US CERT

Lenovo Releases Security Advisory

3 days 9 hours ago
Original release date: January 19, 2018

Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System (ENOS) firmware. An attacker could exploit this vulnerability to obtain sensitive information.

NCCIC/US-CERT encourages users and administrators to review Lenovo's Security Advisory and the Canadian Cyber Incident Response Centre (CCIRC)'s Lenovo Security Advisory for more information and apply the necessary updates or mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

NCSC Releases Security Advisory

3 days 21 hours ago
Original release date: January 18, 2018

The United Kingdom's National Cyber Security Centre (NCSC) has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats.

NCCIC/US-CERT encourages users and administrators to review the NCSC advisory to access the report and for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

4 days 21 hours ago
Original release date: January 17, 2018 | Last revised: January 18, 2018

Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

ISC Releases Security Advisories for DHCP, BIND

5 days 16 hours ago
Original release date: January 16, 2018

The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

NCCIC/US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01541 and AA-01542 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Oracle Releases January 2018 Security Bulletin

5 days 17 hours ago
Original release date: January 16, 2018

Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review the Oracle January 2018 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB18-015: Vulnerability Summary for the Week of January 8, 2018

1 week ago
Original release date: January 15, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvantech -- webaccessA SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.2018-01-057.5CVE-2017-16716
BID
MISCadvantech -- webaccessA Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.2018-01-057.5CVE-2017-16724
BID
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvantech -- webaccessA Path Traversal issue was discovered in WebAccess versions prior to 8.3. An attacker has access to files within the directory structure of the target device.2018-01-055.0CVE-2017-16720
BID
MISCadvantech -- webaccessAn Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.2018-01-055.0CVE-2017-16728
BID
MISCadvantech -- webaccessAn Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.2018-01-055.0CVE-2017-16753
BID
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- flash
 An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2018-01-09not yet calculatedCVE-2018-4871
BID
SECTRACK
REDHAT
CONFIRMadvantech -- webaccess
 An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.2018-01-11not yet calculatedCVE-2017-16736
MISCadvantech -- webaccess
 A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.2018-01-11not yet calculatedCVE-2017-16732
MISCapache -- activemq
 In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.2018-01-10not yet calculatedCVE-2016-6810
CONFIRM
BID
SECTRACK
MLISTapache -- geode
 When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.2018-01-09not yet calculatedCVE-2017-9796
MLISTapache -- geode
 When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.2018-01-09not yet calculatedCVE-2017-9795
BID
MLISTapache -- geode
 When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.2018-01-09not yet calculatedCVE-2017-12622
MLISTapache -- sling
 The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader2018-01-08not yet calculatedCVE-2012-3353
CONFIRM
MLISTapache -- sling
 A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.2018-01-10not yet calculatedCVE-2017-15717
MLISTartifex_software -- mupdf
 In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.2018-01-13not yet calculatedCVE-2018-5686
MISCaruba_networks -- clearpass_policy_manager
 Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.2018-01-08not yet calculatedCVE-2014-2071
CONFIRMasternic.org -- flash_operator_panel
 The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.2018-01-13not yet calculatedCVE-2018-5694
MISCatlassian -- jira
 The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.2018-01-12not yet calculatedCVE-2017-16864
CONFIRMatlassian -- jira
 The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.2018-01-12not yet calculatedCVE-2017-16862
CONFIRMatlassian -- jira
 The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.2018-01-12not yet calculatedCVE-2017-14594
CONFIRMavantfax -- avantfax
 AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.2018-01-10not yet calculatedCVE-2017-18024
MISCaztech -- adsl_devices
 cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.2018-01-12not yet calculatedCVE-2014-6435
MISC
BIDaztech -- adsl_devices
 Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.2018-01-12not yet calculatedCVE-2014-6436
MISC
BUGTRAQ
BIDaztech -- adsl_devices
 Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.2018-01-12not yet calculatedCVE-2014-6437
MISC
BUGTRAQ
BIDbarcodewiz -- barcode
 Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.2018-01-09not yet calculatedCVE-2018-5221
MISC
MISCcisco -- unified communications_manager
 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.2018-01-11not yet calculatedCVE-2018-0118
BID
CONFIRMcobham -- sea_tel_116_build_222429_satellite_devices
 Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.2018-01-07not yet calculatedCVE-2018-5071
MISCcobham -- sea_tel_121_build_222701_devices
 Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.2018-01-07not yet calculatedCVE-2018-5267
MISCcobham -- sea_tel_121_build_222701_devices
 Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1.2018-01-07not yet calculatedCVE-2018-5266
MISCcommunigate -- communigate_pro
 The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.2018-01-08not yet calculatedCVE-2018-3815
MISCcomsenz_technology -- discuz!_discuzx
 Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.2018-01-12not yet calculatedCVE-2018-5377
MISCcomsenz_technology -- discuz!_discuzx
 Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.2018-01-12not yet calculatedCVE-2018-5375
MISCcomsenz_technology -- discuz!_discuzx
 Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.2018-01-12not yet calculatedCVE-2018-5376
MISCcomsenz_technology -- discuz!_discuzx
 Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.2018-01-10not yet calculatedCVE-2018-5331
MISCcomsenz_technology -- discuz!_discuzx
 Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.2018-01-08not yet calculatedCVE-2018-5259
MISC
MISCcondor5 -- muviko
 Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php.2018-01-12not yet calculatedCVE-2017-17970
MISC
EXPLOIT-DBcups -- cups
 The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.2018-01-12not yet calculatedCVE-2014-8166
MLIST
MLIST
BID
CONFIRMd-link -- dsl-2640u_devices
 diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.2018-01-12not yet calculatedCVE-2018-5371
MISCdotclear -- dotclear
 Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.2018-01-13not yet calculatedCVE-2018-5689
CONFIRM
CONFIRMdotclear -- dotclear
 Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).2018-01-13not yet calculatedCVE-2018-5690
CONFIRM
CONFIRMdragonbyte_technologies -- vbulletin

 Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.2018-01-11not yet calculatedCVE-2012-6668
SECUNIA
CONFIRM
BID
XFdragonbyte_technologies -- vbulletin
 Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.2018-01-11not yet calculatedCVE-2012-6667
SECUNIA
EXPLOIT-DB
BIDdragonbyte_technologies -- vbulletin

 Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.2018-01-11not yet calculatedCVE-2012-6670
SECUNIA
CONFIRM
BID
XFdragonbyte_technologies -- vbulletin
 Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter.2018-01-11not yet calculatedCVE-2012-6682
SECUNIA
CONFIRM
BID
XFdragonbyte_technologies -- vbulletin
 Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters.2018-01-11not yet calculatedCVE-2012-6671
SECUNIA
SECUNIA
CONFIRM
BIDemc -- avamar_server
 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.2018-01-05not yet calculatedCVE-2017-15549
CONFIRM
BID
SECTRACKemc -- avamar_server
 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.2018-01-05not yet calculatedCVE-2017-15550
CONFIRM
BID
SECTRACKemc -- avamar_server
 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.2018-01-05not yet calculatedCVE-2017-15548
CONFIRM
BID
SECTRACKetherpad -- etherpad
 node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.2018-01-12not yet calculatedCVE-2015-2298
MLIST
CONFIRM
CONFIRMfamily_connections -- family_connections_cms
 Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.2018-01-11not yet calculatedCVE-2012-0699
EXPLOIT-DBfasterxml_jackson-databind -- fasterxml_jackson-databind
 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.2018-01-10not yet calculatedCVE-2017-17485
BUGTRAQ
CONFIRM
MISCffmpeg -- ffmpeg
 Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.2018-01-09not yet calculatedCVE-2015-1208
CONFIRM
CONFIRM
CONFIRMfiberhome -- lm53q1_vh519r05c01s38_devices
 The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.2018-01-12not yet calculatedCVE-2017-16886
FULLDISC
EXPLOIT-DBfiberhome -- lm53q1_vh519r05c01s38_devices
 The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.2018-01-12not yet calculatedCVE-2017-16887
FULLDISC
EXPLOIT-DBfiberhome -- lm53q1_vh519r05c01s38_devices
 Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.2018-01-12not yet calculatedCVE-2017-16885
FULLDISC
EXPLOIT-DBfinecms -- finecms
 rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.2018-01-09not yet calculatedCVE-2017-1000429
MISCflatcore-cms -- flatcore-cms
 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.2018-01-09not yet calculatedCVE-2017-1000428
CONFIRMflexense -- disk_pulse_enterprise
 In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.2018-01-10not yet calculatedCVE-2017-15663
MISC
EXPLOIT-DBflexense -- diskboss_enterprise
 In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.2018-01-10not yet calculatedCVE-2017-15665
MISC
EXPLOIT-DBflexense -- diskboss
 A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.2018-01-12not yet calculatedCVE-2018-5262
MISC
EXPLOIT-DBflexense -- sync_breeze_enterprise
 In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.2018-01-10not yet calculatedCVE-2017-15664
MISC
EXPLOIT-DBflexense -- vx_search_enterprise
 In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.2018-01-10not yet calculatedCVE-2017-15662
MISC
EXPLOIT-DBfreeipa -- freeipa
 It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users.2018-01-10not yet calculatedCVE-2017-12169
BID
CONFIRMgeneral_motors_shanghai -- onstar_sos_ios
 An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password.2018-01-09not yet calculatedCVE-2017-12695
BID
MISCgeneral_motors_shanghai -- onstar_sos_ios
 An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory.2018-01-09not yet calculatedCVE-2017-9663
BID
MISCgeneral_motors_shanghai -- onstar_sos_ios
 A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server.2018-01-09not yet calculatedCVE-2017-12697
BID
MISCgespage -- gespage
 Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.2018-01-08not yet calculatedCVE-2017-7997
FULLDISC
MISC
EXPLOIT-DBgespage -- gespage
 Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp.2018-01-08not yet calculatedCVE-2017-7998
FULLDISC
MISCgnome/gcab -- gnome/gcab
 A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.2018-01-11not yet calculatedCVE-2018-5345
MISCgoogle -- androidIn CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345.2018-01-12not yet calculatedCVE-2017-13210
BID
SECTRACK
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.2018-01-12not yet calculatedCVE-2017-13213
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786.2018-01-12not yet calculatedCVE-2017-13188
CONFIRM
CONFIRMgoogle -- androidIn several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067.2018-01-12not yet calculatedCVE-2017-13196
BID
SECTRACK
CONFIRMgoogle -- androidIn ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319.2018-01-12not yet calculatedCVE-2017-13193
BID
SECTRACK
CONFIRMgoogle -- androidIn the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900.2018-01-12not yet calculatedCVE-2017-13214
BID
SECTRACK
CONFIRMgoogle -- android
 In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.2018-01-12not yet calculatedCVE-2017-13209
BID
SECTRACK
CONFIRM
EXPLOIT-DBgoogle -- android
 A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.2018-01-12not yet calculatedCVE-2017-13215
BID
SECTRACK
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.2018-01-12not yet calculatedCVE-2017-13222
CONFIRMgoogle -- android
 In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158.2018-01-12not yet calculatedCVE-2017-13211
BID
SECTRACK
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.2018-01-12not yet calculatedCVE-2017-13212
CONFIRMgoogle -- android
 In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440.2018-01-12not yet calculatedCVE-2017-13208
BID
SECTRACK
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634.2018-01-12not yet calculatedCVE-2017-13203
CONFIRM
CONFIRMgoogle -- android
 In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679.2018-01-12not yet calculatedCVE-2017-13199
BID
SECTRACK
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.2018-01-12not yet calculatedCVE-2017-13204
CONFIRM
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.2018-01-12not yet calculatedCVE-2017-13198
CONFIRM
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.2018-01-10not yet calculatedCVE-2017-14869
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.2018-01-12not yet calculatedCVE-2017-13206
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583.2018-01-12not yet calculatedCVE-2017-13205
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.2018-01-12not yet calculatedCVE-2017-13221
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.2018-01-12not yet calculatedCVE-2017-13207
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.2018-01-12not yet calculatedCVE-2017-13202
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs.2018-01-10not yet calculatedCVE-2017-9712
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition.2018-01-10not yet calculatedCVE-2017-15849
BID
SECTRACK
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers.2018-01-10not yet calculatedCVE-2017-9705
CONFIRMgoogle -- android
 The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.2018-01-12not yet calculatedCVE-2014-7952
MISC
FULLDISC
MISC
BUGTRAQ
BID
MISCgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation.2018-01-10not yet calculatedCVE-2017-15845
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel.2018-01-10not yet calculatedCVE-2017-15847
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.2018-01-10not yet calculatedCVE-2017-15850
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist.2018-01-10not yet calculatedCVE-2017-15848
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption.2018-01-10not yet calculatedCVE-2017-9689
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver.2018-01-10not yet calculatedCVE-2017-14879
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur.2018-01-10not yet calculatedCVE-2017-14873
CONFIRMgoogle -- android
 In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973.2018-01-12not yet calculatedCVE-2017-13197
BID
SECTRACK
CONFIRMgoogle -- android
 A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.2018-01-12not yet calculatedCVE-2017-13219
CONFIRMgoogle -- android
 Access to CNTVCT_EL0 could be used for side channel attacks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68266545.2018-01-12not yet calculatedCVE-2017-13218
BID
SECTRACK
CONFIRMgoogle -- android
 In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.2018-01-12not yet calculatedCVE-2017-13217
BID
SECTRACK
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.2018-01-12not yet calculatedCVE-2017-13200
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.2018-01-12not yet calculatedCVE-2017-13201
CONFIRMgoogle -- android
 In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.2018-01-12not yet calculatedCVE-2017-13225
BID
SECTRACK
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.2018-01-12not yet calculatedCVE-2017-13226
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296.2018-01-10not yet calculatedCVE-2017-11080
CONFIRMgoogle -- android
 In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.2018-01-12not yet calculatedCVE-2017-13216
BID
SECTRACK
CONFIRM
EXPLOIT-DBgoogle -- android
 An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.2018-01-12not yet calculatedCVE-2017-13220
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied.2018-01-10not yet calculatedCVE-2017-11081
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size.2018-01-10not yet calculatedCVE-2017-11003
CONFIRMgoogle -- android
 In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.2018-01-12not yet calculatedCVE-2017-13176
BID
SECTRACK
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed.2018-01-10not yet calculatedCVE-2017-11066
CONFIRMgoogle -- android
 In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281.2018-01-12not yet calculatedCVE-2017-13178
BID
SECTRACK
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.2018-01-10not yet calculatedCVE-2017-11079
CONFIRMgoogle -- android
 In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413.2018-01-12not yet calculatedCVE-2017-13177
BID
SECTRACK
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow.2018-01-10not yet calculatedCVE-2017-11069
BID
SECTRACK
CONFIRMgoogle -- android
 NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.2018-01-12not yet calculatedCVE-2017-0869
BID
SECTRACK
CONFIRMgoogle -- android
 In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857.2018-01-12not yet calculatedCVE-2017-0855
BID
SECTRACK
CONFIRMgoogle -- android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.2018-01-10not yet calculatedCVE-2017-14870
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.2018-01-12not yet calculatedCVE-2017-0846
CONFIRMgoogle -- android
 In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193.2018-01-12not yet calculatedCVE-2017-13179
BID
SECTRACK
CONFIRMgoogle -- android
 In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.2018-01-12not yet calculatedCVE-2017-13195
BID
SECTRACK
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716.2018-01-12not yet calculatedCVE-2017-13186
CONFIRM
CONFIRMgoogle -- android
 In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202.2018-01-12not yet calculatedCVE-2017-13192
BID
SECTRACK
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.2018-01-12not yet calculatedCVE-2017-13187
CONFIRM
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072.2018-01-12not yet calculatedCVE-2017-13189
CONFIRM
CONFIRMgoogle -- android
 In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324.2018-01-12not yet calculatedCVE-2017-13184
BID
SECTRACK
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.2018-01-12not yet calculatedCVE-2017-13190
CONFIRM
CONFIRMgoogle -- android
 In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022.2018-01-12not yet calculatedCVE-2017-13182
BID
SECTRACK
CONFIRMgoogle -- android
 In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232.2018-01-12not yet calculatedCVE-2017-13181
BID
SECTRACK
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.2018-01-12not yet calculatedCVE-2017-13185
CONFIRM
CONFIRMgoogle -- android
 In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127.2018-01-12not yet calculatedCVE-2017-13183
BID
SECTRACK
CONFIRMgoogle -- android
 In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349.2018-01-12not yet calculatedCVE-2017-13180
BID
SECTRACK
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.2018-01-12not yet calculatedCVE-2017-13194
CONFIRM
CONFIRMgoogle -- android
 In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403.2018-01-12not yet calculatedCVE-2017-13191
BID
SECTRACK
CONFIRMgoogle -- chrome
 The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.2018-01-09not yet calculatedCVE-2015-1290
CONFIRM
CONFIRM
SUSE
MISC
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagick
 In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.2018-01-13not yet calculatedCVE-2018-5685
MISC
MISChibernate -- validator
 In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().2018-01-10not yet calculatedCVE-2017-7536
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRMhitron -- hitron_devices
 Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.2018-01-07not yet calculatedCVE-2014-10069
MISC
MISC
MISChuawei -- campus_switches
 Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.2018-01-08not yet calculatedCVE-2014-5394
CONFIRM
BID
XFibm -- curam_social_program_management
 IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.2018-01-11not yet calculatedCVE-2017-1739
CONFIRM
BID
MISCibm -- curam_social_program_management
 IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.2018-01-11not yet calculatedCVE-2017-1740
CONFIRM
BID
MISCibm -- qradar
 IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.2018-01-10not yet calculatedCVE-2016-9722
CONFIRM
MISCibm -- qradar
 IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121.2018-01-10not yet calculatedCVE-2017-1623
CONFIRM
BID
MISCibm -- security_access_manager_appliance
 IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675.2018-01-10not yet calculatedCVE-2017-1533
CONFIRM
BID
SECTRACK
MISCibm -- security_access_manager_appliance
 IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.2018-01-11not yet calculatedCVE-2017-1478
CONFIRM
SECTRACK
MISCibm -- security_access_manager_appliance
 IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.2018-01-10not yet calculatedCVE-2017-1534
CONFIRM
SECTRACK
MISCibm -- security_access_manager_appliance
 IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.2018-01-10not yet calculatedCVE-2017-1459
CONFIRM
SECTRACK
MISCibm -- security_identity_manager_virtual_appliance
 IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695.2018-01-12not yet calculatedCVE-2016-0332
CONFIRM
XFibm -- security_identity_manager_virtual_appliance
 Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.2018-01-12not yet calculatedCVE-2016-0335
CONFIRM
XFibm -- security_identity_manager_virtual_appliance
 IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.2018-01-12not yet calculatedCVE-2016-0324
CONFIRM
XFibm -- security_identity_manager_virtual_appliance
 Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.2018-01-12not yet calculatedCVE-2016-0336
CONFIRM
XFibm -- security_identity_manager_virtual_appliance
 IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643.2018-01-12not yet calculatedCVE-2016-0327
CONFIRM
XFibm -- tivoli_key_lifecycle_managerIBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.2018-01-09not yet calculatedCVE-2017-1671
CONFIRM
BID
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540.2018-01-09not yet calculatedCVE-2017-1666
CONFIRM
BID
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562.2018-01-09not yet calculatedCVE-2017-1668
CONFIRM
BID
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.2018-01-09not yet calculatedCVE-2017-1670
CONFIRM
BID
MISCibm -- urbancode_deploy
 IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691.2018-01-09not yet calculatedCVE-2017-1493
CONFIRM
BID
MISCibm -- websphere_application_server
 IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.2018-01-11not yet calculatedCVE-2017-1681
CONFIRM
MISCibm -- websphere_portal
 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158.2018-01-11not yet calculatedCVE-2018-1361
SECTRACK
MISC
CONFIRMibm -- websphere
 IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.2018-01-09not yet calculatedCVE-2017-1612
CONFIRM
BID
MISCicy_phoenix -- icy_phoenix
 Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.2018-01-13not yet calculatedCVE-2018-5697
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.2018-01-12not yet calculatedCVE-2018-5358
CONFIRMimagemagick -- imagemagick
 ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.2018-01-12not yet calculatedCVE-2018-5357
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.2018-01-12not yet calculatedCVE-2017-18029
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.2018-01-12not yet calculatedCVE-2017-18027
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.2018-01-05not yet calculatedCVE-2018-5248
BID
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.2018-01-05not yet calculatedCVE-2017-18022
BID
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.2018-01-12not yet calculatedCVE-2017-18028
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.2018-01-05not yet calculatedCVE-2018-5246
BID
CONFIRMinnotube -- itguard-manager
 cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter.2018-01-08not yet calculatedCVE-2017-18025
EXPLOIT-DBintel -- driver_and_support_assistance
 SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition.2018-01-09not yet calculatedCVE-2018-3610
CONFIRMirssi -- irssi
 When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.2018-01-06not yet calculatedCVE-2018-5205
CONFIRMirssi -- irssi
 When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.2018-01-06not yet calculatedCVE-2018-5206
CONFIRMirssi -- irssi
 In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.2018-01-06not yet calculatedCVE-2018-5208
CONFIRMirssi -- irssi
 When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.2018-01-06not yet calculatedCVE-2018-5207
CONFIRMixsystems -- freenas
 FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.2018-01-08not yet calculatedCVE-2014-5334
MLIST
BID
CONFIRMjolla -- sailfish_os
 Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.2018-01-12not yet calculatedCVE-2015-3888
MISCjoomla! -- joomla!
 The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.2018-01-08not yet calculatedCVE-2018-5263
CONFIRM
EXPLOIT-DBjoomla! -- joomla!
 The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.2018-01-13not yet calculatedCVE-2018-5696
MISCjungo_connectivity -- windriver
 Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.2018-01-11not yet calculatedCVE-2018-5189
EXPLOIT-DB
MISCjuniper_networks -- junos_os
 A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue.2018-01-10not yet calculatedCVE-2018-0004
CONFIRMjuniper_networks -- junos_os
 An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue.2018-01-10not yet calculatedCVE-2018-0007
CONFIRMjuniper_networks -- junos_os
 An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.2018-01-10not yet calculatedCVE-2018-0008
CONFIRMjuniper_networks -- junos_os
 QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7.2018-01-10not yet calculatedCVE-2018-0005
CONFIRMjuniper_networks -- junos_os
 On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue.2018-01-10not yet calculatedCVE-2018-0002
CONFIRMjuniper_networks -- junos_os
 On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series.2018-01-10not yet calculatedCVE-2018-0009
BID
CONFIRMjuniper_networks -- junos_os
 A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2.2018-01-10not yet calculatedCVE-2018-0006
CONFIRMjuniper_networks -- junos_os
 A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.2018-01-10not yet calculatedCVE-2018-0001
CONFIRMjuniper_networks -- junos_os
 A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3R12 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.2018-01-10not yet calculatedCVE-2018-0003
CONFIRMjuniper_networks -- junos_space_network_management_platform
 A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system.2018-01-10not yet calculatedCVE-2018-0013
CONFIRMjuniper_networks -- junos_space_security_director
 Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.2018-01-10not yet calculatedCVE-2018-0012
CONFIRMjuniper_networks -- junos_space_security_director
 A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.2018-01-10not yet calculatedCVE-2018-0011
CONFIRMjuniper_networks -- junos_space_security_director
 A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.2018-01-10not yet calculatedCVE-2018-0010
CONFIRMjuniper_networks -- screenos
 Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.2018-01-10not yet calculatedCVE-2018-0014
CONFIRMkentico -- kentico
 Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document.2018-01-08not yet calculatedCVE-2018-5282
MISCks_mobile -- cheetah_mobile_armorfly_browser_and_downloader
 Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.2018-01-11not yet calculatedCVE-2018-5327
MISCks_mobile -- cheetah_mobile_cm_browser_app
 Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.2018-01-11not yet calculatedCVE-2018-5326
MISCldaptive -- ldaptive
 DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2018-01-08not yet calculatedCVE-2014-3607
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlenovo -- lenovo
 In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.2018-01-10not yet calculatedCVE-2017-3765
CONFIRMlhaplus --lhaplus
 Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive.2018-01-12not yet calculatedCVE-2017-2158
CONFIRM
JVNlibav -- libav
 In Libav 12.1, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.2018-01-13not yet calculatedCVE-2018-5684
MISClibming -- libming
 In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.2018-01-08not yet calculatedCVE-2018-5294
MISClibtiff -- libtiff
 LibTIFF 4.0.9 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.2018-01-13not yet calculatedCVE-2018-5360
MISClinuxmagic -- magicspam
 The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.2018-01-13not yet calculatedCVE-2018-5693
MISClinux -- linux_kernel
 In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.2018-01-12not yet calculatedCVE-2018-5344
MISC
MISClinux -- linux_kernel
 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.2018-01-11not yet calculatedCVE-2018-5333
CONFIRM
CONFIRMlinux -- linux_kernel
 In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).2018-01-11not yet calculatedCVE-2018-5332
CONFIRM
CONFIRMlinux -- linux_kernel
 A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.2018-01-09not yet calculatedCVE-2017-15129
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISClrzip -- lrzip
 In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.2018-01-12not yet calculatedCVE-2018-5650
MISCmagento -- magento
 Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.2018-01-08not yet calculatedCVE-2018-5301
CONFIRMmalwarebytes -- malwarebytes_premiumIn Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024.2018-01-08not yet calculatedCVE-2018-5274
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020.2018-01-08not yet calculatedCVE-2018-5275
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010.2018-01-08not yet calculatedCVE-2018-5270
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c.2018-01-08not yet calculatedCVE-2018-5278
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014.2018-01-08not yet calculatedCVE-2018-5273
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000.2018-01-08not yet calculatedCVE-2018-5277
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004.2018-01-08not yet calculatedCVE-2018-5272
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c.2018-01-08not yet calculatedCVE-2018-5279
BID
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018.2018-01-08not yet calculatedCVE-2018-5276
MISCmalwarebytes -- malwarebytes_premium
 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008.2018-01-08not yet calculatedCVE-2018-5271
BID
MISCmatrixssl -- matrixssl
 MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.2018-01-09not yet calculatedCVE-2017-1000415
MISC
MISCmicrosoft -- .net_framework_and_.net_coreMicrosoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 and .NET Core 1.0 and 2.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability".2018-01-09not yet calculatedCVE-2018-0786
BID
SECTRACK
CONFIRMmicrosoft -- .net_framework_and_.net_core
 Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.2018-01-09not yet calculatedCVE-2018-0764
BID
SECTRACK
CONFIRMmicrosoft -- asp.net_core
 ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".2018-01-09not yet calculatedCVE-2018-0785
BID
SECTRACK
CONFIRMmicrosoft -- asp.net_core
 ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.2018-01-09not yet calculatedCVE-2018-0784
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".2018-01-09not yet calculatedCVE-2018-0818
BID
CONFIRMmicrosoft -- office_2016_for_mac
 Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."2018-01-09not yet calculatedCVE-2018-0819
BID
SECTRACK
CONFIRMmicrosoft -- officeMicrosoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".2018-01-09not yet calculatedCVE-2018-0795
BID
SECTRACK
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability".2018-01-09not yet calculatedCVE-2018-0812
BID
SECTRACK
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-09not yet calculatedCVE-2018-0804
BID
SECTRACK
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-08072018-01-09not yet calculatedCVE-2018-0805
BID
SECTRACK
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806.2018-01-09not yet calculatedCVE-2018-0807
BID
SECTRACK
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.2018-01-09not yet calculatedCVE-2018-0806
BID
SECTRACK
CONFIRMmicrosoft -- office
 Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".2018-01-09not yet calculatedCVE-2018-0796
BID
SECTRACK
CONFIRMmicrosoft -- office
 Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.2018-01-09not yet calculatedCVE-2018-0792
BID
SECTRACK
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.2018-01-09not yet calculatedCVE-2018-0802
BID
SECTRACK
MISC
MISC
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".2018-01-09not yet calculatedCVE-2018-0798
BID
SECTRACK
CONFIRMmicrosoft -- office
 Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".2018-01-09not yet calculatedCVE-2018-0797
BID
SECTRACK
CONFIRMmicrosoft -- office
 Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.2018-01-09not yet calculatedCVE-2018-0794
BID
SECTRACK
CONFIRMmicrosoft -- office
 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".2018-01-09not yet calculatedCVE-2018-0801
BID
SECTRACK
CONFIRMmicrosoft -- outlook
 Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.2018-01-09not yet calculatedCVE-2018-0791
BID
SECTRACK
CONFIRMmicrosoft -- outlook
 Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.2018-01-09not yet calculatedCVE-2018-0793
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint_enterprise_server
 Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".2018-01-09not yet calculatedCVE-2018-0799
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint_products
 Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790.2018-01-09not yet calculatedCVE-2018-0789
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint_products
 Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789.2018-01-09not yet calculatedCVE-2018-0790
BID
SECTRACK
CONFIRMmilum -- office_tracker
 Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.2018-01-10not yet calculatedCVE-2017-18023
MISCmono -- mono
 The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.2018-01-08not yet calculatedCVE-2015-2319
CONFIRM
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
MISC
DEBIANmono -- mono
 The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.2018-01-08not yet calculatedCVE-2015-2320
CONFIRM
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
DEBIANmono -- mono
 The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.2018-01-08not yet calculatedCVE-2015-2318
CONFIRM
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
MISC
DEBIANmoxa -- moxa
 An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.2018-01-12not yet calculatedCVE-2017-14030
BID
MISCnewsbee_cms -- newsbee_cms
 NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.2018-01-13not yet calculatedCVE-2018-5687
MISCnewsbee_cms -- newsbee_cms
 SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.2018-01-08not yet calculatedCVE-2017-5971
EXPLOIT-DBnovosoft -- handy_password
 A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.2018-01-10not yet calculatedCVE-2017-17946
MISC
MISCnumpy -- numpy
 __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.2018-01-08not yet calculatedCVE-2014-1858
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
XF
CONFIRM
CONFIRM
CONFIRMnumpy -- numpy
 (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.2018-01-08not yet calculatedCVE-2014-1859
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
XF
CONFIRM
CONFIRM
CONFIRMopencv -- opencv
 In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.2018-01-08not yet calculatedCVE-2018-5269
MISCopencv -- opencv
 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.2018-01-08not yet calculatedCVE-2018-5268
MISCpalo_alto_networks -- pan-os
 Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration.2018-01-10not yet calculatedCVE-2017-16878
SECTRACK
CONFIRMpalo_alto_networks -- pan-os
 Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.2018-01-10not yet calculatedCVE-2017-17841
BID
SECTRACK
CONFIRMpalo_alto_networks -- pan-os
 Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-01-10not yet calculatedCVE-2017-15941
BID
SECTRACK
CONFIRMparity -- parity_browser
 Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).2018-01-11not yet calculatedCVE-2017-18016
MLIST
CONFIRM
MISC
EXPLOIT-DBperl -- perl
 clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.2018-01-08not yet calculatedCVE-2014-5509
MLIST
BID
CONFIRM
MISCphoenix_contact -- fl_switchAn Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.2018-01-12not yet calculatedCVE-2017-16743
MISCphoenix_contact -- fl_switch
 An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.2018-01-12not yet calculatedCVE-2017-16741
MISCphpmelody -- phpmelody
 PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.2018-01-09not yet calculatedCVE-2018-5211
EXPLOIT-DBpiwigo -- piwigo
 Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.2018-01-13not yet calculatedCVE-2018-5692
MISCpodofo -- podofo
 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.2018-01-08not yet calculatedCVE-2018-5296
MISCpodofo -- podofo
 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.2018-01-09not yet calculatedCVE-2018-5309
MISCpodofo -- podofo
 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.2018-01-09not yet calculatedCVE-2018-5308
MISCpodofo -- podofo
 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.2018-01-08not yet calculatedCVE-2018-5295
MISCprestashop -- prestashop
 PrestaShop 1.7.2.4 allow user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.2018-01-13not yet calculatedCVE-2018-5682
MISCprestashop -- prestashop
 PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.2018-01-13not yet calculatedCVE-2018-5681
MISCproctor_and_gamble -- oral-b_app
 In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.2018-01-08not yet calculatedCVE-2018-5298
MISCprogress_software -- sitefinity
 Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.2018-01-08not yet calculatedCVE-2017-15883
CONFIRM
MISCqemu -- qemu
 Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.2018-01-12not yet calculatedCVE-2014-3471
GENTOO
MLIST
BID
CONFIRM
MLISTqemu -- qemu
 VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.2018-01-09not yet calculatedCVE-2017-15124
CONFIRMred_hat -- cloudforums_management_engine
 The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.2018-01-11not yet calculatedCVE-2014-0087
CONFIRM
MISCred_hat -- enterprise_linux
 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.2018-01-09not yet calculatedCVE-2017-15131
CONFIRMred_hat -- jboss_enterprise_application_platform
 It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.2018-01-10not yet calculatedCVE-2017-12189
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRMred_hat -- openshift_enterprise
 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.2018-01-08not yet calculatedCVE-2013-4364
CONFIRMredmine -- redmine
 Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.2018-01-10not yet calculatedCVE-2017-18026
MISC
MISC
MISC
MISC
MISCrockwell_automation_allen-bradley -- micrologix_1400_controllers
 A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.2018-01-09not yet calculatedCVE-2017-16740
BID
MISCruby -- ruby
 test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-4998
MLIST
MLIST
MISCruby -- ruby
 Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.2018-01-10not yet calculatedCVE-2014-4995
MLIST
MLIST
BID
MISC
XFruby -- ruby
 lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.2018-01-10not yet calculatedCVE-2014-4996
MLIST
MLIST
BID
MISC
XFruby -- ruby
 (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-4993
MLIST
MLIST
MLIST
MISC
MISCruby -- ruby
 lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-4997
MLIST
MLIST
BID
MISCruby -- ruby
 lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.2018-01-10not yet calculatedCVE-2014-4994
MLIST
MLIST
MISCruby -- ruby
 lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-4992
MLIST
MLIST
MISCruby -- ruby
 chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.2018-01-10not yet calculatedCVE-2014-5003
MLIST
MLIST
MISCruby -- ruby
 (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-4991
MLIST
MLIST
BID
MISCruby -- ruby
 The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-5000
MLIST
MLIST
MISCruby -- ruby
 The lynx gem 0.2.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.2018-01-10not yet calculatedCVE-2014-5002
MLIST
MLIST
MISCruby -- ruby
 lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.2018-01-10not yet calculatedCVE-2014-5001
MLIST
MLIST
MISCruby -- ruby
 lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-5004
MLIST
MLIST
BID
MISCruby -- ruby
 vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.2018-01-10not yet calculatedCVE-2014-4999
MLIST
MLIST
MISCsap -- hana
 A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.2018-01-09not yet calculatedCVE-2018-2362
BID
CONFIRM
CONFIRMsap -- netweaver_and_basis
 SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.2018-01-09not yet calculatedCVE-2018-2363
BID
CONFIRM
CONFIRM
CONFIRMsap -- solution_manager
 In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.2018-01-09not yet calculatedCVE-2018-2361
BID
CONFIRM
CONFIRMsap -- startup_service
 SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.2018-01-09not yet calculatedCVE-2018-2360
BID
CONFIRM
CONFIRMseagate -- personal_cloud
 Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.2018-01-11not yet calculatedCVE-2018-5347
MISCshibboleth -- shibboleth
 Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.2018-01-13not yet calculatedCVE-2018-0486
MISC
MISCskybox_security -- skybox_platform
 An issue was discovered in Skybox Platform before 7.5.401. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element.2018-01-12not yet calculatedCVE-2015-9249
MISCskybox_security -- skybox_platform
 An issue was discovered in Skybox Platform before 7.5.401. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.2018-01-12not yet calculatedCVE-2015-9250
MISCskybox_security -- skybox_platform
 An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html.2018-01-12not yet calculatedCVE-2015-9247
MISCskybox_security -- skybox_platform
 An issue was discovered in Skybox Platform before 7.5.401. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost.2018-01-12not yet calculatedCVE-2015-9246
MISCskybox_security -- skybox_platform
 An issue was discovered in Skybox Platform before 7.5.401. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager.2018-01-12not yet calculatedCVE-2015-9248
MISCsonicwall -- sonicos
 SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.2018-01-08not yet calculatedCVE-2018-5280
BID
MISCsonicwall -- sonicos
 SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.2018-01-08not yet calculatedCVE-2018-5281
BID
MISCsonicwall -- global_management_system
 SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.2018-01-13not yet calculatedCVE-2018-5691
MISC
MISCsophos -- xg_firewall
 An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.2018-01-12not yet calculatedCVE-2017-18014
FULLDISC
MISC
CONFIRM
CONFIRMsulu-standard -- sulu-standard
 Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code.2018-01-09not yet calculatedCVE-2017-1000465
CONFIRMsymantec -- advanced_security_gateway
 The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.2018-01-09not yet calculatedCVE-2016-10257
BID
SECTRACK
CONFIRMsymantec -- proxysg
 The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.2018-01-09not yet calculatedCVE-2016-10256
BID
SECTRACK
CONFIRMsymmetricom -- s350i
 SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.2018-01-08not yet calculatedCVE-2014-5071
MISCsymmetricom -- s350i
 Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.2018-01-11not yet calculatedCVE-2014-5068
MISCsymmetricom -- s350i
 Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.2018-01-08not yet calculatedCVE-2014-5069
MISCsymmetricom -- s350i
 Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.2018-01-11not yet calculatedCVE-2014-5070
MISCteamspeak -- clientBuffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags.2018-01-08not yet calculatedCVE-2014-7222
MISC
MISC
MISC
BID
XFteamspeak -- client
 TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings.2018-01-08not yet calculatedCVE-2014-7221
MISC
MISC
BID
XF
MISCtp-link -- multiple_devicesTP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.2018-01-11not yet calculatedCVE-2017-15636
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.2018-01-11not yet calculatedCVE-2017-15613
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15614
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15631
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15630
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.2018-01-11not yet calculatedCVE-2017-15635
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.2018-01-11not yet calculatedCVE-2017-15632
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15627
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.2018-01-11not yet calculatedCVE-2017-15628
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.2018-01-11not yet calculatedCVE-2017-15634
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.2018-01-11not yet calculatedCVE-2017-15633
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.2018-01-11not yet calculatedCVE-2017-15637
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15629
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15625
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.2018-01-11not yet calculatedCVE-2017-15616
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.2018-01-11not yet calculatedCVE-2017-15620
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15618
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.2018-01-11not yet calculatedCVE-2017-15617
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15619
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.2018-01-11not yet calculatedCVE-2017-15626
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.2018-01-11not yet calculatedCVE-2017-15624
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15615
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.2018-01-11not yet calculatedCVE-2017-15622
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.2018-01-11not yet calculatedCVE-2017-15623
BUGTRAQ
MISCtp-link -- multiple_devices
 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.2018-01-11not yet calculatedCVE-2017-15621
BUGTRAQ
MISCundertow -- undertow
 In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.2018-01-10not yet calculatedCVE-2017-7559
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRMvmware -- v4_desktop_agents
 The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.2018-01-05not yet calculatedCVE-2017-4946
BID
SECTRACK
CONFIRMvmware -- workstation_and_fusion
 VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.2018-01-11not yet calculatedCVE-2017-4949
BID
SECTRACK
CONFIRMvmware -- workstation_and_fusion
 VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.2018-01-11not yet calculatedCVE-2017-4950
BID
SECTRACK
CONFIRMvmware -- workstation
 VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2018-01-05not yet calculatedCVE-2017-4948
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRMvmware -- workstation
 VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.2018-01-05not yet calculatedCVE-2017-4945
BID
SECTRACK
SECTRACK
CONFIRMwebsitebaker -- websitebaker
 Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.2018-01-10not yet calculatedCVE-2017-16514
MISCwecon_technology -- levi_studio_hmi_editor
 An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.2018-01-12not yet calculatedCVE-2017-16737
BID
MISCwecon_technology -- levi_studio_hmi_editor
 An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.2018-01-12not yet calculatedCVE-2017-16739
BID
MISCwhale -- whale
 The Installer in Whale allows DLL hijacking.2018-01-07not yet calculatedCVE-2017-15913
CONFIRMwireshark -- wireshark
 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.2018-01-11not yet calculatedCVE-2018-5335
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.2018-01-11not yet calculatedCVE-2018-5334
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.2018-01-11not yet calculatedCVE-2018-5336
CONFIRM
CONFIRM
CONFIRM
CONFIRMwizardmac -- wizardmac
 libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.2018-01-13not yet calculatedCVE-2018-5698
CONFIRMwordpress -- wordpressAn issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.2018-01-12not yet calculatedCVE-2018-5653
MISCwordpress -- wordpressThe WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.2018-01-12not yet calculatedCVE-2018-5364
MISC
MISCwordpress -- wordpressAn issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.2018-01-12not yet calculatedCVE-2018-5652
MISCwordpress -- wordpressThe WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.2018-01-12not yet calculatedCVE-2018-5367
MISC
MISCwordpress -- wordpressAn issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.2018-01-12not yet calculatedCVE-2018-5655
MISCwordpress -- wordpressAn issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter.2018-01-12not yet calculatedCVE-2018-5668
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter.2018-01-12not yet calculatedCVE-2018-5664
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter.2018-01-12not yet calculatedCVE-2018-5663
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.2018-01-12not yet calculatedCVE-2018-5658
MISCwordpress -- wordpress
 The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.2018-01-12not yet calculatedCVE-2016-10706
MISC
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter.2018-01-12not yet calculatedCVE-2018-5659
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter.2018-01-12not yet calculatedCVE-2018-5665
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter.2018-01-12not yet calculatedCVE-2018-5660
MISCwordpress -- wordpress
 The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.2018-01-13not yet calculatedCVE-2018-5695
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter.2018-01-12not yet calculatedCVE-2018-5661
MISCwordpress -- wordpress
 An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.2018-01-12not yet calculatedCVE-2018-5672
MISCwordpress -- wordpress
 The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.2018-01-08not yet calculatedCVE-2018-5283
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.2018-01-08not yet calculatedCVE-2018-5288
MISC
MISC
MISCwordpress -- wordpress
 An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.2018-01-12not yet calculatedCVE-2018-5670
MISCwordpress -- wordpress
 An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.2018-01-12not yet calculatedCVE-2018-5673
MISCwordpress -- wordpress
 An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter.2018-01-12not yet calculatedCVE-2018-5667
MISCwordpress -- wordpress
 An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.2018-01-12not yet calculatedCVE-2018-5669
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title parameter.2018-01-12not yet calculatedCVE-2018-5662
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter.2018-01-12not yet calculatedCVE-2018-5657
MISCwordpress -- wordpress
 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter.2018-01-12not yet calculatedCVE-2018-5666
MISCwordpress -- wordpress
 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.2018-01-12not yet calculatedCVE-2018-5654
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.2018-01-08not yet calculatedCVE-2018-5289
MISC
MISC
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.2018-01-08not yet calculatedCVE-2018-5290
MISC
MISC
MISCwordpress -- wordpress
 An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.2018-01-12not yet calculatedCVE-2018-5671
MISCwordpress -- wordpress
 The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.2018-01-12not yet calculatedCVE-2016-10705
MISC
MISCwordpress -- wordpress
 The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.2018-01-09not yet calculatedCVE-2018-5311
MISC
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.2018-01-08not yet calculatedCVE-2018-5286
MISC
MISC
MISCwordpress -- wordpress
 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.2018-01-12not yet calculatedCVE-2018-5656
MISCwordpress -- wordpress
 The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.2018-01-12not yet calculatedCVE-2018-5362
MISC
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.2018-01-08not yet calculatedCVE-2018-5287
MISC
MISC
MISCwordpress -- wordpress
 The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.2018-01-09not yet calculatedCVE-2018-5312
MISC
MISCwordpress -- wordpress
 The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.2018-01-12not yet calculatedCVE-2018-5315
MISC
EXPLOIT-DBwordpress -- wordpress
 In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.2018-01-09not yet calculatedCVE-2018-5310
MISC
MISC
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.2018-01-08not yet calculatedCVE-2018-5293
MISC
MISC
MISCwordpress -- wordpress
 The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.2018-01-12not yet calculatedCVE-2018-5363
MISC
MISCwordpress -- wordpress
 The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.2018-01-12not yet calculatedCVE-2018-5365
MISC
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.2018-01-08not yet calculatedCVE-2018-5292
MISC
MISC
MISCwordpress -- wordpress
 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.2018-01-08not yet calculatedCVE-2018-5291
MISC
MISC
MISCwordpress -- wordpress
 The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.2018-01-12not yet calculatedCVE-2018-5366
MISC
MISCwordpress -- wordpress
 The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.2018-01-08not yet calculatedCVE-2018-5285
MISC
MISC
MISCwordpress -- wordpress
 The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.2018-01-08not yet calculatedCVE-2018-5284
MISC
MISC
MISCwordpress -- wordpress
 The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.2018-01-09not yet calculatedCVE-2018-5316
MISC
MISC
MISCwordpress -- wordpress
 An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.2018-01-12not yet calculatedCVE-2018-5651
MISCwordpress -- wordpress
 The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).2018-01-12not yet calculatedCVE-2018-5374
MISCwordpress -- wordpress
 The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).2018-01-12not yet calculatedCVE-2018-5373
MISCwordpress -- wordpress
 The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.2018-01-12not yet calculatedCVE-2018-5369
MISC
MISCwordpress -- wordpress
 The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.2018-01-12not yet calculatedCVE-2018-5368
MISC
MISCwordpress -- wordpress
 The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).2018-01-12not yet calculatedCVE-2018-5372
MISCwordpress -- wordpress
 The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.2018-01-12not yet calculatedCVE-2018-5361
MISC
MISCxen -- xen
 In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.2018-01-05not yet calculatedCVE-2018-5244
BID
CONFIRMxplico -- xplico
 Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.2018-01-05not yet calculatedCVE-2017-16666
CONFIRM
MISC
MISC
MISC
EXPLOIT-DB
CONFIRMyawcam -- yawcam
 Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a "GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts." request.2018-01-10not yet calculatedCVE-2017-17662
MISC
CONFIRMyodobashi_camera -- yodobashi_app_for_android
 The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2018-01-12not yet calculatedCVE-2015-2981
JVN
JVNDB
BID wordpress -- wordpress
 Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms.2018-01-08not yet calculatedCVE-2014-4972
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates for Workstation, Fusion

1 week 3 days ago
Original release date: January 11, 2018

VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0005 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Juniper Networks Releases Security Updates

1 week 3 days ago
Original release date: January 11, 2018

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisories and apply necessary updates:

  • ScreenOS: Etherleak vulnerability found on ScreenOS device (CVE-2018-0014)
  • Junos Space Security Director and Log Collector: Multiple vulnerabilities resolved in 17.2R1 release
  • CTPView: Multiple Linux kernel vulnerabilities
  • Junos Space: Multiple vulnerabilities resolved in 17.2R1 release
  • Junos OS: OpenSSH Memory exhaustion due to unregistered KEXINIT handler (CVE-2016-8858)
  • SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009)
  • Junos: commit script may allow unauthenticated root login upon reboot (CVE-2018-0008)
  • Junos: bbe-smgd process denial of service while processing VLAN authentication requests/rejects (CVE-2018-0006)
  • Junos OS: MAC move limit configured to drop traffic may forward traffic. (CVE-2018-0005)
  • Junos OS: Kernel Denial of Service Vulnerability (CVE-2018-0004)
  • Junos OS: A crafted MPLS packet may lead to a kernel crash (CVE-2018-0003)
  • Junos OS: Malicious LLDP crafted packet leads to privilege escalation, denial of service. (CVE-2018-0007)
  • Junos OS: MX series, SRX series: Denial of service vulnerability in Flowd on devices with ALG enabled. (CVE-2018-0002)
  • Junos: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001) Junos: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001)

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates

1 week 4 days ago
Original release date: January 10, 2018

VMware has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0004 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases January 2018 Security Updates

1 week 5 days ago
Original release date: January 09, 2018

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's January 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Adobe Releases Security Updates for Flash Player

1 week 5 days ago
Original release date: January 09, 2018

Adobe has released security updates to address a vulnerability in Flash Player. A remote attacker could exploit this vulnerability to obtain sensitive information.                 

NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-01 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

MS-ISAC Releases Advisory on PHP Vulnerabilities

1 week 5 days ago
Original release date: January 09, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review MS-ISAC Advisory 2018-003 and the PHP Downloads page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Apple Releases Multiple Security Updates

1 week 6 days ago
Original release date: January 08, 2018

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB18-008: Vulnerability Summary for the Week of January 1, 2018

2 weeks ago
Original release date: January 08, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoarm -- cortex-aSystems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.2018-01-044.7CVE-2017-5715
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CERT-VN
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CISCO
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRMarm -- cortex-aSystems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.2018-01-044.7CVE-2017-5754
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CERT-VN
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
DEBIAN
CONFIRM
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvantech -- webaccess
 A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.2018-01-05not yet calculatedCVE-2017-16716
MISCadvantech -- webaccess
 An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.2018-01-05not yet calculatedCVE-2017-16753
MISCadvantech -- webaccess
 An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.2018-01-05not yet calculatedCVE-2017-16728
MISCadvantech -- webaccess
 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.2018-01-05not yet calculatedCVE-2017-16724
MISCadvantech -- webaccess
 A Path Traversal issue was discovered in WebAccess versions prior to 8.3. An attacker has access to files within the directory structure of the target device.2018-01-05not yet calculatedCVE-2017-16720
MISCandroidsvg_androidsvg
 AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution2018-01-03not yet calculatedCVE-2017-1000498
CONFIRMapache -- deltaspike-jsf
 The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.2018-01-04not yet calculatedCVE-2017-17837
CONFIRM
CONFIRMapache -- ofbiz
 The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.2018-01-04not yet calculatedCVE-2017-15714
MLISTawstats -- awstats
 Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.2018-01-03not yet calculatedCVE-2017-1000501
MISC
CONFIRM
CONFIRMb2evolution -- b2evolution
 b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.2018-01-02not yet calculatedCVE-2017-1000423
CONFIRM
CONFIRMba_systems -- bas_web
 BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account.2017-12-29not yet calculatedCVE-2017-17974
MISC
MISCbento4 -- bento4
 The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.2018-01-05not yet calculatedCVE-2018-5253
MISCbookstack -- bookstack
 BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.2018-01-03not yet calculatedCVE-2017-1000462
MISCbrave_software -- brave_browser
 Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).2018-01-03not yet calculatedCVE-2017-1000461
MISCbro -- bro
 Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.2018-01-02not yet calculatedCVE-2017-1000458
MISC
MISCcisco -- node-jose_open_source_library
 A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.2018-01-04not yet calculatedCVE-2018-0114
CONFIRM
CONFIRMcisco -- webex_network_recording_player_for_advanced_recording_format
 A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.2018-01-04not yet calculatedCVE-2018-0103
BID
CONFIRMcisco -- webex_network_recording_player_for_advanced_recording_format
 A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.2018-01-04not yet calculatedCVE-2018-0104
BID
CONFIRMcms_made_simple -- cms_made_simple
 CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.12018-01-02not yet calculatedCVE-2017-1000454
MISCcms_made_simple -- cms_made_simple
 CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.2018-01-02not yet calculatedCVE-2017-1000453
MISCcobbler -- cobbler
 Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.2018-01-03not yet calculatedCVE-2017-1000469
CONFIRMcommsy -- commsy
 Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.2018-01-03not yet calculatedCVE-2017-1000496
CONFIRMcraft -- craft_cms
 Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.2018-01-01not yet calculatedCVE-2018-3814
MISC

creolabs -- gravity


 Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.2018-01-02not yet calculatedCVE-2017-1000437
MISCdell -- dell_emc
 In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.2018-01-04not yet calculatedCVE-2017-14383
CONFIRMdolibarr -- dolibarr_erp/crm
 The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.2017-12-29not yet calculatedCVE-2017-17971
MISCdozer -- dozer
 Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.2017-12-29not yet calculatedCVE-2014-9515
CONFIRM
MISC
MISCduolingo -- tinycards
 The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.2018-01-05not yet calculatedCVE-2017-16905
MISC
MISCelabftw -- elabftw
 ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.2018-01-03not yet calculatedCVE-2017-1000478
MISCeleix -- openhacker
 Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution2018-01-02not yet calculatedCVE-2017-1000444
CONFIRM
CONFIRMeleix -- openhacker
 Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.2018-01-02not yet calculatedCVE-2017-1000443
CONFIRM
CONFIRMembedthis -- goahead
 EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.2018-01-03not yet calculatedCVE-2017-1000470
MISC
MISCembedthis -- goahead
 EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.2018-01-03not yet calculatedCVE-2017-1000471
MISC
MISCemc -- multiple_products
 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.2018-01-05not yet calculatedCVE-2017-15550
CONFIRMemc -- multiple_products
 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.2018-01-05not yet calculatedCVE-2017-15549
CONFIRMemc -- multiple_products
 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.2018-01-05not yet calculatedCVE-2017-15548
CONFIRMexiv2 -- exiv2
 Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.2017-12-31not yet calculatedCVE-2017-18005
CONFIRMexiv2 -- exiv2
 The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.2018-01-03not yet calculatedCVE-2018-4868
MISCextensis – portfolio_netpublish
 netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.2017-12-31not yet calculatedCVE-2017-18006
MISCez_systems -- ez_publish
 eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.2018-01-02not yet calculatedCVE-2017-1000431
CONFIRMflir -- brickstream_2300_devices
 getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.2018-01-01not yet calculatedCVE-2018-3813
MISCfork -- fork_cms
 Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.2018-01-04not yet calculatedCVE-2018-5215
MISCfreedesktop.org -- libpopplerg
 freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.2018-01-02not yet calculatedCVE-2017-1000456
MISCfs-git -- fs-git
 fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.2018-01-02not yet calculatedCVE-2017-1000451
MISCgifsicle -- gifview
 Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution2018-01-02not yet calculatedCVE-2017-1000421
CONFIRMgithub -- electron
 Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.2018-01-02not yet calculatedCVE-2017-1000424
CONFIRM
CONFIRMgitlab -- gitlab
 The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.2018-01-05not yet calculatedCVE-2014-8540
MLIST
BID
CONFIRM
XF
CONFIRMgnome -- gdk-pixbuf
 Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution2018-01-02not yet calculatedCVE-2017-1000422
CONFIRMgnu -- gnu_coreutils
 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.2018-01-03not yet calculatedCVE-2017-18018
MISCgps-server.net -- gps-server.net
 gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.2018-01-02not yet calculatedCVE-2017-17097
MISC
MISCgps-server.net -- gps-server.net
 The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.2018-01-02not yet calculatedCVE-2017-17098
MISC
MISCguixsd -- guixsd
 GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.2018-01-02not yet calculatedCVE-2017-1000455
MISChawt.io -- hawt.ioCross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."2017-12-29not yet calculatedCVE-2014-0120
CONFIRM
CONFIRM
MISChawt.io -- hawt.io
 The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.2017-12-29not yet calculatedCVE-2014-0121
CONFIRM
CONFIRM
MISChoermann -- bisecur_devices
 On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices.2017-12-29not yet calculatedCVE-2017-17910
MISC
MISCibm -- mq_managed_file_transfer_agent
 IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.2018-01-04not yet calculatedCVE-2017-1699
CONFIRM
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.2018-01-04not yet calculatedCVE-2017-1664
CONFIRM
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.2018-01-04not yet calculatedCVE-2017-1669
CONFIRM
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640.2018-01-04not yet calculatedCVE-2017-1673
CONFIRM
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.2018-01-04not yet calculatedCVE-2017-1672
CONFIRM
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.2018-01-04not yet calculatedCVE-2017-1665
CONFIRM
MISCibm -- tivoli_key_lifecycle_manager
 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.2018-01-04not yet calculatedCVE-2017-1727
CONFIRM
MISCibm -- websphere_mq
 IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.2018-01-02not yet calculatedCVE-2017-1557
CONFIRM
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service2018-01-02not yet calculatedCVE-2017-1000445
BID
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.2018-01-05not yet calculatedCVE-2018-5248
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.2018-01-05not yet calculatedCVE-2018-5247
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.2018-01-01not yet calculatedCVE-2017-18008
BID
CONFIRMimagemagick -- imagemagick
 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.2018-01-03not yet calculatedCVE-2017-1000476
MISCimagemagick -- imagemagick
 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.2018-01-05not yet calculatedCVE-2017-18022
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.2018-01-05not yet calculatedCVE-2018-5246
CONFIRMimageworsener -- imageworsener
 libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.2018-01-05not yet calculatedCVE-2018-5252
MISCinteno -- iopsys
 Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.2018-01-04not yet calculatedCVE-2017-17867
MISC
MISC
EXPLOIT-DB

invoice_ninja -- invoice_ninja


 Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.2018-01-02not yet calculatedCVE-2017-1000466
CONFIRMjboss -- keycloak
 JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.2017-12-29not yet calculatedCVE-2014-3651
CONFIRM
CONFIRMk7_computing -- k7_antivirus
 In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.2018-01-04not yet calculatedCVE-2018-5217
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.2018-01-03not yet calculatedCVE-2018-5087
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.2018-01-03not yet calculatedCVE-2018-5084
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.2018-01-03not yet calculatedCVE-2018-5083
MISCk7_computing -- k7_antivirus
 In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.2018-01-04not yet calculatedCVE-2018-5220
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.2018-01-03not yet calculatedCVE-2018-5086
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.2018-01-03not yet calculatedCVE-2018-5081
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.2018-01-03not yet calculatedCVE-2018-5079
MISCk7_computing -- k7_antivirus
 In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.2018-01-04not yet calculatedCVE-2018-5218
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.2018-01-03not yet calculatedCVE-2018-5080
MISCk7_computing -- k7_antivirus
 In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.2018-01-04not yet calculatedCVE-2018-5219
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.2018-01-03not yet calculatedCVE-2018-5088
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.2018-01-03not yet calculatedCVE-2018-5085
MISCk7_computing -- k7_antivirus
 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.2018-01-03not yet calculatedCVE-2018-5082
MISC

k7_computing -- k7_total_security


 In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.2018-01-03not yet calculatedCVE-2017-18019
MISCkeycloak -- keycloak
 Keycloak SSO versions prior to 2.x are vulnerable to Host Header Injection on the forgot password page causing the application to send a poisoned URL as the password reset link.2018-01-03not yet calculatedCVE-2017-1000500
CONFIRMlavalite -- lavalite
 LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.2018-01-03not yet calculatedCVE-2017-1000467
CONFIRMleafpub -- leafpub
 Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.2018-01-02not yet calculatedCVE-2017-1000463
MISCleanote -- leanote
 Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration2018-01-02not yet calculatedCVE-2017-1000492
CONFIRM
CONFIRMleanote -- leanote
 Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes2018-01-02not yet calculatedCVE-2017-1000459
MISClibav_ffmpeg_chromium -- libav_ffmpeg_chromium
 In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.2018-01-03not yet calculatedCVE-2017-1000460
MISC
MISC
MISClibming -- libming
 In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.2018-01-05not yet calculatedCVE-2018-5251
MISClibtiff -- libtiff
 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.2018-01-01not yet calculatedCVE-2017-18013
CONFIRM
BID
CONFIRMlibtiff -- libtiff
 In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.2017-12-29not yet calculatedCVE-2017-17973
MISC
BIDliferay -- portal_ce
 Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.2018-01-02not yet calculatedCVE-2017-1000425
MISC
MISClinaro -- op-tee
 Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.2018-01-02not yet calculatedCVE-2017-1000412
CONFIRM
CONFIRM
CONFIRMlinaro -- op-tee
 Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.2018-01-02not yet calculatedCVE-2017-1000413
CONFIRM
CONFIRM
CONFIRMlinux -- dash
 Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.2018-01-03not yet calculatedCVE-2017-1000473
MISClinux -- linux_kernel
 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.2018-01-03not yet calculatedCVE-2017-18017
MISC
MISC
BID
MISC
MISC
MISC
MISClinux -- linux_kernel
 Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.2017-12-29not yet calculatedCVE-2017-17975
MISC
BIDlinux -- linux_kernel
 The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.2017-12-29not yet calculatedCVE-2016-3695
BID
CONFIRM
CONFIRMmagento -- community_edition_and_enterprise_editionMagento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.2017-12-30not yet calculatedCVE-2016-10704
CONFIRMmanageengine -- desktop_central_and_desktop_central_msp
 The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.2018-01-04not yet calculatedCVE-2014-7862
MISC
FULLDISC
BUGTRAQ
BID
XF
MISC
CONFIRM
MISCmapproxy -- mapproxy
 MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.2018-01-02not yet calculatedCVE-2017-1000426
CONFIRMmarked -- marked
 marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.2018-01-02not yet calculatedCVE-2017-1000427
MISCmautic -- mautic
 Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.2018-01-03not yet calculatedCVE-2017-1000488
MISCmautic -- mautic
 Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address2018-01-03not yet calculatedCVE-2017-1000489
CONFIRMmautic -- mautic
 Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.2018-01-03not yet calculatedCVE-2017-1000490
CONFIRMmediawiki -- mediawiki 
 The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.2017-12-29not yet calculatedCVE-2015-8008
FEDORA
FEDORA
FEDORA
MLIST
BID
SECTRACK
CONFIRM
MLIST
CONFIRMmicrosoft -- edge

 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0770
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.2018-01-04not yet calculatedCVE-2018-0767
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0773
BID
SECTRACK
CONFIRMmicrosoft -- edge

 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0769
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0777
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0803
BID
SECTRACK
CONFIRMmicrosoft -- edge

 Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0768
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0774
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0776
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.2018-01-04not yet calculatedCVE-2018-0800
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0778
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".2018-01-04not yet calculatedCVE-2018-0766
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778.2018-01-04not yet calculatedCVE-2018-0781
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.2018-01-04not yet calculatedCVE-2018-0780
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0758
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0775
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0762
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.2018-01-04not yet calculatedCVE-2018-0772
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- windowsThe Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".2018-01-04not yet calculatedCVE-2018-0754
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0788
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0749
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability".2018-01-04not yet calculatedCVE-2018-0753
BID
SECTRACK
CONFIRMmicrosoft -- windows_10_and_windows_serverWindows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0743
BID
SECTRACK
CONFIRM
MISCmicrosoft -- windows_7_and_windows_server_2008The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".2018-01-04not yet calculatedCVE-2018-0741
BID
SECTRACK
CONFIRMmicrosoft -- windows_7_and_windows_server_2008The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0750
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernelThe Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.2018-01-04not yet calculatedCVE-2018-0752
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.2018-01-04not yet calculatedCVE-2018-0745
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747.2018-01-04not yet calculatedCVE-2018-0746
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746.2018-01-04not yet calculatedCVE-2018-0747
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752.2018-01-04not yet calculatedCVE-2018-0751
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0748
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".2018-01-04not yet calculatedCVE-2018-0744
BID
SECTRACK
CONFIRMminiupnpd -- miniupnpd
 Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact2018-01-03not yet calculatedCVE-2017-1000494
CONFIRM
CONFIRMmojoportal -- mojoportal
 Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role.2018-01-02not yet calculatedCVE-2017-1000457
MISC
MISCmultiple_vendors -- systems_with_microprocessors_utilizing_speculative_execution_and_branch_prediction
 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.2018-01-04not yet calculatedCVE-2017-5753
SUSE
SUSE
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CERT-VN
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CISCO
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRMnetcf -- netcfThe find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.2017-12-29not yet calculatedCVE-2014-8119
FEDORA
FEDORA
FEDORA
REDHAT
BID
CONFIRM
CONFIRMnettransport -- nettransport_download_manager
 A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.2017-12-29not yet calculatedCVE-2017-17968
EXPLOIT-DBnetwin --  surgeftp
 cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.2017-12-29not yet calculatedCVE-2017-17933
MISCnmistue -- nmistue
 Cross-site scripting (XSS) vulnerability in the _keyify function in nmistue.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.2017-12-29not yet calculatedCVE-2017-16876
CONFIRM
CONFIRM
CONFIRM
FEDORAnylas_mail_lives -- nylas_mail
 Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.2018-01-03not yet calculatedCVE-2017-1000485
CONFIRMoctopus -- deploy
 In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.2018-01-03not yet calculatedCVE-2018-4862
CONFIRMomero -- omero
 In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.2018-01-02not yet calculatedCVE-2017-1000438
MISCopencv -- opencv
 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.2018-01-02not yet calculatedCVE-2017-1000450
MISC
MISCopencv -- opencv
 In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.2018-01-01not yet calculatedCVE-2017-18009
MISCopencv -- opencv
 OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.2017-12-29not yet calculatedCVE-2017-17760
MISC
MISCopentext_document -- sciences_xpression
 xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.2018-01-04not yet calculatedCVE-2017-14960
FULLDISC
EXPLOIT-DBoracle -- jarsignerjarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.2017-12-29not yet calculatedCVE-2013-4578
CONFIRM
MLIST
MLIST
REDHAT
CONFIRMpassbolt -- passbolt_api
 Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace2018-01-02not yet calculatedCVE-2017-1000442
CONFIRM
CONFIRMpepperminty-wiki_pepperminty-wiki
 Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution2018-01-03not yet calculatedCVE-2017-1000497
CONFIRMpfsense -- pfsense
 pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.2018-01-03not yet calculatedCVE-2017-1000479
MLIST
MISC
MISC
MISC
MISC
MISCphpbb -- phpbb
 phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.2018-01-02not yet calculatedCVE-2017-1000419
CONFIRM
MISCphpjabbers -- file_sharing_script
 PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.2017-12-30not yet calculatedCVE-2017-12813
MISCphpjabbers -- night_club_booking_software
 PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.2017-12-30not yet calculatedCVE-2017-12812
MISCphpjabbers -- php_newsletter_script
 PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.2017-12-30not yet calculatedCVE-2017-12810
MISCphpjabbers -- star_rating_scriptPHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.2017-12-30not yet calculatedCVE-2017-12811
MISCphpmyadmin -- phpmyadmin
 phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.2018-01-03not yet calculatedCVE-2017-1000499
CONFIRMphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17984
MISCphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.2017-12-29not yet calculatedCVE-2017-17986
MISCphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.2017-12-29not yet calculatedCVE-2017-17982
MISCphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.2017-12-29not yet calculatedCVE-2017-17983
MISCphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.2017-12-29not yet calculatedCVE-2017-17988
MISCphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.2017-12-29not yet calculatedCVE-2017-17985
MISCphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.2017-12-29not yet calculatedCVE-2017-17987
MISCphpscriptsmall.com -- muslim_matrimotial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17981
MISCphpscriptsmall.com -- online_ticket_booking_scriptOnline Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.2018-01-03not yet calculatedCVE-2018-5075
MISCphpscriptsmall.com -- online_ticket_booking_script
 Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.2018-01-03not yet calculatedCVE-2018-5076
MISCphpscriptsmall.com -- online_ticket_booking_script
 Online Ticket Booking has CSRF via admin/movieedit.php.2018-01-03not yet calculatedCVE-2018-5073
MISCphpscriptsmall.com -- online_ticket_booking_script
 Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.2018-01-03not yet calculatedCVE-2018-5074
MISCphpscriptsmall.com -- online_ticket_booking_script
 Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.2018-01-03not yet calculatedCVE-2018-5078
MISCphpscriptsmall.com -- online_ticket_booking_script
 Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.2018-01-03not yet calculatedCVE-2018-5072
MISCphpscriptsmall.com -- online_ticket_booking_script
 Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.2018-01-03not yet calculatedCVE-2018-5077
MISCpivotal -- multiple_products
 Malicious PATCH requests submitted to spring-data-rest servers in Pivotal Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3, Spring Boot versions prior to 2.0.0M4, and Spring Data release trains prior to Kay-RC3 can use specially crafted JSON data to run arbitrary Java code.2018-01-04not yet calculatedCVE-2017-8046
BID
CONFIRMpivotal_cloud_foundry -- multiple_products
 An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.2018-01-04not yet calculatedCVE-2018-1190
CONFIRMplay -- play
 XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.2017-12-29not yet calculatedCVE-2014-3630
CONFIRM
CONFIRM
MISC
CONFIRMplexus-utils -- plexus-utils
 Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.2018-01-03not yet calculatedCVE-2017-1000487
CONFIRM
MISCplone -- plone
 By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)2018-01-03not yet calculatedCVE-2017-1000484
CONFIRMplone -- plone
 Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.2018-01-03not yet calculatedCVE-2017-1000483
MISCplone -- plone
 When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.2018-01-03not yet calculatedCVE-2017-1000481
MISCplone -- plone
 A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.2018-01-03not yet calculatedCVE-2017-1000482
MISC

pocoproject -- poco

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".2018-01-03not yet calculatedCVE-2017-1000472
MISCprimetek -- primefaces
 Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution2018-01-03not yet calculatedCVE-2017-1000486
MISC
MISC
CONFIRMpysaml2 -- pysaml2
 pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.2018-01-02not yet calculatedCVE-2017-1000433
CONFIRMqtpass -- qtpass
 It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.2018-01-05not yet calculatedCVE-2017-18021
MISC
MISC
MISC
MISCquickapps_cms -- quickapps_cms
 QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account2018-01-03not yet calculatedCVE-2017-1000495
CONFIRMradiant -- radiant_cms
 Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.2018-01-04not yet calculatedCVE-2018-5216
MISCrawstudio -- librawstudio/rs-filter.c
 The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.2017-12-29not yet calculatedCVE-2014-4978
FEDORA
MLIST
BID
CONFIRM
CONFIRM
XF
CONFIRMred_lion -- hmi_panels
 Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.2017-12-30not yet calculatedCVE-2017-14855
MISCrocket.chat -- rocket.chat
 Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover2018-01-02not yet calculatedCVE-2017-1000493
CONFIRMruby_on_rails -- ruby_on_rails** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17920
MISCruby_on_rails -- ruby_on_rails
 ** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17916
MISCruby_on_rails -- ruby_on_rails
 ** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17919
MISCruby_on_rails -- ruby_on_rails
 ** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.2017-12-29not yet calculatedCVE-2017-17917
MISCrust-base64 -- rust-base64
 rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions2018-01-02not yet calculatedCVE-2017-1000430
MISCsamlify -- samlify
 An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.2018-01-02not yet calculatedCVE-2017-1000452
MISC
MISCsamsung -- multiple_mobile_devices
 On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.2018-01-04not yet calculatedCVE-2017-18020
CONFIRMsamsung -- multiple_mobile_devices
 On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.2018-01-04not yet calculatedCVE-2018-5210
CONFIRMschneider_electric -- pelco_videoxpert_enterprise
 An Improper Access Control issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.2018-01-01not yet calculatedCVE-2017-9966
BID
MISCschneider_electric -- pelco_videoxpert_enterprise
 A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. Using a directory traversal attack, an unauthorized person can view web server files.2018-01-01not yet calculatedCVE-2017-9965
BID
MISCschneider_electric -- pelco_videoxpert_enterprise
 A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.2018-01-01not yet calculatedCVE-2017-9964
BID
MISCshaarli -- shaarli
 Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).2018-01-05not yet calculatedCVE-2018-5249
CONFIRM
CONFIRM
CONFIRMshiba -- shiba
 Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.2018-01-02not yet calculatedCVE-2017-1000491
CONFIRM
CONFIRM

shiftsystems.net -- biometric_shift_employee_management_system


 Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17989
MISCshiftsystems.net -- biometric_shift_employee_management_system
 Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17990
MISCshiftsystems.net -- biometric_shift_employee_management_system
 Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.2017-12-29not yet calculatedCVE-2017-17992
MISCshiftsystems.net -- biometric_shift_employee_management_system
 Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.2017-12-29not yet calculatedCVE-2017-17991
MISCshiftsystems.net -- biometric_shift_employee_management_system
 Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.2017-12-29not yet calculatedCVE-2017-17995
MISCshiftsystems.net -- biometric_shift_employee_management_system
 Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.2017-12-29not yet calculatedCVE-2017-17994
MISCshiftsystems.net -- biometric_shift_employee_management_system
 Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.2017-12-29not yet calculatedCVE-2017-17993
MISCsmarty -- smarty
 Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.2018-01-03not yet calculatedCVE-2017-1000480
MISCsoftware_house -- istar_ultra_devices
 A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.2017-12-30not yet calculatedCVE-2017-17704
MISCstructured_data -- linter
 Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.2018-01-02not yet calculatedCVE-2017-1000448
MISCsyncthing -- syncthing
 Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite2018-01-02not yet calculatedCVE-2017-1000420
CONFIRMtrendnet -- tew-823dru
 TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.2018-01-05not yet calculatedCVE-2014-8579
MISCtrustwave -- trustwave_secure_web_gateway
 Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.2017-12-31not yet calculatedCVE-2017-18001
MISC
MISC
MISCtypo3 -- typo3
 The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.2017-12-29not yet calculatedCVE-2013-7400
MLIST
CONFIRM
MISCvanilla_forums -- vanilla_forums
 Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access2018-01-02not yet calculatedCVE-2017-1000432
CONFIRMvmware -- v4h_and_v4pa_desktop_agents
 The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.2018-01-05not yet calculatedCVE-2017-4946
CONFIRMvmware -- workstation_and_fusion
 VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.2018-01-05not yet calculatedCVE-2017-4945
CONFIRMvmware -- workstation_and_horizon_view_client
 VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2018-01-05not yet calculatedCVE-2017-4948
CONFIRMwebmin -- webmin
 custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.2017-12-30not yet calculatedCVE-2017-17089
BID
CONFIRMwildmidi -- wildmidi
 The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2018-01-02not yet calculatedCVE-2017-1000418
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.2017-12-30not yet calculatedCVE-2017-17997
MISC
MISC
MISCwordpress -- wordpress
 The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.2018-01-01not yet calculatedCVE-2017-18012
MISC
MISC
MISC
MISCwordpress -- wordpress
 SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.2018-01-01not yet calculatedCVE-2018-3811
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
 Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.2018-01-01not yet calculatedCVE-2018-3810
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
 The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.2018-01-04not yet calculatedCVE-2018-5213
MISC
MISC
MISC
MISCwordpress -- wordpress
 The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.2018-01-01not yet calculatedCVE-2017-18011
MISC
MISCwordpress -- wordpress
 The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.2018-01-04not yet calculatedCVE-2018-5214
MISC
MISCwordpress -- wordpress
 Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));2018-01-02not yet calculatedCVE-2017-1000434
MISCwordpress -- wordpress
 The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.2018-01-01not yet calculatedCVE-2017-18015
MISC
MISC
MISCwordpress -- wordpress
 The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.2018-01-04not yet calculatedCVE-2018-5212
MISC
MISC
MISC
MISCwordpress -- wordpress
 The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.2018-01-01not yet calculatedCVE-2017-18010
MISC
MISCwordpress -- wordpress
 The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.2018-01-05not yet calculatedCVE-2014-8336
MLIST
MISC
XF
CONFIRM
CONFIRMwordpress -- wordpress(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.2018-01-05not yet calculatedCVE-2014-8335
MISC
MLIST
MISC
XF
CONFIRM
CONFIRMwordpress -- wordpress
 The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."2017-12-29not yet calculatedCVE-2015-3302
MISC
BUGTRAQ
BID
EXPLOIT-DB
MISCxen -- xen
 In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.2018-01-05not yet calculatedCVE-2018-5244
CONFIRMxmlbundle -- xmlbundle
 XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.2018-01-03not yet calculatedCVE-2017-1000477
MISC
MISCxplico -- xplico
 Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.2018-01-05not yet calculatedCVE-2017-16666
CONFIRM
MISC
MISC
MISC
CONFIRMzend_framework -- zend_framework
 The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.2017-12-29not yet calculatedCVE-2014-4914
CONFIRM
JVN
MLIST
SECUNIA
BID
DEBIANzurmo -- zurmo
 Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.2017-12-31not yet calculatedCVE-2017-18004
MISCzyxel -- p-660hw_devices
 ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.2017-12-29not yet calculatedCVE-2017-17901
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates

2 weeks 2 days ago
Original release date: January 05, 2018

VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client, and Tools. A remote attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0003 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Mozilla Releases Security Update

2 weeks 3 days ago
Original release date: January 04, 2018

Mozilla has released a security update to address a vulnerability in Firefox. An attacker could exploit this vulnerability to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory and update to Firefox 57.0.4.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance

2 weeks 3 days ago
Original release date: January 04, 2018 | Last revised: January 10, 2018
Systems Affected

CPU hardware implementations

Overview

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Description

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by CERT/CC’s Vulnerability Note VU#584653, the United Kingdom National Cyber Security Centre’s guidance on Meltdown and Spectre, Google Project Zero, and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages.

Impact

Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Solution

NCCIC encourages users and administrators to refer to their hardware and software vendors for the most recent information. In the case of Spectre, the vulnerability exists in CPU architecture rather than in software, and is not easily patched; however, this vulnerability is more difficult to exploit. 

MICROSOFT

Microsoft has temporarily halted updates for AMD machines. More information can be found here: https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

For machines running Windows Server, a number of registry changes must be completed in addition to installation of the patches.  A list of registry changes can be found here: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

ANTIVIRUS

Microsoft has recommended that third-party antivirus vendors add a change to the registry key of the machine that runs the antivirus software. Without it, that machine will not receive any of the following fixes from Microsoft:

  • Windows Update
  • Windows Server Update Services
  • System Center Configuration Manager 

More information can be found here: https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software.

MITIGATION

The table provided below lists available advisories and patches. As patches and firmware updates continue to be released, it is important to check with your hardware and software vendors to verify that their corresponding patches can be applied, as some updates may result in unintended consequences. 

NCCIC recommends using a test environment to verify each patch before implementing.

After patching, performance impacts may vary, depending on use cases. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect, if possible.

Additionally, users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.

The following table contains links to advisories and patches published in response to the vulnerabilities. This table will be updated as information becomes available.

Link to Vendor InformationDate AddedAmazonJanuary 4, 2018AMDJanuary 4, 2018AndroidJanuary 4, 2018AppleJanuary 4, 2018ARMJanuary 4, 2018CentOSJanuary 4, 2018ChromiumJanuary 4, 2018CiscoJanuary 10, 2018CitrixJanuary 4, 2018DebianJanuary 5, 2018DragonflyBSDJanuary 8, 2018F5January 4, 2018Fedora ProjectJanuary 5, 2018FortinetJanuary 5, 2018GoogleJanuary 4, 2018HuaweiJanuary 4, 2018IBMJanuary 5, 2018IntelJanuary 4, 2018JuniperJanuary 8, 2018LenovoJanuary 4, 2018LinuxJanuary 4, 2018LLVM: variant #2January 8, 2018LLVM: builtin_load_no_speculateJanuary 8, 2018LLVM: llvm.nospeculatedloadJanuary 8, 2018Microsoft AzureJanuary 4, 2018MicrosoftJanuary 4, 2018MozillaJanuary 4, 2018NetAppJanuary 8, 2018NutanixJanuary 10, 2018NVIDIAJanuary 4, 2018OpenSuSEJanuary 4, 2018QubesJanuary 8, 2018Red HatJanuary 4, 2018SuSEJanuary 4, 2018SynologyJanuary 8, 2018Trend MicroJanuary 4, 2018VMwareJanuary 4, 2018XenJanuary 4, 2018

 

References Revision History
  • January 4, 2018: Initial version
  • January 5, 2018: Updated vendor information links for Citrix, Mozilla, and IBM in the table and added links to Debian, Fedora Project, and Fortinet.
  • January 8, 2018: Added links to DragonflyBSD, Juniper, LLVM, NetApp, Qubes, and Synology.
  • January 9, 2018: Updated Solution Section
  • January 10, 2018: Added links to Cisco and Nutanix.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Meltdown and Spectre Side-Channel Vulnerabilities

2 weeks 4 days ago
Original release date: January 03, 2018 | Last revised: January 05, 2018

US-CERT is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft's Advisory, and Mozilla's blog post for additional information and refer to their OS vendor for appropriate patches.

US-CERT is not aware of any active exploitation at this time. Additional information as it becomes available will be available on the following webpage: https://www.us-cert.gov/Meltdown-Spectre-Guidance

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates

2 weeks 5 days ago
Original release date: January 02, 2018

VMware has released security updates to address vulnerabilities in vSphere Data Protection. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0001 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB18-001: Vulnerability Summary for the Week of December 25, 2017

3 weeks ago
Original release date: January 01, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13861
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13862
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13867
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13876
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7162
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13847
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
EXPLOIT-DBapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13879
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-12-259.3CVE-2017-13848
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-12-259.3CVE-2017-13858
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.2017-12-259.3CVE-2017-13875
BID
SECTRACK
CONFIRM
EXPLOIT-DBapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13883
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7155
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7159
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7163
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.2017-12-277.1CVE-2017-17914
CONFIRMBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.2017-12-254.3CVE-2017-13855
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-256.8CVE-2017-13856
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-12-254.3CVE-2017-13865
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-256.8CVE-2017-13866
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-12-254.3CVE-2017-13868
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-12-254.3CVE-2017-13869
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-256.8CVE-2017-13870
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door.2017-12-255.0CVE-2017-13903
BID
SECTRACK
CONFIRM
CONFIRM
MISCapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).2017-12-275.6CVE-2017-7154
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-276.8CVE-2017-7156
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-276.8CVE-2017-7157
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-276.8CVE-2017-7160
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- icloudAn issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.2017-12-254.3CVE-2017-13864
BID
SECTRACK
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.2017-12-254.3CVE-2017-13860
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.2017-12-255.0CVE-2017-13874
BID
SECTRACK
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-12-274.3CVE-2017-7152
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.2017-12-255.0CVE-2017-13871
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).2017-12-255.6CVE-2017-13878
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.2017-12-276.8CVE-2017-7158
CONFIRMgraphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.2017-12-276.8CVE-2017-17912
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.2017-12-276.8CVE-2017-17913
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.2017-12-276.8CVE-2017-17915
CONFIRM
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.2017-12-276.8CVE-2017-17879
BID
CONFIRM
DEBIANimagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.2017-12-276.8CVE-2017-17880
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.2017-12-274.3CVE-2017-17881
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.2017-12-274.3CVE-2017-17882
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.2017-12-274.3CVE-2017-17883
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.2017-12-274.3CVE-2017-17884
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.2017-12-274.3CVE-2017-17885
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.2017-12-274.3CVE-2017-17886
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.2017-12-274.3CVE-2017-17887
CONFIRMimagemagick -- imagemagickImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.2017-12-275.0CVE-2017-17934
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info2daybiz.com -- readymade_job_site_script
 Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.2017-12-27not yet calculatedCVE-2017-17895
MISC2daybiz.com -- readymade_job_site_script
 Readymade Job Site Script has CSRF via the /job URI.2017-12-27not yet calculatedCVE-2017-17894
MISC2daybiz.com -- readymade_job_site_script
 Readymade Job Site Script has XSS via the keyword parameter to the /job URI.2017-12-27not yet calculatedCVE-2017-17896
MISCairlive -- multiple_products
 cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.2017-12-27not yet calculatedCVE-2014-8389
MISC
FULLDISC
BUGTRAQ
BID
MISCallmediaserver -- allplayer
 A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.2017-12-28not yet calculatedCVE-2017-17932
EXPLOIT-DBanti-web -- anti-web
 cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.2017-12-27not yet calculatedCVE-2017-17888
MISC
MISC
MISCapache -- flexblaze_ds
 Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.2017-12-28not yet calculatedCVE-2017-5641
MLIST
BID
SECTRACK
CONFIRM
CERT-VNarchon -- archon
 packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.2017-12-27not yet calculatedCVE-2017-17911
MISCartifex -- mupdf
 pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.2017-12-27not yet calculatedCVE-2017-17866
CONFIRM
CONFIRMasterisk -- asterisk
 An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.2017-12-27not yet calculatedCVE-2017-17850
CONFIRM
SECTRACK
CONFIRMauth0/passport-wsfed-saml2_library -- auth0/passport-wsfed-saml2_library
 A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).2017-12-27not yet calculatedCVE-2017-16897
CONFIRMba_systems -- bas_web
 BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account.2017-12-29not yet calculatedCVE-2017-17974
MISC
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.2017-12-29not yet calculatedCVE-2017-17995
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.2017-12-29not yet calculatedCVE-2017-17993
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17990
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.2017-12-29not yet calculatedCVE-2017-17991
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17989
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.2017-12-29not yet calculatedCVE-2017-17992
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.2017-12-29not yet calculatedCVE-2017-17994
MISCbiometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.2017-12-27not yet calculatedCVE-2017-17876
EXPLOIT-DBcells -- cells_blog
 Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.2017-12-28not yet calculatedCVE-2017-17950
MISCcells -- cells_blog
 Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.2017-12-28not yet calculatedCVE-2017-17949
MISCcells -- cells_blog
 Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.2017-12-28not yet calculatedCVE-2017-17948
MISCdolibarr -- erp/crm
 SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.2017-12-27not yet calculatedCVE-2017-17900
CONFIRMdolibarr -- erp/crm
 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.2017-12-27not yet calculatedCVE-2017-17898
CONFIRM
CONFIRMdolibarr -- erp/crm
 SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.2017-12-27not yet calculatedCVE-2017-17899
CONFIRMdolibarr -- erp/crm
 SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.2017-12-27not yet calculatedCVE-2017-17897
CONFIRMdolibarr -- erp/crm
 The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.2017-12-29not yet calculatedCVE-2017-17971
MISCdozer -- dozer
 Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.2017-12-29not yet calculatedCVE-2014-9515
CONFIRM
MISC
MISCenigmail -- enigmail 
 An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.2017-12-27not yet calculatedCVE-2017-17845
MISC
MISC
DEBIAN
MISCenigmail -- enigmail 
 An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.2017-12-27not yet calculatedCVE-2017-17843
MISC
MISC
DEBIAN
MISCenigmail -- enigmail 
 An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.2017-12-27not yet calculatedCVE-2017-17847
MISC
MISC
MISC
DEBIAN
MISCenigmail -- enigmail 
 An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.2017-12-27not yet calculatedCVE-2017-17848
MISC
MISC
DEBIANenigmail -- enigmail 
 An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.2017-12-27not yet calculatedCVE-2017-17846
MISC
MISC
DEBIAN
MISCenigmail -- enigmail 
 An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue.2017-12-27not yet calculatedCVE-2017-17844
MISC
MISC
DEBIAN
MISCffmpeg -- ffmpeg
 The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.2017-12-27not yet calculatedCVE-2017-9608
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
DEBIANflexsense -- sysguage_server
 In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.2017-12-28not yet calculatedCVE-2017-15667
EXPLOIT-DBfortunescripts.com -- fs_lynda_clone
 FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.2017-12-27not yet calculatedCVE-2017-17903
MISCfortunescripts.com -- fs_lynda_clone
 FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.2017-12-27not yet calculatedCVE-2017-17904
MISCgetgo_software -- getgo_download_manager
 A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.2017-12-27not yet calculatedCVE-2017-17849
MISC
EXPLOIT-DBgoogle -- play
 XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.2017-12-29not yet calculatedCVE-2014-3630
CONFIRM
CONFIRM
MISC
CONFIRMhoermann -- bisecur_devices
 On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices.2017-12-29not yet calculatedCVE-2017-17910
MISC
MISCibm -- rational_collaborative_lifecycle_managment
 An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.2017-12-27not yet calculatedCVE-2017-1191
CONFIRM
MISCibm -- team_concert
 IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.2017-12-27not yet calculatedCVE-2017-1365
CONFIRM
MISCibm -- websphere_portal
 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.2017-12-27not yet calculatedCVE-2017-1698
CONFIRM
BID
SECTRACK
MISCjboss -- keycloak
 JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.2017-12-29not yet calculatedCVE-2014-3651
CONFIRM
CONFIRMjoomla! -- joomla!
 The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.2017-12-27not yet calculatedCVE-2017-17875
EXPLOIT-DBjoomla! -- joomla!
 The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.2017-12-27not yet calculatedCVE-2017-17871
EXPLOIT-DBjoomla! -- joomla!
 The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.2017-12-27not yet calculatedCVE-2017-17870
MISC
EXPLOIT-DBjoomla! -- joomla!
 Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.2017-12-27not yet calculatedCVE-2015-7324
FULLDISC
CONFIRM
MISCjoomla! -- joomla!
 The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.2017-12-27not yet calculatedCVE-2017-17872
EXPLOIT-DBkingsoft -- wps_office
 pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.2017-12-28not yet calculatedCVE-2017-17967
MISClibtiff -- libtiff
 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.2017-12-28not yet calculatedCVE-2017-17942
MISC
BIDlibtiff -- libtiff
 In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.2017-12-29not yet calculatedCVE-2017-17973
MISCliferay -- liferay_portal
 In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.2017-12-27not yet calculatedCVE-2017-17868
MISClinux -- linux_kernelkernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.2017-12-27not yet calculatedCVE-2017-17853
MISC
MISC
MISClinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.2017-12-27not yet calculatedCVE-2017-17862
MISC
SECTRACK
MISC
MISC
DEBIAN
MISClinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.2017-12-27not yet calculatedCVE-2017-17854
MISC
MISC
MISClinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.2017-12-27not yet calculatedCVE-2017-17856
MISC
MISC
MISClinux -- linux_kernel
 The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.2017-12-27not yet calculatedCVE-2017-17857
MISC
MISC
MISClinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.2017-12-27not yet calculatedCVE-2017-17855
MISC
MISC
MISClinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.2017-12-27not yet calculatedCVE-2017-17852
MISC
MISC
MISClinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.2017-12-27not yet calculatedCVE-2017-17863
SECTRACK
MISC
DEBIAN
MISClinux -- linux_kernel
 Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.2017-12-29not yet calculatedCVE-2017-17975
MISClinux -- linux_kernel
 The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.2017-12-27not yet calculatedCVE-2017-16995
MISC
MISC
BID
MISC
MISC
DEBIANlinux -- linux_kernel
 The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.2017-12-29not yet calculatedCVE-2016-3695
CONFIRM
CONFIRMlinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.2017-12-27not yet calculatedCVE-2017-16996
MISC
MISC
BID
MISC
MISClinux -- linux_kernel
 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."2017-12-27not yet calculatedCVE-2017-17864
SECTRACK
MISC
MISC
DEBIANmagento -- magento
 Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.2017-12-30not yet calculatedCVE-2016-10704
CONFIRMmediawiki -- mediawiki
 The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.2017-12-29not yet calculatedCVE-2015-8008
FEDORA
FEDORA
FEDORA
MLIST
BID
SECTRACK
CONFIRM
MLIST
CONFIRMmistune -- mistune
 Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.2017-12-29not yet calculatedCVE-2017-16876
CONFIRM
CONFIRM
CONFIRM
FEDORAmozilla -- network_security_services
 Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11696
MISC
FULLDISC
MISC
BID
SECTRACKmozilla -- network_security_services
 Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11698
MISC
FULLDISC
MISC
BID
SECTRACKmozilla -- network_security_services
 The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11697
MISC
FULLDISC
MISC
BID
SECTRACKmozilla -- network_security_services
 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11695
MISC
FULLDISC
MISC
BID
SECTRACKmqtt.js -- mqtt.js
 MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.2017-12-27not yet calculatedCVE-2017-10910
MISC
MISC
JVNnettransport_download_manager -- nettransport_download_manager 
 A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.2017-12-29not yet calculatedCVE-2017-17968
EXPLOIT-DBnetwin -- surgeftp
 cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.2017-12-29not yet calculatedCVE-2017-17933
MISCopen-iscsi -- open-iscsi
 An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.2017-12-27not yet calculatedCVE-2017-17840
MISC
MISCopencv -- opencv
 OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.2017-12-29not yet calculatedCVE-2017-17760
MISC
MISCoracle -- jarsigner
 jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.2017-12-29not yet calculatedCVE-2013-4578
CONFIRM
MLIST
MLIST
REDHAT
CONFIRMpdf-xchange_viewer -- pdf-xchange_viewer
 The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.2017-12-27not yet calculatedCVE-2017-13056
MISCphpjabbers -- file_sharing_script
 PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.2017-12-30not yet calculatedCVE-2017-12813
MISCphpjabbers -- night_club_booking_software
 PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.2017-12-30not yet calculatedCVE-2017-12812
MISCphpjabbers -- php_newsletter_script
 PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.2017-12-30not yet calculatedCVE-2017-12810
MISCphpjabbers -- star_rating_script
 PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.2017-12-30not yet calculatedCVE-2017-12811
MISCphpmybackuppro -- phpmybackuppro
 SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.2017-12-27not yet calculatedCVE-2015-3637
MLIST
SECTRACKphpscriptsmall.com -- muslim_matrimonial_scriptPHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17984
MISCphpscriptsmall.com -- muslim_matrimonial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.2017-12-29not yet calculatedCVE-2017-17985
MISCphpscriptsmall.com -- muslim_matrimonial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17981
MISCphpscriptsmall.com -- muslim_matrimonial_script
 PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.2017-12-29not yet calculatedCVE-2017-17987
MISCphpscriptsmall.com -- muslim_matrimonial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.2017-12-29not yet calculatedCVE-2017-17986
MISCphpscriptsmall.com -- muslim_matrimonial_script
 PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.2017-12-29not yet calculatedCVE-2017-17983
MISCphpscriptsmall.com -- muslim_matrimonial_script
 PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.2017-12-29not yet calculatedCVE-2017-17982
MISCphpscriptsmall.com -- muslim_matrimonial_script
 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.2017-12-29not yet calculatedCVE-2017-17988
MISCphpscriptsmall.com -- php_scripts_mall_car_rental_script
 PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.2017-12-27not yet calculatedCVE-2017-17905
MISCphpscriptsmall.com -- php_scripts_mall_car_rental_script
 PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.2017-12-27not yet calculatedCVE-2017-17907
MISCphpscriptsmall.com -- php_scripts_mall_car_rental_script
 PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.2017-12-27not yet calculatedCVE-2017-17906
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.2017-12-28not yet calculatedCVE-2017-17958
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.2017-12-28not yet calculatedCVE-2017-17952
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.2017-12-28not yet calculatedCVE-2017-17953
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.2017-12-28not yet calculatedCVE-2017-17957
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.2017-12-28not yet calculatedCVE-2017-17960
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.2017-12-28not yet calculatedCVE-2017-17956
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.2017-12-28not yet calculatedCVE-2017-17959
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.2017-12-28not yet calculatedCVE-2017-17951
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.2017-12-28not yet calculatedCVE-2017-17955
MISCphpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.2017-12-28not yet calculatedCVE-2017-17954
MISCphpscriptsmall.com -- php_scripts_mall_professional_services_script
 PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.2017-12-27not yet calculatedCVE-2017-17925
MISCphpscriptsmall.com -- php_scripts_mall_professional_services_script
 PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.2017-12-27not yet calculatedCVE-2017-17924
MISCphpscriptsmall.com -- php_scripts_mall_professional_services_script
 PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.2017-12-27not yet calculatedCVE-2017-17930
MISCphpscriptsmall.com -- php_scripts_mall_professional_services_script
 PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.2017-12-27not yet calculatedCVE-2017-17928
MISCphpscriptsmall.com -- php_scripts_mall_professional_services_script
 PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.2017-12-27not yet calculatedCVE-2017-17927
MISCphpscriptsmall.com -- php_scripts_mall_responsive_realestate_script
 PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.2017-12-27not yet calculatedCVE-2017-17908
MISCphpscriptsmall.com -- php_scripts_mall_responsive_realestate_script
 PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.2017-12-27not yet calculatedCVE-2017-17909
MISCphpscriptsmall.com -- php_scripts_mall_resume_clone_script
 PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.2017-12-27not yet calculatedCVE-2017-17931
MISCphpscriptsmall.com -- php_scripts_mall_single_theater_bookingPHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.2017-12-28not yet calculatedCVE-2017-17941
MISCphpscriptsmall.com -- php_scripts_mall_single_theater_bookingPHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.2017-12-28not yet calculatedCVE-2017-17940
MISCphpscriptsmall.com -- php_scripts_mall_single_theater_booking
 PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.2017-12-28not yet calculatedCVE-2017-17938
MISCphpscriptsmall.com -- php_scripts_mall_single_theater_booking
 PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.2017-12-28not yet calculatedCVE-2017-17939
MISCphpscriptsmall.com -- readymade_video_sharing_script
 Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.2017-12-27not yet calculatedCVE-2017-17893
MISCphpscriptsmall.com -- readymade_video_sharing_script
 Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.2017-12-27not yet calculatedCVE-2017-17892
MISCphpscriptsmall.com -- readymade_video_sharing_script
 Readymade Video Sharing Script has CSRF via user-profile-edit.php.2017-12-27not yet calculatedCVE-2017-17891
MISCphpscriptssmall.com -- php_scripts_mall_professional_services_script
 PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.2017-12-27not yet calculatedCVE-2017-17929
MISCphpscriptssmall.com -- php_scripts_mall_professional_services_script
 PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.2017-12-27not yet calculatedCVE-2017-17926
MISCrawstudio -- rawstudio
 The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.2017-12-29not yet calculatedCVE-2014-4978
FEDORA
MLIST
BID
CONFIRM
CONFIRM
XF
CONFIRMred_hat -- hawt.io 
 The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.2017-12-29not yet calculatedCVE-2014-0121
CONFIRM
CONFIRM
MISCred_hat -- hawt.io 
 Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."2017-12-29not yet calculatedCVE-2014-0120
CONFIRM
CONFIRM
MISCred_hat -- fedora
 The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.2017-12-29not yet calculatedCVE-2014-8119
FEDORA
FEDORA
FEDORA
REDHAT
BID
CONFIRM
CONFIRMred_lion -- hmi_panels
 Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.2017-12-30not yet calculatedCVE-2017-14855
MISCrockwell_automation -- factorytalk_alarms_and_events
 An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate.2017-12-22not yet calculatedCVE-2017-14022
BID
MISCruby_on_rails -- ruby_on_rails SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter.2017-12-29not yet calculatedCVE-2017-17919
MISCruby_on_rails -- ruby_on_rails 
 SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter.2017-12-29not yet calculatedCVE-2017-17917
MISCruby_on_rails -- ruby_on_rails 
 SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.2017-12-29not yet calculatedCVE-2017-17916
MISCruby_on_rails -- ruby_on_rails 
 SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.2017-12-29not yet calculatedCVE-2017-17920
MISCsamsung -- internet_browser
 Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file.2017-12-27not yet calculatedCVE-2017-17859
MISCsamsung -- s6_edge
 The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.2017-12-27not yet calculatedCVE-2015-7889
MISC
BID
CONFIRM
EXPLOIT-DBserverscheck_monitoring_software -- serverscheck_monitoring_software
 ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).2017-12-27not yet calculatedCVE-2017-17832
MISC
CONFIRMsiemens -- 7kt_pac1200_data_manager
 A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.2017-12-27not yet calculatedCVE-2017-9944
BID
CONFIRMsiemens -- logo!_soft_comfort
 Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.2017-12-25not yet calculatedCVE-2017-12740
CONFIRMsiemens -- multiple_products
 A vulnerability has been identified in the following Siemens industrial products: SIMATIC S7-200 Smart: All versions < V2.03.01, SIMATIC S7-400 PN V6: All versions < V6.0.6, SIMATIC S7-400 H V6: All versions < 6.0.8, SIMATIC S7-400 PN/DP V7: All versions, SIMATIC S7-410 V8: All versions, SIMATIC S7-300: All versions, SIMATIC S7-1200: All versions, SIMATIC S7-1500: All versions < 2.0, SIMATIC S7-1500 Software Controller: All versions < 2.0, SIMATIC WinAC RTX 2010 incl. F: All versions, SIMATIC ET 200AL: All versions, SIMATIC ET 200ecoPN: All versions, SIMATIC ET 200M: All versions, SIMATIC ET 200MP: All versions, SIMATIC ET 200pro: All versions, SIMATIC ET 200S: All versions, SIMATIC ET 200SP: All versions, DK Standard Ethernet Controller: All versions, EK-ERTEC 200P: All versions < V4.5, EK-ERTEC 200 PN IO: All versions, SIMOTION D: All versions < V5.1 HF1, SIMOTION C: All versions < V5.1 HF1, SIMOTION P: All versions < V5.1 HF1, SINAMICS DCM: All versions, SINAMICS DCP: All versions, SINAMICS G110M / G120(C/P/D) w. PN: All versions < V4.7 SP9 HF1, SINAMICS G130 and G150: All versions, SINAMICS S110 w. PN: All versions, SINAMICS S120: All versions, SINAMICS S150 V4.7 and V4.8: All versions, SINAMICS V90 w. PN: All versions, SINUMERIK 840D sl: All versions, SIMATIC Compact Field Unit: All versions, SIMATIC PN/PN Coupler: All versions, SIMOCODE pro V PROFINET: All versions, SIRIUS Soft starter 3RW44 PN: All versions. Specially crafted packets sent to port 161/UDP could cause a Denial-of-Service condition. The affected devices must be restarted manually.2017-12-25not yet calculatedCVE-2017-12741
BID
CONFIRMsiemens -- ruggedcom_ros_for_rsl910_devices
 A vulnerability has been identified in the following Siemens products: RUGGEDCOM ROS for RSL910 devices: All versions < ROS v5.0.1, RUGGEDCOM ROS for all other devices: All versions < ROS v4.3.4, SCALANCE XB-200/XC-200/XP-200/XR300-WG: All versions >= v3.0, SCALANCE XR-500/XM-400: All versions >= v6.1. After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions, potentially allowing users located in the adjacent network of the targeted device to perform unauthorized administrative actions.2017-12-25not yet calculatedCVE-2017-12736
BID
SECTRACK
SECTRACK
CONFIRMsoftware_house -- istar_ultra_devices
 A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.2017-12-30not yet calculatedCVE-2017-17704
MISCsony -- playstation
 Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-27not yet calculatedCVE-2017-17010
JVNsynology -- mailplus_server
 Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.2017-12-27not yet calculatedCVE-2017-16768
CONFIRMsynology -- synology_chat
 Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.2017-12-28not yet calculatedCVE-2017-15892
CONFIRMsynology -- synology_chat
 Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.2017-12-28not yet calculatedCVE-2017-15886
CONFIRMtripwire -- ip360_vne_manager
 The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."2017-12-27not yet calculatedCVE-2015-6237
FULLDISC
BUGTRAQtypo3 -- typo3
 The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.2017-12-29not yet calculatedCVE-2013-7400
MLIST
CONFIRM
MISCubiquiti -- unifi_video
 Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.2017-12-27not yet calculatedCVE-2016-6914
MISC
FULLDISC
BID
MISC
EXPLOIT-DBvalve_steam_link -- valve_steam_link_build_643
 An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting).2017-12-27not yet calculatedCVE-2017-17878
MISC
MISC
MISCvalve_steam_link -- valve_steam_link_build_643
 An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easier for remote attackers to obtain access by guessing 24 bits of the MAC address and attempting a root login. This can be exploited in conjunction with CVE-2017-17878.2017-12-27not yet calculatedCVE-2017-17877
MISC
MISC
MISCvanguard -- marketplace_digital_products_php
 Vanguard Marketplace Digital Products PHP has CSRF via /search.2017-12-28not yet calculatedCVE-2017-17936
MISCvanguard -- marketplace_digital_products_php
 Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.2017-12-27not yet calculatedCVE-2017-17874
EXPLOIT-DBvanguard -- marketplace_digital_products_php
 Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.2017-12-27not yet calculatedCVE-2017-17873
EXPLOIT-DBvanguard -- marketplace_digital_products_php
 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.2017-12-28not yet calculatedCVE-2017-17937
MISCwebmin -- webmin
 custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.2017-12-30not yet calculatedCVE-2017-17089
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.2017-12-30not yet calculatedCVE-2017-17997
MISC
MISC
MISCwireshark -- wireshark
 The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.2017-12-27not yet calculatedCVE-2017-17935
BID
MISC
MISC
MISCwordpress -- wordpressThe TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."2017-12-29not yet calculatedCVE-2015-3302
MISC
BUGTRAQ
BID
EXPLOIT-DB
MISCwordpress -- wordpress
 Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter.2017-12-27not yet calculatedCVE-2015-7667
BUGTRAQ
CONFIRM
MISCwordpress -- wordpress
 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.2017-12-27not yet calculatedCVE-2017-17869
MISCwordpress -- wordpress
 Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.2017-12-27not yet calculatedCVE-2015-7666
BUGTRAQ
CONFIRM
CONFIRM
MISCwordpress -- wordpress
 Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."2017-12-27not yet calculatedCVE-2015-7669
BUGTRAQ
CONFIRM
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter.2017-12-27not yet calculatedCVE-2015-7668
BUGTRAQ
CONFIRM
MISCzend_framework -- zend_framework
 The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.2017-12-29not yet calculatedCVE-2014-4914
CONFIRM
JVN
MLIST
SECUNIA
BID
DEBIANzyxel -- p-660hw_v3_devices
 ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.2017-12-29not yet calculatedCVE-2017-17901
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT
Checked
2 hours 59 minutes ago
Subscribe to US CERT feed