SB18-092: Vulnerability Summary for the Week of March 26, 2018

Original release date: April 02, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cisco — ios_xeA vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of the affected software. A successful exploit could allow the attacker to write arbitrary files to the operating system of an affected device. Cisco Bug IDs: CSCvb22645.2018-03-284.0CVE-2018-0196
CONFIRM
imagemagick — imagemagickAn issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.2018-03-264.3CVE-2017-18250
CONFIRM
imagemagick — imagemagickAn issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.2018-03-264.3CVE-2017-18251
CONFIRM
imagemagick — imagemagickAn issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.2018-03-264.3CVE-2017-18252
CONFIRM
imagemagick — imagemagickAn issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.2018-03-264.3CVE-2017-18253
CONFIRM
imagemagick — imagemagickAn issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.2018-03-264.3CVE-2017-18254
CONFIRM
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.2018-03-246.1CVE-2018-8998
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.2018-03-246.1CVE-2018-8999
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.2018-03-246.1CVE-2018-9000
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.2018-03-246.1CVE-2018-9001
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.2018-03-246.1CVE-2018-9002
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.2018-03-246.1CVE-2018-9003
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.2018-03-246.1CVE-2018-9004
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.2018-03-246.1CVE-2018-9005
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.2018-03-246.1CVE-2018-9006
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.2018-03-246.1CVE-2018-9007
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.2018-03-266.1CVE-2018-9040
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.2018-03-266.1CVE-2018-9041
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.2018-03-266.1CVE-2018-9042
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.2018-03-266.1CVE-2018-9043
MISC
iobit — advanced_systemcare_ultimateIn Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.2018-03-266.1CVE-2018-9044
MISC
jasper_project — jasperJasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.2018-03-274.3CVE-2018-9055
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008.2018-03-246.1CVE-2018-8988
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006.2018-03-246.1CVE-2018-8989
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010.2018-03-246.1CVE-2018-8990
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009.2018-03-246.1CVE-2018-8991
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005.2018-03-246.1CVE-2018-8992
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.2018-03-246.1CVE-2018-8993
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003.2018-03-246.1CVE-2018-8994
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002.2018-03-246.1CVE-2018-8995
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007.2018-03-246.1CVE-2018-8996
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004.2018-03-246.1CVE-2018-8997
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849.2018-03-266.1CVE-2018-9045
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282d.2018-03-266.1CVE-2018-9046
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002841.2018-03-266.1CVE-2018-9047
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c.2018-03-266.1CVE-2018-9048
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833.2018-03-266.1CVE-2018-9049
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100202d.2018-03-266.1CVE-2018-9050
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002021.2018-03-266.1CVE-2018-9051
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c.2018-03-266.1CVE-2018-9052
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc.2018-03-266.1CVE-2018-9053
MISC
windows_optimization_master_project — windows_optimization_masterIn Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100284c.2018-03-266.1CVE-2018-9054
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acrolinx_server — acrolinx_server
 
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.2018-03-25not yet calculatedCVE-2018-7719
CONFIRM
EXPLOIT-DB
apache — http_server
 
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.2018-03-26not yet calculatedCVE-2018-1303
MLIST
BID
SECTRACK
CONFIRM
apache — http_server
 
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.2018-03-26not yet calculatedCVE-2018-1302
MLIST
BID
SECTRACK
CONFIRM
apache — http_server
 
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.2018-03-26not yet calculatedCVE-2018-1301
MLIST
BID
SECTRACK
CONFIRM
apache — httpd
 
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user’s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, ‘en-US’ is truncated to ‘en’). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.2018-03-26not yet calculatedCVE-2017-15710
MLIST
BID
SECTRACK
CONFIRM
apache — httpd
 
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a “Session” header. This comes from the “HTTP_SESSION” variable name used by mod_session to forward its data to CGIs, since the prefix “HTTP_” is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.2018-03-26not yet calculatedCVE-2018-1283
MLIST
BID
SECTRACK
CONFIRM
apache — httpd
 
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.2018-03-26not yet calculatedCVE-2018-1312
MLIST
BID
SECTRACK
CONFIRM
apache — httpd
 
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match ‘$’ to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.2018-03-26not yet calculatedCVE-2017-15715
MLIST
BID
SECTRACK
CONFIRM
apache — struts_rest_plugin
 
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.2018-03-27not yet calculatedCVE-2018-1327
BID
SECTRACK
MISC
CONFIRM
atlassian — bamboo
 
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability.2018-03-29not yet calculatedCVE-2018-5224
CONFIRM
CONFIRM
atlassian — fisheye_and_crucible
 
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability.2018-03-29not yet calculatedCVE-2018-5223
CONFIRM
CONFIRM
CONFIRM
CONFIRM
avolve_software — projectdox
 
Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token.2018-03-27not yet calculatedCVE-2014-5130
MISC
BUGTRAQ
BID
XF
avolve_software — projectdox
 
Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses.2018-03-27not yet calculatedCVE-2014-5132
MISC
BUGTRAQ
XF
avolve_software — projectdox
 
Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse.2018-03-27not yet calculatedCVE-2014-5131
MISC
BUGTRAQ
BID
XF
beckhoff — twincat
 
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.2018-03-23not yet calculatedCVE-2018-7502
BID
MISC
MISC
bomgar — remote_support_portal_javastart.jar_applet
 
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using and/or tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.2018-03-26not yet calculatedCVE-2017-12815
BUGTRAQ
ca_technologies — ca_api_developer_portal
 
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.2018-03-29not yet calculatedCVE-2018-6588
SECTRACK
CONFIRM
ca_technologies — ca_api_developer_portal
 
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.2018-03-29not yet calculatedCVE-2018-6587
SECTRACK
CONFIRM
ca_technologies — ca_api_developer_portal
 
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.2018-03-29not yet calculatedCVE-2018-6586
SECTRACK
CONFIRM
cisco — catalyst_4500_series_switches_and _catalyst_4500-x_series_switches
 
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.2018-03-28not yet calculatedCVE-2018-0155
SECTRACK
CONFIRM
cisco — integrated_services_module_for_vpn
 
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.2018-03-28not yet calculatedCVE-2018-0154
BID
SECTRACK
CONFIRM
cisco — ios_and_ios_xe_and_ios_xr
 
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487, CSCvd73664.2018-03-28not yet calculatedCVE-2018-0167
SECTRACK
CONFIRM
cisco — ios_and_ios_xe_and_ios_xr
 
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487, CSCvd73664.2018-03-28not yet calculatedCVE-2018-0175
SECTRACK
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730.2018-03-28not yet calculatedCVE-2018-0172
BID
SECTRACK
CONFIRM
MISC
cisco — ios_and_ios_xe
 
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655.2018-03-28not yet calculatedCVE-2018-0189
BID
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.2018-03-28not yet calculatedCVE-2018-0171
BID
SECTRACK
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754.2018-03-28not yet calculatedCVE-2018-0173
BID
SECTRACK
CONFIRM
MISC
cisco — ios_and_ios_xe
 
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.2018-03-28not yet calculatedCVE-2018-0174
BID
SECTRACK
CONFIRM
MISC
cisco — ios_and_ios_xe
 
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.2018-03-28not yet calculatedCVE-2018-0151
BID
SECTRACK
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.2018-03-28not yet calculatedCVE-2018-0158
SECTRACK
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.2018-03-28not yet calculatedCVE-2018-0156
SECTRACK
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.2018-03-28not yet calculatedCVE-2018-0159
SECTRACK
CONFIRM
cisco — ios_xeA vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428.2018-03-28not yet calculatedCVE-2018-0195
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296.2018-03-28not yet calculatedCVE-2018-0157
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.2018-03-28not yet calculatedCVE-2018-0185
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432.2018-03-28not yet calculatedCVE-2018-0184
BID
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user’s system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022.2018-03-28not yet calculatedCVE-2018-0186
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied; however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. Cisco Bug IDs: CSCvd75185.2018-03-28not yet calculatedCVE-2018-0164
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496.2018-03-28not yet calculatedCVE-2018-0165
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356.2018-03-28not yet calculatedCVE-2018-0183
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818.2018-03-28not yet calculatedCVE-2018-0160
SECTRACK
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.2018-03-28not yet calculatedCVE-2018-0182
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769.2018-03-28not yet calculatedCVE-2018-0152
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.2018-03-27not yet calculatedCVE-2017-12319
BID
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.2018-03-28not yet calculatedCVE-2018-0169
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327.2018-03-28not yet calculatedCVE-2018-0170
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714.2018-03-28not yet calculatedCVE-2018-0177
SECTRACK
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.2018-03-28not yet calculatedCVE-2018-0176
SECTRACK
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.2018-03-28not yet calculatedCVE-2018-0193
BID
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user’s system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022.2018-03-28not yet calculatedCVE-2018-0190
BID
CONFIRM
cisco — ios_xe
 
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user’s system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022.2018-03-28not yet calculatedCVE-2018-0188
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880.2018-03-28not yet calculatedCVE-2018-0150
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.2018-03-28not yet calculatedCVE-2018-0163
CONFIRM
cisco — ios
 
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.2018-03-28not yet calculatedCVE-2018-0161
SECTRACK
CONFIRM
cisco — ios
 
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.2018-03-28not yet calculatedCVE-2018-0179
BID
CONFIRM
cisco — ios
 
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.2018-03-28not yet calculatedCVE-2018-0180
BID
CONFIRM
cisco — spark_hybrid_calendar_service
 
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593.2018-03-27not yet calculatedCVE-2017-12310
CONFIRM
cisco — unified_communications_manager
 
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.2018-03-27not yet calculatedCVE-2018-0198
BID
SECTRACK
CONFIRM
clamav — clamav
 
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.2018-03-27not yet calculatedCVE-2018-0202
CONFIRM
CONFIRM
MLIST
UBUNTU
UBUNTU
cloud_foundry_foundation — cloud_foundry_bosh_cli
 
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.2018-03-27not yet calculatedCVE-2018-1231
CONFIRM
cloud_foundry_foundation — cloud_foundry_cloud_controller
 
Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.2018-03-27not yet calculatedCVE-2018-1266
CONFIRM
cloud_foundry_foundation — cloud_foundry_garden-runc
 
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.2018-03-29not yet calculatedCVE-2018-1191
CONFIRM
cloud_foundry_foundation — cloud_foundry_silk_cni_plugin
 
Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies.2018-03-27not yet calculatedCVE-2018-1267
CONFIRM
cloud_foundry_foundation — pcf_elastic_runtime
 
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.2018-03-29not yet calculatedCVE-2016-6658
CONFIRM
contec — smart_home_devices
 
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.2018-03-31not yet calculatedCVE-2018-9162
EXPLOIT-DB
crea8social — crea8social
 
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment.2018-03-29not yet calculatedCVE-2018-9121
MISC
MISC
crea8social — crea8social
 
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile.2018-03-29not yet calculatedCVE-2018-9123
MISC
crea8social — crea8social
 
In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post.2018-03-29not yet calculatedCVE-2018-9120
MISC
MISC
crea8social — crea8social
 
In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI.2018-03-29not yet calculatedCVE-2018-9122
MISC
MISC
cups — cups
 
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.2018-03-26not yet calculatedCVE-2017-18248
CONFIRM
CONFIRM
CONFIRM
MISC
d-link — dir-601_b1_2.02na_devices
 
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator’s panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.2018-03-30not yet calculatedCVE-2018-5708
FULLDISC
d-link — dir-850l_wireless_ac1200_dual_band_gigabit_cloud_router
 
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.2018-03-26not yet calculatedCVE-2018-9032
EXPLOIT-DB
MISC
dedecms — dedecms
 
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.2018-03-30not yet calculatedCVE-2018-9134
MISC
dedecms — dedecms
 
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.2018-03-27not yet calculatedCVE-2018-7700
MISC
dell_emc — isilon
 
Dell EMC Isilon OneFS versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.2018-03-26not yet calculatedCVE-2018-1204
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
Dell EMC Isilon versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user’s browser session in the context of the OneFS website.2018-03-26not yet calculatedCVE-2018-1186
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
Dell EMC Isilon versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user’s browser session in the context of the OneFS website.2018-03-26not yet calculatedCVE-2018-1188
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.2018-03-26not yet calculatedCVE-2018-1203
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
Dell EMC Isilon versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user’s browser session in the context of the OneFS website.2018-03-26not yet calculatedCVE-2018-1187
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
Dell EMC Isilon versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user’s browser session in the context of the OneFS website.2018-03-26not yet calculatedCVE-2018-1201
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
Dell EMC Isilon OneFS versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.2018-03-26not yet calculatedCVE-2018-1213
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
Dell EMC Isilon versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user’s browser session in the context of the OneFS website.2018-03-26not yet calculatedCVE-2018-1202
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — isilon
 
Dell EMC Isilon versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user’s browser session in the context of the OneFS website.2018-03-26not yet calculatedCVE-2018-1189
FULLDISC
BID
MISC
EXPLOIT-DB
dell_emc — scaleio
 
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed.2018-03-27not yet calculatedCVE-2018-1238
FULLDISC
dell_emc — scaleio
 
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.2018-03-27not yet calculatedCVE-2018-1237
FULLDISC
dell_emc — scaleio
 
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.2018-03-27not yet calculatedCVE-2018-1205
FULLDISC
docker — docker_notary
 
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.2018-03-31not yet calculatedCVE-2015-9258
MISC
MISC
docker — docker_notary
 
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.2018-03-31not yet calculatedCVE-2015-9259
MISC
MISC
drupal — drupal
 
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.2018-03-29not yet calculatedCVE-2018-7600
BID
SECTRACK
MISC
MISC
MISC
CONFIRM
MLIST
MISC
MISC
DEBIAN
CONFIRM
CONFIRM
MISC
drupal — drupal
 
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.2018-03-29not yet calculatedCVE-2014-5170
MLIST
XF
CONFIRM
MISC
dsmall — dsmall
 
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request.2018-03-25not yet calculatedCVE-2018-9014
MISC
dsmall — dsmall
 
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI.2018-03-25not yet calculatedCVE-2018-9016
MISC
dsmall — dsmall
 
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).2018-03-25not yet calculatedCVE-2018-9015
MISC
dsmall — dsmall
 
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.2018-03-25not yet calculatedCVE-2018-9017
MISC
elfinder — elfinder
 
Studio 42 elFinder before 2.1.36 has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion.2018-03-28not yet calculatedCVE-2018-9109
CONFIRM
CONFIRM
elfinder — elfinder
 
Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.2018-03-28not yet calculatedCVE-2018-9110
CONFIRM
CONFIRM
enhancesoft — osticket
 
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the “message” parameter.2018-03-27not yet calculatedCVE-2018-7192
MISC
enhancesoft — osticket
 
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the “order” parameter.2018-03-27not yet calculatedCVE-2018-7193
MISC
enhancesoft — osticket
 
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.2018-03-27not yet calculatedCVE-2018-7194
MISC
enhancesoft — osticket
 
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the “sort” parameter.2018-03-27not yet calculatedCVE-2018-7196
MISC
enhancesoft — osticket
 
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.2018-03-27not yet calculatedCVE-2018-7195
MISC
exiv2 — exiv2
 
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.2018-03-30not yet calculatedCVE-2018-9144
MISC
MISC
exiv2 — exiv2
 
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp, a different vulnerability than CVE-2017-17724. It could result in denial of service or information disclosure.2018-03-30not yet calculatedCVE-2018-9146
MISC
MISC
exiv2 — exiv2
 
In Exiv2 0.26, there is a reachable assertion abort in the function Exiv2::DataBuf::DataBuf at include/exiv2/types.hpp.2018-03-30not yet calculatedCVE-2018-9145
MISC
firebird_project — firebird_sql_server
 
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.2018-03-28not yet calculatedCVE-2017-11509
MISC
frog_cms — frog_cms
 
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application’s add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.2018-03-31not yet calculatedCVE-2018-8908
MISC
gespage — gespage
 
Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp.2018-03-30not yet calculatedCVE-2018-9147
MISC
gnu — binutils
 
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.2018-03-30not yet calculatedCVE-2018-9138
MISC
google — android
 
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.2018-03-29not yet calculatedCVE-2015-2002
MISC
MISC
google — android
 
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.2018-03-29not yet calculatedCVE-2015-2004
MISC
MISC
google — android
 
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.2018-03-29not yet calculatedCVE-2015-2003
MISC
MISC
google — android
 
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.2018-03-29not yet calculatedCVE-2015-2020
MISC
MISC
google — android
 
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.2018-03-29not yet calculatedCVE-2015-2001
MISC
MISC
google — android
 
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.2018-03-29not yet calculatedCVE-2015-2000
MISC
MISC
graphicsmagick — graphicsmagick
 
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.2018-03-25not yet calculatedCVE-2018-9018
BID
MLIST
MISC
hashicorp — terraform_amazon_web_services_provider
 
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.2018-03-27not yet calculatedCVE-2018-9057
MISC
hashicorp — vagrant-vmware-fusion
 
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.2018-03-29not yet calculatedCVE-2017-16839
MISC
hashicorp — vagrant-vmware-fusion
 
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.2018-03-29not yet calculatedCVE-2017-16512
MISC
hashicorp — vagrant-vmware-fusion
 
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.2018-03-29not yet calculatedCVE-2017-16873
MISC
hoek — hoek
 
hoek node module before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via ‘merge’ and ‘applyToDefaults’ functions, which allows a malicious user to modify the prototype of “Object” via __proto__, causing the addition or modification of an existing property that will exist on all objects.2018-03-30not yet calculatedCVE-2018-3728
BID
CONFIRM
MISC
ibm — bigfix_remote_control
 
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200.2018-03-27not yet calculatedCVE-2015-4954
CONFIRM
XF
ibm — bigfix_remote_control
 
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.2018-03-29not yet calculatedCVE-2015-4953
AIXAPAR
XF
CONFIRM
ibm — business_process_manager
 
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.2018-03-30not yet calculatedCVE-2017-1767
CONFIRM
MISC
ibm — business_process_manager
 
Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.2018-03-30not yet calculatedCVE-2017-1766
CONFIRM
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.2018-03-30not yet calculatedCVE-2018-1384
CONFIRM
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.2018-03-30not yet calculatedCVE-2017-1765
CONFIRM
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.2018-03-30not yet calculatedCVE-2017-1756
CONFIRM
MISC
ibm — capacity_management_analytics
 
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863.2018-03-26not yet calculatedCVE-2015-7434
CONFIRM
XF
ibm — capacity_management_analytics
 
IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861.2018-03-26not yet calculatedCVE-2015-7432
CONFIRM
XF
ibm — capacity_management_analytics
 
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862.2018-03-26not yet calculatedCVE-2015-7433
CONFIRM
XF
ibm — curam_social_program_management
 
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.2018-03-26not yet calculatedCVE-2015-7401
CONFIRM
XF
ibm — endpoint_manager_for_remote_control
 
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196.2018-03-29not yet calculatedCVE-2015-4952
CONFIRM
ibm — financial_transaction_manager_for_check_services_for_multi-platform
 
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221.2018-03-30not yet calculatedCVE-2018-1390
CONFIRM
MISC
ibm — infosphere_master_data_management
 
IBM InfoSphere Master Data Management (MDM) – Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780.2018-03-26not yet calculatedCVE-2015-7424
CONFIRM
XF
ibm — infosphere_master_data_management
 
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) – Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771.2018-03-26not yet calculatedCVE-2015-7423
CONFIRM
XF
ibm — multiple_products
 
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.2018-03-27not yet calculatedCVE-2015-5016
CONFIRM
XF
ibm — qradar_siem
 
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.2018-03-29not yet calculatedCVE-2015-2009
CONFIRM
ibm — rational_clearcase
 
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.2018-03-26not yet calculatedCVE-2015-5039
CONFIRM
XF
ibm — rational_license_key_server
 
The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938.2018-03-26not yet calculatedCVE-2015-5045
CONFIRM
XF
ibm — security_privileged_identity_manager
 
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.2018-03-30not yet calculatedCVE-2017-1705
CONFIRM
MISC
ibm — tealeaf_customer_experience
 
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.2018-03-27not yet calculatedCVE-2015-4987
CONFIRM
XF
ibm — websphere_mq
 
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.2018-03-30not yet calculatedCVE-2017-1747
CONFIRM
MISC
ibos — ibos
 
IBOS 4.4.3 has XSS via a company full name.2018-03-30not yet calculatedCVE-2018-9130
MISC
MISC
imagemagick — imagemagick
 
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.2018-03-23not yet calculatedCVE-2018-8960
BID
MISC
imagemagick — imagemagick
 
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.2018-03-30not yet calculatedCVE-2018-9133
MISC
imagemagick — imagemagick
 
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.2018-03-30not yet calculatedCVE-2018-9135
CONFIRM
intelbras — telefone_ip_tip200/200_lite_devices
 
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.2018-03-25not yet calculatedCVE-2018-9010
EXPLOIT-DB
jenkins — jenkins
 
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.2018-03-27not yet calculatedCVE-2018-8718
MLIST
CONFIRM
joomla! — joomla!
 
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.2018-03-28not yet calculatedCVE-2018-9106
MISC
EXPLOIT-DB
joomla! — joomla!
 
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.2018-03-28not yet calculatedCVE-2018-9107
MISC
MISC
MISC
EXPLOIT-DB
jungo — driverwizard_windriver
 
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821.2018-03-30not yet calculatedCVE-2018-9136
MISC
kaseya — virtual_system_administrator_agent
 
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with “NT AUTHORITYSYSTEM” privileges.2018-03-26not yet calculatedCVE-2017-12410
BUGTRAQ
kibana — kibana
 
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.2018-03-30not yet calculatedCVE-2018-3819
CONFIRM
kibana — kibana
 
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2018-03-30not yet calculatedCVE-2018-3818
BID
CONFIRM
kibana — kibana
 
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2018-03-30not yet calculatedCVE-2018-3821
CONFIRM
kibana — kibana
 
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2018-03-30not yet calculatedCVE-2018-3820
CONFIRM
kingsoft — internet_security_9+_kernel_driver_kwatch3.sys
 
A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.2018-03-30not yet calculatedCVE-2018-9151
MISC
knot_dns — knot_dns
 
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.2018-03-27not yet calculatedCVE-2014-0486
BID
XF
CONFIRM
laravel_log_viewer — laravel_log_viewer
 
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.2018-03-25not yet calculatedCVE-2018-8947
MISC
MISC
EXPLOIT-DB
libming — libming
 
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-03-30not yet calculatedCVE-2018-9132
MISC
librelp — librelp_rsyslog
 
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.2018-03-23not yet calculatedCVE-2018-1000140
MISC
MISC
UBUNTU
DEBIAN
libvirt — libvirt
 
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.2018-03-28not yet calculatedCVE-2018-1064
CONFIRM
CONFIRM
MLIST
DEBIAN
linux — linux_kernel
 
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.2018-03-27not yet calculatedCVE-2018-1091
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.2018-03-30not yet calculatedCVE-2018-7566
SUSE
MLIST
CONFIRM
CONFIRM
linux — linux_kernel
 
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.2018-03-31not yet calculatedCVE-2017-18255
MISC
MISC
linux — linux_kernel
 
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.2018-03-26not yet calculatedCVE-2017-18249
MISC
MISC
logstash — logstash
 
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.2018-03-30not yet calculatedCVE-2018-3817
CONFIRM
lrzip — lrzip
 
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.2018-03-27not yet calculatedCVE-2018-9058
MISC
minicms — minicms
 
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.2018-03-27not yet calculatedCVE-2018-9092
MISC
EXPLOIT-DB
multiple_vendors — multiple_products
 
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.2018-03-27not yet calculatedCVE-2018-9056
MISC
MISC
mysql_for_pcf_tiles — mysql_for_pcf_tiles
 
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.2018-03-29not yet calculatedCVE-2016-0898
BID
CONFIRM
netiq — identity_manager_driver
 
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.2018-03-26not yet calculatedCVE-2018-1348
BID
CONFIRM
netiq — identity_manager_driver
 
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.2018-03-26not yet calculatedCVE-2018-1349
BID
CONFIRM
netiq — identity_manager_driver
 
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.2018-03-28not yet calculatedCVE-2018-7676
CONFIRM
netiq — identity_manager_driver
 
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.2018-03-28not yet calculatedCVE-2018-7674
CONFIRM
netiq — identity_manager_driver
 
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.2018-03-26not yet calculatedCVE-2018-1350
BID
CONFIRM
netiq — identity_manager_driver
 
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.2018-03-26not yet calculatedCVE-2018-7673
BID
CONFIRM
nextcloud — nextcloud_server
 
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.2018-03-28not yet calculatedCVE-2017-0936
MISC
CONFIRM
nordvpn — nordvpn
 
NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool’s implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code execution in the context of the privileged helper tool.2018-03-27not yet calculatedCVE-2018-9105
MISC
nvidia — tegra_kernel
 
NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.2018-03-26not yet calculatedCVE-2017-6278
CONFIRM
octopus — deploy
 
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team’s scoped environments.2018-03-26not yet calculatedCVE-2018-9039
CONFIRM
CONFIRM
oneplus — multiple_devices
 
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.2018-03-29not yet calculatedCVE-2017-5947
MISC
open-audit_professional — open-audit_professional
 
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.2018-03-25not yet calculatedCVE-2018-8979
MISC
EXPLOIT-DB
open-audit_professional — open-audit_professional
 
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.2018-03-25not yet calculatedCVE-2018-8978
MISC
open-audit_professional — open-audit_professional
 
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A “data:text/html;base64,” payload can be used with JavaScript code.2018-03-26not yet calculatedCVE-2018-8937
MISC
openssl_project — openssl
 
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).2018-03-27not yet calculatedCVE-2018-0733
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
openssl_project — openssl
 
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).2018-03-27not yet calculatedCVE-2018-0739
BID
SECTRACK
CONFIRM
CONFIRM
MLIST
CONFIRM
UBUNTU
DEBIAN
DEBIAN
CONFIRM
opera — operaIn the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.2018-03-28not yet calculatedCVE-2018-6608
MISC
MISC
MISC
MISC
MISC
owncloud_server — owncloud_server
 
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.2018-03-26not yet calculatedCVE-2014-2048
XF
CONFIRM
philips — alice_6_system
 
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.2018-03-28not yet calculatedCVE-2018-7498
BID
MISC
philips — alice_6_system
 
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code.2018-03-28not yet calculatedCVE-2018-5451
BID
MISC
philips — intellispace_portalPhilips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code2018-03-26not yet calculatedCVE-2018-5468
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.2018-03-26not yet calculatedCVE-2018-5470
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.2018-03-26not yet calculatedCVE-2018-5454
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.2018-03-26not yet calculatedCVE-2018-5464
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.2018-03-26not yet calculatedCVE-2018-5462
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.2018-03-26not yet calculatedCVE-2018-5474
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.2018-03-26not yet calculatedCVE-2018-5458
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.2018-03-26not yet calculatedCVE-2018-5472
BID
MISC
CONFIRM
philips — intellispace_portal
 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.2018-03-26not yet calculatedCVE-2018-5466
BID
MISC
CONFIRM
prestashop — prestashop
 
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.2018-03-27not yet calculatedCVE-2018-8823
MISC
prisma_industriale — checkweigher_prismaweb
 
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.2018-03-31not yet calculatedCVE-2018-9161
EXPLOIT-DB
MISC
qcacld — qcacld
 
While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur.2018-03-30not yet calculatedCVE-2017-9694
BID
MISC
MISC
qnap_systems — qts
 
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi.2018-03-27not yet calculatedCVE-2017-7630
CONFIRM
qnap_systems — qts
 
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.2018-03-27not yet calculatedCVE-2017-7631
CONFIRM
qnap_systems — qts
 
Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.2018-03-27not yet calculatedCVE-2017-7632
CONFIRM
qualcomm — android
 
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur.2018-03-30not yet calculatedCVE-2017-9681
BID
CONFIRM
qualcomm — android
 
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.2018-03-30not yet calculatedCVE-2017-14915
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly.2018-03-30not yet calculatedCVE-2017-14912
BID
SECTRACK
CONFIRM
qualcomm — android
 
Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.2018-03-30not yet calculatedCVE-2017-15826
CONFIRM
MISC
qualcomm — android
 
In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access.2018-03-30not yet calculatedCVE-2017-14892
CONFIRM
MISC
qualcomm — android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs.2018-03-30not yet calculatedCVE-2017-14906
BID
SECTRACK
CONFIRM
qualcomm — android
 
While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs.2018-03-30not yet calculatedCVE-2017-15859
CONFIRM
MISC
qualcomm — android
 
The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-05, the size of a stack-allocated buffer can be set to a value which exceeds the size of the stack.2018-03-30not yet calculatedCVE-2017-9723
CONFIRM
MISC
qualcomm — android
 
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.2018-03-30not yet calculatedCVE-2017-17769
CONFIRM
qualcomm — android
 
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer.2018-03-30not yet calculatedCVE-2017-14883
CONFIRM
MISC
qualcomm — android
 
Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver.2018-03-30not yet calculatedCVE-2017-15852
CONFIRM
qualcomm — android
 
In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow.2018-03-30not yet calculatedCVE-2017-17766
CONFIRM
MISC
qualcomm — android
 
In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.2018-03-30not yet calculatedCVE-2017-17771
CONFIRM
MISC
qualcomm — android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.2018-03-30not yet calculatedCVE-2017-14913
BID
SECTRACK
CONFIRM
qualcomm — android
 
In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted pointer dereference may potentially occur.2018-03-30not yet calculatedCVE-2017-15846
CONFIRM
MISC
qualcomm — android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config.2018-03-30not yet calculatedCVE-2017-14911
BID
SECTRACK
CONFIRM
qualcomm — android
 
When an atomic commit is issued on a writeback panel with a NULL output_layer parameter in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-03, a NULL pointer dereference may potentially occur.2018-03-30not yet calculatedCVE-2017-9692
BID
MISC
MISC
MISC
qualcomm — android
 
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free’d memory in the debug message output functionality contained within the mobicore driver.2018-03-30not yet calculatedCVE-2017-9691
BID
MISC
qualcomm — android
 
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.2018-03-30not yet calculatedCVE-2017-14881
CONFIRM
MISC
qualcomm — android
 
libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the “filled length”, which is larger than the output buffer’s actual size, leading to an information disclosure problem in the context of mediaserver.2018-03-30not yet calculatedCVE-2017-11087
CONFIRM
qualcomm — android
 
In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable.2018-03-30not yet calculatedCVE-2017-14891
CONFIRM
MISC
qualcomm — android
 
In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists.2018-03-30not yet calculatedCVE-2017-14875
CONFIRM
MISC
qualcomm — android
 
The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability).2018-03-30not yet calculatedCVE-2017-9693
BID
MISC
MISC
qualcomm — android
 
In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.2018-03-30not yet calculatedCVE-2017-15823
CONFIRM
MISC
qualcomm — android
 
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur.2018-03-30not yet calculatedCVE-2017-14877
CONFIRM
MISC
qualcomm — android
 
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.2018-03-30not yet calculatedCVE-2017-14876
CONFIRM
MISC
qualcomm — android
 
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.2018-03-30not yet calculatedCVE-2017-11010
BID
SECTRACK
CONFIRM
quickappscms — quickappscms
 
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.2018-03-28not yet calculatedCVE-2018-9108
MISC
review_board — review_board
 
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.2018-03-29not yet calculatedCVE-2014-5028
MLIST
CONFIRM
XF
CONFIRM
CONFIRM
CONFIRM
roland_gruber_softwareentwicklung — ldap_account_manager
 
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.2018-03-27not yet calculatedCVE-2018-8764
MISC
FULLDISC
roland_gruber_softwareentwicklung — ldap_account_manager
 
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.2018-03-27not yet calculatedCVE-2018-8763
MISC
FULLDISC
rsa — authentication_agent
 
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.2018-03-30not yet calculatedCVE-2018-1234
FULLDISC
SECTRACK
rsa — authentication_agent
 
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user’s browser session in the context of the affected website.2018-03-30not yet calculatedCVE-2018-1233
FULLDISC
SECTRACK
rsa — authentication_agent
 
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.2018-03-30not yet calculatedCVE-2018-1232
FULLDISC
SECTRACK
ruby — ruby
 
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.2018-03-30not yet calculatedCVE-2018-3740
CONFIRM
CONFIRM
ruby — ruby
 
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.2018-03-30not yet calculatedCVE-2018-3741
CONFIRM
ruby — ruby
 
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.2018-03-27not yet calculatedCVE-2018-8048
MLIST
CONFIRM
samsung — mobile_devices
 
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.2018-03-30not yet calculatedCVE-2018-9142
CONFIRM
samsung — mobile_devices
 
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.2018-03-30not yet calculatedCVE-2018-9141
CONFIRM
samsung — mobile_devices
 
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.2018-03-30not yet calculatedCVE-2018-9143
CONFIRM
samsung — mobile_devices
 
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.2018-03-30not yet calculatedCVE-2018-9139
CONFIRM
samsung — mobile_devices
 
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.2018-03-30not yet calculatedCVE-2018-9140
CONFIRM
screen-resolution-extra — screen-resolution-extra
 
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call.2018-03-28not yet calculatedCVE-2018-8885
UBUNTU
sickrage — sickrage
 
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.2018-03-31not yet calculatedCVE-2018-9160
MISC
MISC
siemens — tim_1531_irc
 
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.2018-03-29not yet calculatedCVE-2018-4841
CONFIRM
softros — network_time_system
 
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.2018-03-26not yet calculatedCVE-2018-7658
MISC
EXPLOIT-DB
spark — spark
 
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.2018-03-31not yet calculatedCVE-2018-9159
MISC
MISC
MISC
MISC
MISC
square_9 — globalforms
 
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the “match” parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials.2018-03-28not yet calculatedCVE-2018-8820
FULLDISC
swisscom — myswisscomassistant
 
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker’s choosing that could execute arbitrary code without the user’s knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process.2018-03-27not yet calculatedCVE-2018-6765
MISC
swisscom — tvmediahelper
 
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker’s choosing that could execute arbitrary code without the user’s knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process.2018-03-27not yet calculatedCVE-2018-6766
MISC
symantec — norton_app_lock
 
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access.2018-03-26not yet calculatedCVE-2017-15534
BID
CONFIRM
tenable — appliance
 
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins.2018-03-28not yet calculatedCVE-2018-1142
CONFIRM
thermald — thermald
 
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.2018-03-26not yet calculatedCVE-2014-2312
MLIST
MLIST
tnlsoftsolutions — sentry_vision_devices
 
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an “if(pwd ==” line in the HTML source code. This means, in effect, that authentication occurs only on the client side.2018-03-29not yet calculatedCVE-2018-9031
MISC
MISC
tpshop — tpshop
 
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.2018-03-30not yet calculatedCVE-2017-16614
FULLDISC
twonky — twonky_server
 
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.2018-03-30not yet calculatedCVE-2018-7171
MISC
MISC
EXPLOIT-DB
twonky — twonky_server
 
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.2018-03-30not yet calculatedCVE-2018-7203
MISC
EXPLOIT-DB
unisys — clearpath_mcp_os_systems
 
SQL injection vulnerability in the management interface in ePortal Manager in Unisys ClearPath MCP OS systems with 17.0 CLEARPATHEPORTAL before 17.0a.31 and 18.0 CLEARPATHEPORTAL before 059.1a.13; and ClearPath OS 2200 systems with 16.0 EPORTAL-2200 before 2.2.81 and 17.0 EPORTAL-2200 before 2.3.82 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.2018-03-26not yet calculatedCVE-2018-8802
CONFIRM
wampserver — wampserver
 
Wampserver before 3.1.3 has CSRF in add_vhost.php.2018-03-25not yet calculatedCVE-2018-8817
MISC
wanscam — hw0021_network_camera
 
An information leak exists in Wanscam’s HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.2018-03-28not yet calculatedCVE-2017-11510
MISC
western_digital — wd_my_cloud
 
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud.2018-03-30not yet calculatedCVE-2018-9148
EXPLOIT-DB
wiremock — wiremock
 
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.2018-03-29not yet calculatedCVE-2018-9116
CONFIRM
wiremock — wiremock
 
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.2018-03-29not yet calculatedCVE-2018-9117
CONFIRM
wordpress — wordpress
 
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.2018-03-25not yet calculatedCVE-2018-9020
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter.2018-03-29not yet calculatedCVE-2014-6604
MISC
CONFIRM
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.2018-03-26not yet calculatedCVE-2018-7543
CONFIRM
EXPLOIT-DB
x-pack_security — x-pack_security
 
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.2018-03-30not yet calculatedCVE-2018-3822
CONFIRM
z-blogphp — z-blogphp
 
Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code.2018-03-31not yet calculatedCVE-2018-8893
MISC
zikula_application_framework — zikula_application_framework
 
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.2018-03-26not yet calculatedCVE-2014-2293
MISC
XF
XF
MISC
zimbra — zimbra_collaboration_suite
 
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.2018-03-27not yet calculatedCVE-2018-6882
FULLDISC
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
MISC
zoho — manageengine_servicedesk_plus
 
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.2018-03-30not yet calculatedCVE-2018-5799
FULLDISC
CONFIRM
zsh — zsh
 
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.2018-03-28not yet calculatedCVE-2018-1083
CONFIRM
MLIST
CONFIRM
UBUNTU

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.