-03-20not yet calculatedCVE-2018-8822
BID
CONFIRM
lunarnight -- laboratory_webproxy
 
Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors.2018-03-22not yet calculatedCVE-2018-0542
JVN
malwarebytes -- anti-malware_consumer_version
 
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.2018-03-21not yet calculatedCVE-2016-10717
MISC
MISC
MISC
MISC
MISC
maradns -- maradns
 
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error.2018-03-20not yet calculatedCVE-2014-2031
CONFIRM
MLIST
SECTRACK
CONFIRM
XF
maradns -- maradns
 
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation.2018-03-20not yet calculatedCVE-2014-2032
CONFIRM
MLIST
BID
SECTRACK
CONFIRM
XF
meco -- usb_memory_stick_with_fingerprint_mecoziolsamde601_devices
 
An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.2018-03-22not yet calculatedCVE-2017-16242
MISC
MISC
MISC
MISC
micro_focus -- netiq_edirectory
 
Addresses denial of service attack to eDirectory versions prior to 9.1.2018-03-21not yet calculatedCVE-2018-1346
BID
CONFIRM
micro_focus -- netiq_imanager
 
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.2018-03-21not yet calculatedCVE-2018-1347
BID
CONFIRM
micro_focus -- netiq_imanager
 
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.2018-03-21not yet calculatedCVE-2018-1345
CONFIRM
micro_focus -- netiq_imanager
 
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.12018-03-21not yet calculatedCVE-2018-1344
CONFIRM
mikrotik -- routeros_smb
 
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.2018-03-19not yet calculatedCVE-2018-7445
FULLDISC
BID
MISC
EXPLOIT-DB
misp -- misp
 
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.2018-03-23not yet calculatedCVE-2018-8948
CONFIRM
misp -- misp
 
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.2018-03-23not yet calculatedCVE-2018-8949
CONFIRM
ncr -- s1_dispenser_controller
 
Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.2018-03-20not yet calculatedCVE-2017-17668
CONFIRM
ncr -- s2_dispenser_controller
 
Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.2018-03-20not yet calculatedCVE-2018-5717
CONFIRM
nessus -- nessus
 
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.2018-03-20not yet calculatedCVE-2018-1141
SECTRACK
CONFIRM
netpbm -- netpbm
 
The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.2018-03-24not yet calculatedCVE-2018-8975
MISC
netwide_assembler -- netwide_assembler
 
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.2018-03-20not yet calculatedCVE-2018-8883
MISC
netwide_assembler -- netwide_assembler
 
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.2018-03-20not yet calculatedCVE-2018-8881
MISC
netwide_assembler -- netwide_assembler
 
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.2018-03-20not yet calculatedCVE-2018-8882
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets.2018-03-21not yet calculatedCVE-2018-7515
BID
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability.2018-03-21not yet calculatedCVE-2018-7517
BID
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.2018-03-21not yet calculatedCVE-2018-7519
BID
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.2018-03-21not yet calculatedCVE-2018-7521
BID
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.2018-03-21not yet calculatedCVE-2018-7523
BID
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.2018-03-21not yet calculatedCVE-2018-7525
BID
MISC
omron -- cx-supervisor
 
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.2018-03-21not yet calculatedCVE-2018-7513
BID
MISC
open_web_analytics -- open_web_analytics
 
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.2018-03-20not yet calculatedCVE-2014-1457
CONFIRM
BID
XF
MISC
openbuildservice -- openbuildservice
 
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.2018-03-20not yet calculatedCVE-2011-3178
CONFIRM
CONFIRM
opencart -- opencart
 
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.2018-03-20not yet calculatedCVE-2014-3990
MISC
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
opendaylight -- opendaylight
 
OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.2018-03-16not yet calculatedCVE-2018-1078
MISC
CONFIRM
openscape_development_service -- openscape_development_service
 
SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2018-03-19not yet calculatedCVE-2014-2652
CONFIRM
opmantek -- open-audit_professional
 
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.2018-03-22not yet calculatedCVE-2018-8903
MISC
otcms -- otcms
 
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.2018-03-24not yet calculatedCVE-2018-8973
MISC
owncloud -- owncloud
 
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.2018-03-20not yet calculatedCVE-2014-1665
MISC
BID
XF
MISC
EXPLOIT-DB
philips -- intellispace_cardiovascular_application
 
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information.2018-03-20not yet calculatedCVE-2018-5438
BID
MISC
CONFIRM
phpok -- phpok
 
PHPOK 4.8.338 has an arbitrary file upload vulnerability.2018-03-22not yet calculatedCVE-2018-8944
MISC
phpshe -- phpshe
 
There is a SQL injection in the PHPSHE 1.6 userbank parameter.2018-03-22not yet calculatedCVE-2018-8943
MISC
pivotal -- gemfire
 
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.2018-03-16not yet calculatedCVE-2016-9880
BID
CONFIRM
pivotal -- pivotal_application_service
 
Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.2018-03-16not yet calculatedCVE-2018-1200
BID
CONFIRM
pivotal -- spring_batch_admin
 
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.2018-03-21not yet calculatedCVE-2018-1229
BID
CONFIRM
pivotal -- spring_batch_admin
 
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.2018-03-21not yet calculatedCVE-2018-1230
BID
CONFIRM
pivotal -- spring_boot
 
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.2018-03-19not yet calculatedCVE-2018-1196
CONFIRM
prague -- smart_phones
 
The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.2018-03-23not yet calculatedCVE-2017-15325
CONFIRM
qos.ch_slf4j -- qos.ch_slf4j
 
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.2018-03-20not yet calculatedCVE-2018-8088
MISC
MISC
MISC
radare2 -- radare2
 
In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.2018-03-20not yet calculatedCVE-2018-8808
MISC
radare2 -- radare2
 
In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.2018-03-20not yet calculatedCVE-2018-8809
MISC
radare2 -- radare2
 
In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.2018-03-20not yet calculatedCVE-2018-8810
MISC
radosgw -- radosgw
 
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.2018-03-19not yet calculatedCVE-2018-7262
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
FEDORA
rsyslog_librelp -- rsyslog_librelp
 
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.2018-03-23not yet calculatedCVE-2018-1000140
MISC
MISC
seafile  -- seafile_server_and_server_professional_edition
 
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.2018-03-19not yet calculatedCVE-2014-5443
MLIST
BID
XF
CONFIRM
CONFIRM
securebrain_corporation -- installer_of_phishwall_client_firefox_and_chrome_edition_for_windows
 
Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-03-22not yet calculatedCVE-2018-0552
JVN
CONFIRM
siemans -- simatic_and_sinumerik_and_profinet_io
 
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions), SIMATIC S7-400 H V6 (All versions), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions), SINUMERIK 840D sl (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected.2018-03-20not yet calculatedCVE-2018-4843
BID
CONFIRM
siemans -- simatic_wincc_oa_ui_for_android_and__simatic_wincc_oa_ui_for_ios
 
A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.2018-03-20not yet calculatedCVE-2018-4844
BID
CONFIRM
sqlite -- sqlite
 
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.2018-03-16not yet calculatedCVE-2018-8740
BID
MISC
MISC
MISC
MISC
squirrelmail -- squirrelmail
 
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.2018-03-17not yet calculatedCVE-2018-8741
MISC
SECTRACK
MISC
MISC
MISC
stable.php -- stable.php
 
I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user.2018-03-23not yet calculatedCVE-2018-1000139
MISC
MISC
synology -- photo_station
 
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.2018-03-22not yet calculatedCVE-2017-16771
CONFIRM
synology -- photo_station
 
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.2018-03-22not yet calculatedCVE-2017-16772
CONFIRM
tenda -- ac15_router
 
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.2018-03-20not yet calculatedCVE-2018-5768
MISC
tenda -- ac15_router
 
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in.2018-03-20not yet calculatedCVE-2018-5770
MISC
truecrypt -- truecrypt
 
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.2018-03-19not yet calculatedCVE-2014-2884
MLIST
MISC
truecrypt -- truecrypt
 
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.2018-03-19not yet calculatedCVE-2014-2885
MLIST
MISC
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.2018-03-22not yet calculatedCVE-2017-0935
CONFIRM
MISC
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.2018-03-22not yet calculatedCVE-2017-0932
CONFIRM
MISC
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.2018-03-22not yet calculatedCVE-2017-0933
CONFIRM
MISC
ubiquiti_networks -- edgeos
 
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.2018-03-22not yet calculatedCVE-2017-0934
CONFIRM
MISC
ucopia -- wireless_appliance_devices
 
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.2018-03-22not yet calculatedCVE-2017-17743
MISC
unboundid -- ldap_sdk_for_java
 
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.2018-03-16not yet calculatedCVE-2018-1000134
BID
CONFIRM
users.php -- users.php
 
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.2018-03-23not yet calculatedCVE-2018-1000137
MISC
wampserver -- wampserver
 
Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.2018-03-19not yet calculatedCVE-2018-8732
MISC

western_bridge -- cobub_razor

 

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.2018-03-18not yet calculatedCVE-2018-8770
MISC
windows_optimization_master -- windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003.2018-03-24not yet calculatedCVE-2018-8994
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007.2018-03-24not yet calculatedCVE-2018-8996
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004.2018-03-24not yet calculatedCVE-2018-8997
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010.2018-03-24not yet calculatedCVE-2018-8990
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002.2018-03-24not yet calculatedCVE-2018-8995
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009.2018-03-24not yet calculatedCVE-2018-8991
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.2018-03-24not yet calculatedCVE-2018-8993
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005.2018-03-24not yet calculatedCVE-2018-8992
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006.2018-03-24not yet calculatedCVE-2018-8989
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008.2018-03-24not yet calculatedCVE-2018-8988
MISC
windows_optimization_master -- windows_optimization_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000.2018-03-22not yet calculatedCVE-2018-8904
MISC
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.2018-03-19not yet calculatedCVE-2014-2274
MISC
CONFIRM
wordpress -- wordpress
 
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.2018-03-19not yet calculatedCVE-2018-7422
MISC
MISC
wordpress -- wordpress
 
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.2018-03-19not yet calculatedCVE-2014-2674
MISC
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.2018-03-19not yet calculatedCVE-2014-2550
XF
MISC
CONFIRM
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php.2018-03-19not yet calculatedCVE-2014-2675
MISC
wordpress -- wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.2018-03-19not yet calculatedCVE-2014-2297
BUGTRAQ
xiuno_bbs -- xiuno_bbs
 
Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.2018-03-22not yet calculatedCVE-2018-8942
MISC
yii -- yii
 
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.2018-03-21not yet calculatedCVE-2018-7269
CONFIRM
yii -- yii
 
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.2018-03-21not yet calculatedCVE-2018-8073
CONFIRM
yii -- yii
 
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.2018-03-21not yet calculatedCVE-2018-8074
CONFIRM
yxcms -- yxcms
 
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.2018-03-20not yet calculatedCVE-2018-8805
MISC
yxcms -- yxcms
 
protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.2018-03-19not yet calculatedCVE-2018-8761
MISC
yzmcms -- yzmcms
 
Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.2018-03-18not yet calculatedCVE-2018-8756
MISC
MISC
zarafa -- zarafa_collaboration_platform
 
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.2018-03-19not yet calculatedCVE-2014-5450
FEDORA
FEDORA
MLIST
BID
CONFIRM
XF
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.2018-03-24not yet calculatedCVE-2018-8966
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-03-24not yet calculatedCVE-2018-8965
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.2018-03-24not yet calculatedCVE-2018-8967
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-03-24not yet calculatedCVE-2018-8968
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.2018-03-24not yet calculatedCVE-2018-8969
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.