SB18-134: Vulnerability Summary for the Week of May 7, 2018

Original release date: May 14, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389-ds-base — 389-ds-base
 
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.2018-05-09not yet calculatedCVE-2018-1089
BID
REDHAT
CONFIRM
abcm2ps — abcm2ps
 
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-06not yet calculatedCVE-2018-10771
MISC
MISC
absolute_software — computrace_agent
 
Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk’s inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted.2018-05-11not yet calculatedCVE-2009-5150
MISC
absolute_software — computrace_agent
 
The stub component of Absolute Computrace Agent V70.785 executes code from a disk’s inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes.2018-05-11not yet calculatedCVE-2009-5151
MISC
absolute_software — computrace_agent
 
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent’s activation/deactivation status to the factory default via a crafted TaskResult.xml file.2018-05-11not yet calculatedCVE-2009-5152
MISC
admin-cli — admin-cli
 
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.2018-05-11not yet calculatedCVE-2016-8627
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
advantech — webaccess
 
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.2018-05-09not yet calculatedCVE-2017-5175
BID
MISC
alps — pointing-device_driver
 
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the “ApMsgFwd File Mapping Object” section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.2018-05-09not yet calculatedCVE-2018-10828
MISC
EXPLOIT-DB
apache — derby
 
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user’s control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.2018-05-07not yet calculatedCVE-2018-1313
BID
MLIST
bibutils — bibutils
 
NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml.2018-05-07not yet calculatedCVE-2018-10775
MISC
bibutils — bibutils
 
NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml.2018-05-07not yet calculatedCVE-2018-10773
MISC
bibutils — bibutils
 
Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.2018-05-07not yet calculatedCVE-2018-10774
MISC
bitpie — bitpie
 
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).2018-05-08not yet calculatedCVE-2018-10812
MISC
brave — brave
 
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+=’?u202auFEFFu202b’; concatenation in a SCRIPT element.2018-05-08not yet calculatedCVE-2018-10799
MISC
brave — brave
 
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second.2018-05-08not yet calculatedCVE-2018-10798
MISC
csp — mysql_user_manager
 
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.2018-05-05not yet calculatedCVE-2018-10757
MISC
MISC
EXPLOIT-DB
d-link — dir-629-b1_devices
 
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.2018-05-12not yet calculatedCVE-2018-10996
MISC
d-link — dir-868l_devices
 
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.2018-05-09not yet calculatedCVE-2018-10957
MISC
dell_emc — unity_operating_environment
 
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.2018-05-08not yet calculatedCVE-2018-1239
FULLDISC
BID
devicelock — plug_and_play_auditor
 
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).2018-05-10not yet calculatedCVE-2018-10655
MISC
MISC
EXPLOIT-DB
easy_hosting_control_panel — easy_hosting_control_panel
 
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.2018-05-11not yet calculatedCVE-2018-6362
MISC
MISC
easy_hosting_control_panel — easy_hosting_control_panel
 
Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt.2018-05-11not yet calculatedCVE-2018-6619
MISC
MISC
easy_hosting_control_panel — easy_hosting_control_panel
 
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.2018-05-11not yet calculatedCVE-2018-6361
MISC
MISC
easy_hosting_control_panel — easy_hosting_control_panel
 
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage.2018-05-11not yet calculatedCVE-2018-6618
MISC
MISC
easy_hosting_control_panel — easy_hosting_control_panel
 
Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.2018-05-11not yet calculatedCVE-2018-6458
MISC
MISC
easy_hosting_control_panel — easy_hosting_control_panel
 
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.2018-05-11not yet calculatedCVE-2018-6617
MISC
MISC
ethereum — aurora_dao_token
 
The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack.2018-05-08not yet calculatedCVE-2018-10705
MISC
ethereum — koreashow_token
 
An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.2018-05-10not yet calculatedCVE-2018-10973
MISC
ethereum — social_chain_tokenAn integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the “multiOverflow” issue.2018-05-10not yet calculatedCVE-2018-10706
MISC
exiv2 — exiv2
 
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.2018-05-12not yet calculatedCVE-2018-10998
MISC
exiv2 — exiv2
 
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.2018-05-12not yet calculatedCVE-2018-10999
MISC
exiv2 — exiv2
 
Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.2018-05-07not yet calculatedCVE-2018-10780
MISC
exiv2 — exiv2
 
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.2018-05-09not yet calculatedCVE-2018-10958
MISC
exiv2 — exiv2
 
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.2018-05-06not yet calculatedCVE-2018-10772
MISC
fastweb — fastgate_0.00.47_devices
 
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.2018-05-11not yet calculatedCVE-2018-6023
MISC
EXPLOIT-DB
fortinet — fortiwlc
 
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.2018-05-08not yet calculatedCVE-2017-17540
BID
CONFIRM
fortinet — fortiwlc
 
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.2018-05-08not yet calculatedCVE-2017-17539
BID
CONFIRM
foxconn_electronics — femto_ap-fc4064-t_ap_gt_b38_5.8.3lb15-w47_lteCross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user’s browser.2018-05-09not yet calculatedCVE-2018-9111
MISC
foxconn_electronics — femto_ap-fc4064-t_ap_gt_b38_5.8.3lb15-w47_lte
 
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies.2018-05-09not yet calculatedCVE-2018-9112
MISC
free_lossless_image_format — free_lossless_image_format
 
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.2018-05-10not yet calculatedCVE-2018-10972
MISC
free_lossless_image_format — free_lossless_image_format
 
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file.2018-05-10not yet calculatedCVE-2018-10971
MISC
freebsd — freebsdIn FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.2018-05-08not yet calculatedCVE-2018-6921
BID
CONFIRM
freebsd — freebsd
 
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.2018-05-08not yet calculatedCVE-2018-6920
BID
CONFIRM
frog_cms — frog_cms
 
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.2018-05-08not yet calculatedCVE-2018-10806
MISC
gnu — gnu_wget
 
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a rn sequence in a continuation line.2018-05-06not yet calculatedCVE-2018-0494
BID
SECTRACK
MISC
MLIST
MISC
MISC
MISC
UBUNTU
UBUNTU
DEBIAN
EXPLOIT-DB
google — android
 
In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289.2018-05-10not yet calculatedCVE-2017-6289
BID
CONFIRM
google — android
 
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246.2018-05-10not yet calculatedCVE-2018-6246
CONFIRM
google — android
 
In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-69377364. Reference: N-CVE-2017-6293.2018-05-10not yet calculatedCVE-2017-6293
BID
CONFIRM
google — android
 
In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254.2018-05-10not yet calculatedCVE-2018-6254
CONFIRM
haproxy — haproxy
 
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.2018-05-09not yet calculatedCVE-2018-10184
CONFIRM
CONFIRM
hawtio — hawtio
 
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio’s root.2018-05-08not yet calculatedCVE-2017-2594
BID
CONFIRM
CONFIRM
huawei — hirouter-cd20_and_ws5200_home_gateway_products
 
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.2018-05-10not yet calculatedCVE-2018-7933
CONFIRM
huawei — ibmc_products
 
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.2018-05-10not yet calculatedCVE-2018-7941
CONFIRM
huawei — mate_10_and_mate_10_pro_smart_phones
 
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.2018-05-10not yet calculatedCVE-2018-7940
CONFIRM
hwinfo — amd64_kernel_driver
 
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers’ data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.2018-05-09not yet calculatedCVE-2018-8060
MISC
hwinfo — amd64_kernel_driver
 
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write.2018-05-09not yet calculatedCVE-2018-8061
MISC
ibm — cognos_analytics
 
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.2018-05-07not yet calculatedCVE-2018-1413
CONFIRM
BID
SECTRACK
XF
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.2018-05-04not yet calculatedCVE-2017-1743
CONFIRM
BID
SECTRACK
XF
icewarp — icewarp_mail_server
 
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or …/. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.2018-05-08not yet calculatedCVE-2015-1503
MISC
EXPLOIT-DB
MISC
imagemagick — imagemagick
 
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.2018-05-08not yet calculatedCVE-2018-10804
MISC
imagemagick — imagemagick
 
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.2018-05-08not yet calculatedCVE-2018-10805
MISC
impinj — speedway_connect_r420_rfid_reader
 
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions.2018-05-11not yet calculatedCVE-2018-5304
MISC
impinj — speedway_connect_r420_rfid_reader
 
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user.2018-05-11not yet calculatedCVE-2018-5303
MISC
intel — integrated_performance_primitives_cryptography_library
 
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 do not properly ensure constant execution time.2018-05-10not yet calculatedCVE-2018-3617
CONFIRM
intel — nuc_kits
 
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).2018-05-10not yet calculatedCVE-2018-3612
CONFIRM
intel — wireless-ac_products
 
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel’s wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.2018-05-10not yet calculatedCVE-2018-3649
CONFIRM
jasper — jasper
 
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.2018-05-04not yet calculatedCVE-2018-9154
MISC
jenkins — jenkinsAn exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator’s web browser (e.g. malicious extension) to retrieve the configured SMTP password.2018-05-08not yet calculatedCVE-2018-1000176
CONFIRM
jenkins — jenkins
 
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.2018-05-08not yet calculatedCVE-2018-1000174
CONFIRM
jenkins — jenkins
 
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user’s browser when that user performs some UI actions.2018-05-08not yet calculatedCVE-2018-1000177
CONFIRM
jenkins — jenkins
 
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.2018-05-08not yet calculatedCVE-2018-1000173
CONFIRM
jenkins — jenkins
 
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.2018-05-08not yet calculatedCVE-2017-2606
BID
CONFIRM
CONFIRM
CONFIRM
jenkins — jenkins
 
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.2018-05-08not yet calculatedCVE-2018-1000175
CONFIRM
jenkins — jenkins
 
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.2018-05-08not yet calculatedCVE-2017-2611
BID
CONFIRM
CONFIRM
CONFIRM
jenkins — jenkins
 
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.2018-05-10not yet calculatedCVE-2017-2601
BID
CONFIRM
CONFIRM
CONFIRM
kde_project — kwallet
 
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.2018-05-08not yet calculatedCVE-2018-10380
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kongtop — dvr_devices
 
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.2018-05-08not yet calculatedCVE-2018-10734
MISC
MISC
MISC
lantech — ids_2102
 
In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).2018-05-04not yet calculatedCVE-2018-8869
BID
MISC
lantech — ids_2102
 
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).2018-05-04not yet calculatedCVE-2018-8865
BID
MISC
lenovo — system_update
 
MapDrv (C:Program FilesLenovoSystem Updatemapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program’s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.2018-05-04not yet calculatedCVE-2018-9063
BID
CONFIRM
libgxps — libgxps
 
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.2018-05-06not yet calculatedCVE-2018-10767
MISC
libnghttp2 — libnghttp2
 
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.2018-05-08not yet calculatedCVE-2018-1000168
CONFIRM
libtiff — libtiff
 
TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.2018-05-08not yet calculatedCVE-2018-10801
MISC
libtiff — libtiff
 
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.2018-05-07not yet calculatedCVE-2018-10779
MISC
BID
libtiff — libtiff
 
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.2018-05-09not yet calculatedCVE-2018-10963
MISC
liferay — liferay
 
Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI.2018-05-07not yet calculatedCVE-2018-10795
MISC
lilypond — lilypond
 
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a –proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.2018-05-11not yet calculatedCVE-2018-10992
MISC
linux — linux_kernel
 
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.2018-05-10not yet calculatedCVE-2018-1130
CONFIRM
CONFIRM
MLIST
MISC
linux — linux_kernel
 
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.2018-05-09not yet calculatedCVE-2018-10940
MISC
MISC
MISC
linux — linux_kernel
 
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.2018-05-10not yet calculatedCVE-2018-1118
CONFIRM
litecart — litecart
 
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.2018-05-09not yet calculatedCVE-2018-10827
MISC
microsoft — .net_and_.net_core
 
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka “.NET and .NET Core Denial of Service Vulnerability.” This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.2018-05-09not yet calculatedCVE-2018-0765
BID
SECTRACK
CONFIRM
microsoft — .net
 
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka “.NET Framework Device Guard Security Feature Bypass Vulnerability.” This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.2018-05-09not yet calculatedCVE-2018-1039
BID
SECTRACK
CONFIRM
microsoft — azure
 
A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka “Azure IoT SDK Spoofing Vulnerability.” This affects C# SDK, C SDK, Java SDK.2018-05-09not yet calculatedCVE-2018-8119
BID
CONFIRM
microsoft — chakracore_and_internet_explorer_and_edge
 
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-8145
BID
SECTRACK
CONFIRM
microsoft — edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge.2018-05-09not yet calculatedCVE-2018-8179
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0945
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.2018-05-09not yet calculatedCVE-2018-8139
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8137
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-0943
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-8133
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8128
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0953
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.2018-05-09not yet calculatedCVE-2018-8130
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.2018-05-09not yet calculatedCVE-2018-8177
BID
CONFIRM
microsoft — edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0946
BID
SECTRACK
CONFIRM
microsoft — edge
 
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka “Microsoft Edge Security Feature Bypass Vulnerability.” This affects Microsoft Edge.2018-05-09not yet calculatedCVE-2018-8112
BID
SECTRACK
CONFIRM
microsoft — edge
 
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.2018-05-09not yet calculatedCVE-2018-8123
BID
SECTRACK
CONFIRM
microsoft — edge
 
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.2018-05-09not yet calculatedCVE-2018-1021
BID
SECTRACK
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0951
BID
SECTRACK
CONFIRM
microsoft — exchange_serverAn elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka “Microsoft Exchange Server Elevation of Privilege Vulnerability.” This affects Microsoft Exchange Server.2018-05-09not yet calculatedCVE-2018-8152
BID
SECTRACK
CONFIRM
microsoft — exchange_server
 
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.2018-05-09not yet calculatedCVE-2018-8151
BID
SECTRACK
CONFIRM
microsoft — exchange_server
 
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.2018-05-09not yet calculatedCVE-2018-8154
BID
SECTRACK
CONFIRM
microsoft — exchange_server
 
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka “Microsoft Exchange Elevation of Privilege Vulnerability.” This affects Microsoft Exchange Server.2018-05-09not yet calculatedCVE-2018-8159
BID
SECTRACK
CONFIRM
microsoft — exchange_server
 
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka “Microsoft Exchange Spoofing Vulnerability.” This affects Microsoft Exchange Server.2018-05-09not yet calculatedCVE-2018-8153
BID
SECTRACK
CONFIRM
microsoft — infopath
 
A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka “Microsoft InfoPath Remote Code Execution Vulnerability.” This affects Microsoft Infopath.2018-05-09not yet calculatedCVE-2018-8173
BID
SECTRACK
CONFIRM
microsoft — internet_explorer_and_chakracore_and_edge
 
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0954
BID
SECTRACK
CONFIRM
microsoft — internet_explorer_and_edgeAn information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka “Microsoft Browser Information Disclosure Vulnerability.” This affects Internet Explorer 11, Microsoft Edge.2018-05-09not yet calculatedCVE-2018-1025
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8122
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-0955
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-8114
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka “Internet Explorer Security Feature Bypass Vulnerability.” This affects Internet Explorer 11.2018-05-09not yet calculatedCVE-2018-8126
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, aka “Microsoft COM for Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-0824
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka “Microsoft Browser Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge.2018-05-09not yet calculatedCVE-2018-8178
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.2018-05-09not yet calculatedCVE-2018-1022
BID
SECTRACK
CONFIRM
microsoft — office_and_excel
 
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka “Microsoft Excel Information Disclosure Vulnerability.” This affects Microsoft Office, Microsoft Excel.2018-05-09not yet calculatedCVE-2018-8163
BID
SECTRACK
CONFIRM
microsoft — office_and_excel
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.2018-05-09not yet calculatedCVE-2018-8148
BID
SECTRACK
CONFIRM
microsoft — office_and_excel
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.2018-05-09not yet calculatedCVE-2018-8147
BID
SECTRACK
CONFIRM
microsoft — office_and_excel
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148.2018-05-09not yet calculatedCVE-2018-8162
BID
SECTRACK
CONFIRM
microsoft — office_and_word_and_sharepoint
 
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability.” This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.2018-05-09not yet calculatedCVE-2018-8161
BID
SECTRACK
CONFIRM
microsoft — office_and_word
 
An information disclosure vulnerability exists in Outlook when a message is opened, aka “Microsoft Outlook Information Disclosure Vulnerability.” This affects Word, Microsoft Office.2018-05-09not yet calculatedCVE-2018-8160
BID
SECTRACK
CONFIRM
microsoft — office
 
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability.” This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.2018-05-09not yet calculatedCVE-2018-8157
BID
SECTRACK
CONFIRM
microsoft — office
 
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability.” This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161.2018-05-09not yet calculatedCVE-2018-8158
BID
SECTRACK
CONFIRM
microsoft — office
 
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka “Microsoft Outlook Security Feature Bypass Vulnerability.” This affects Microsoft Office.2018-05-09not yet calculatedCVE-2018-8150
BID
SECTRACK
CONFIRM
microsoft — sharepoint_and_project_server
 
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.2018-05-09not yet calculatedCVE-2018-8156
BID
SECTRACK
CONFIRM
microsoft — sharepoint_and_project_server
 
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156.2018-05-09not yet calculatedCVE-2018-8168
BID
SECTRACK
CONFIRM
microsoft — sharepoint_server_and_sharepoint
 
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168.2018-05-09not yet calculatedCVE-2018-8149
BID
SECTRACK
CONFIRM
microsoft — sharepoint
 
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.2018-05-09not yet calculatedCVE-2018-8155
BID
SECTRACK
CONFIRM
microsoft — windowsAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141.2018-05-09not yet calculatedCVE-2018-8127
BID
SECTRACK
CONFIRM
microsoft — windowsA remote code execution vulnerability exists in the way that Windows handles objects in memory, aka “Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8136
BID
SECTRACK
CONFIRM
microsoft — windowsAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166.2018-05-09not yet calculatedCVE-2018-8164
BID
CONFIRM
microsoft — windowsAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.2018-05-09not yet calculatedCVE-2018-8120
BID
SECTRACK
CONFIRM
microsoft — windowsA remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka “Hyper-V Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-0959
BID
SECTRACK
CONFIRM
microsoft — windows_scripting_host
 
A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka “Windows Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132.2018-05-09not yet calculatedCVE-2018-0854
BID
SECTRACK
CONFIRM
microsoft — windows
 
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka “Windows Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132.2018-05-09not yet calculatedCVE-2018-0958
BID
SECTRACK
CONFIRM
microsoft — windows
 
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka “Hyper-V vSMB Remote Code Execution Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-0961
BID
SECTRACK
CONFIRM
microsoft — windows
 
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka “Windows Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8134
BID
SECTRACK
CONFIRM
microsoft — windows
 
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka “Windows Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129.2018-05-09not yet calculatedCVE-2018-8132
BID
SECTRACK
CONFIRM
microsoft — windows
 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka “Windows VBScript Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8174
CONFIRM
microsoft — windows
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164.2018-05-09not yet calculatedCVE-2018-8166
BID
CONFIRM
microsoft — windows
 
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka “Windows Image Elevation of Privilege Vulnerability.” This affects Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8170
BID
SECTRACK
CONFIRM
microsoft — windows
 
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka “Windows Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132.2018-05-09not yet calculatedCVE-2018-8129
BID
SECTRACK
CONFIRM
microsoft — windows
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127.2018-05-09not yet calculatedCVE-2018-8141
BID
SECTRACK
CONFIRM
microsoft — windows
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166.2018-05-09not yet calculatedCVE-2018-8124
BID
SECTRACK
CONFIRM
microsoft — windows
 
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8165
BID
CONFIRM
microsoft — windows
 
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-05-09not yet calculatedCVE-2018-8167
BID
CONFIRM
modbuspal — modbuspal
 
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.2018-05-11not yet calculatedCVE-2018-10832
MISC
EXPLOIT-DB
mp3gain — mp3gain
 
The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact.2018-05-07not yet calculatedCVE-2018-10776
MISC
mp3gain — mp3gain
 
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409.2018-05-07not yet calculatedCVE-2018-10778
MISC
mp3gain — mp3gain
 
Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-07not yet calculatedCVE-2018-10777
MISC
multiple_vendors — os_kernels
 
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer’s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.2018-05-08not yet calculatedCVE-2018-8897
MISC
MISC
MISC
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
UBUNTU
DEBIAN
MISC
CONFIRM
MISC
MISC
mybb — mybb
 
The “Latest Posts on Profile” plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user’s most recent posts without sanitizing the tsubject (aka thread subject) field.2018-05-11not yet calculatedCVE-2018-10580
MISC
EXPLOIT-DB
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14474
MISC
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14479
MISC
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14478
MISC
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14477
MISC
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14475
MISC
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14480
MISC
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14476
MISC
mysql — multi-master_replication_manager
 
In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.2018-05-09not yet calculatedCVE-2017-14481
MISC
opmantek — open-audit_community
 
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.2018-05-09not yet calculatedCVE-2018-10314
MISC
EXPLOIT-DB
philips — brilliance_ct_kiosk_environment
 
Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.2018-05-04not yet calculatedCVE-2018-8861
BID
MISC
CONFIRM
philips — brilliance_ct_scanners
 
Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system.2018-05-04not yet calculatedCVE-2018-8853
BID
MISC
CONFIRM
philips — brilliance_ct_software
 
Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.2018-05-04not yet calculatedCVE-2018-8857
BID
MISC
CONFIRM
pivotal — application_service
 
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.2018-05-11not yet calculatedCVE-2018-1278
CONFIRM
pivotal — greenplum_command_center
 
Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.2018-05-11not yet calculatedCVE-2018-1280
CONFIRM
pivotal — spring-integration-zip
 
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.2018-05-11not yet calculatedCVE-2018-1261
CONFIRM
pivotal — spring_cloud_sso_connector
 
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.2018-05-07not yet calculatedCVE-2018-1256
CONFIRM
pivotal — spring_data_commons
 
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data’s projection-based request payload binding to access arbitrary files on the system.2018-05-11not yet calculatedCVE-2018-1259
CONFIRM
pivotal — spring_security_oauth
 
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.2018-05-11not yet calculatedCVE-2018-1260
CONFIRM
pivotal – spring_framework
 
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.2018-05-11not yet calculatedCVE-2018-1257
CONFIRM
pivotal – spring_security_and_spring_framework
 
Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.2018-05-11not yet calculatedCVE-2018-1258
CONFIRM
poppler — poppler
 
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.2018-05-10not yet calculatedCVE-2017-18267
CONFIRM
poppler — poppler
 
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.2018-05-06not yet calculatedCVE-2018-10768
MISC
postgresql — postgresql
 
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn’t follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.2018-05-10not yet calculatedCVE-2018-1115
CONFIRM
CONFIRM
prestashop — prestashop
 
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.2018-05-09not yet calculatedCVE-2018-8824
MISC
prestashop — prestashop
 
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.2018-05-09not yet calculatedCVE-2018-10942
MISC
prosody — prosody
 
Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module.2018-05-09not yet calculatedCVE-2017-18265
MISC
MISC
MISC
MISC
DEBIAN
pulse_secure — pulse_connect_securePulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.2018-05-10not yet calculatedCVE-2018-9849
CONFIRM
puppet — puppet_enterprise_console
 
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.2018-05-08not yet calculatedCVE-2018-6510
CONFIRM
puppet — puppet_enterprise_console
 
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.2018-05-08not yet calculatedCVE-2018-6511
CONFIRM
python-oslo-middleware — python-oslo-middleware
 
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback’s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).2018-05-08not yet calculatedCVE-2017-2592
CONFIRM
REDHAT
REDHAT
BID
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
MISC
MISC
quassel — quassel
 
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.2018-05-08not yet calculatedCVE-2018-1000178
CONFIRM
MISC
MLIST
DEBIAN
quassel — quassel
 
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.2018-05-08not yet calculatedCVE-2018-1000179
CONFIRM
DEBIAN
red_lion — controls_sixnet-managed_industrial_switches_and_automationdirect_stride-managed_ethernet_switches
 
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.2018-05-09not yet calculatedCVE-2016-9335
MISC
rockwell_automation — factorytalk_activation_products
 
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.2018-05-11not yet calculatedCVE-2017-6015
BID
MISC
MISC
rsa — authentication_manager
 
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application.2018-05-08not yet calculatedCVE-2018-1247
FULLDISC
BID
SECTRACK
rsa — authentication_manager
 
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains.2018-05-08not yet calculatedCVE-2018-1248
FULLDISC
BID
SECTRACK
ruibaby/halo — ruibaby/halo
 
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.2018-05-12not yet calculatedCVE-2018-11012
MISC
ruibaby/halo — ruibaby/halo
 
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.2018-05-12not yet calculatedCVE-2018-11011
MISC
sap — enterprise_financial_services
 
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.2018-05-09not yet calculatedCVE-2018-2419
BID
CONFIRM
MISC
sap — identity_management
 
SAP Identity Management 8.0 does not sufficiently validate an XML document accepted from an untrusted source.2018-05-09not yet calculatedCVE-2018-2416
BID
CONFIRM
MISC
sap — identity_management
 
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.2018-05-09not yet calculatedCVE-2018-2417
BID
CONFIRM
MISC
sap — internet_graphics_server_and_rfc_listener
 
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.2018-05-09not yet calculatedCVE-2018-2423
BID
CONFIRM
MISC
sap — internet_graphics_server_portwatcher
 
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.2018-05-09not yet calculatedCVE-2018-2422
BID
CONFIRM
MISC
sap — internet_graphics_server_portwatcher
 
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.2018-05-09not yet calculatedCVE-2018-2421
BID
CONFIRM
MISC
sap — internet_graphics_server
 
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.2018-05-09not yet calculatedCVE-2018-2420
BID
CONFIRM
MISC
sap — maxdb_odbc_driver
 
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.2018-05-09not yet calculatedCVE-2018-2418
BID
CONFIRM
MISC
sap — netweaver_application_server_java_web_container_and_http_service
 
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.2018-05-09not yet calculatedCVE-2018-2415
BID
CONFIRM
MISC
sdcms — sdcms
 
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.2018-05-12not yet calculatedCVE-2018-11004
MISC
severalnines — clustercontrol
 
Severalnines ClusterControl before 1.6.0-4699 allows XSS.2018-05-08not yet calculatedCVE-2018-10817
MISC
shanghai — 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014.2018-05-08not yet calculatedCVE-2018-10796
MISC
shanghai — 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550.2018-05-09not yet calculatedCVE-2018-10954
MISC
shanghai — 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104.2018-05-10not yet calculatedCVE-2018-10975
MISC
shanghai — 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873.2018-05-08not yet calculatedCVE-2018-10809
MISC
MISC
EXPLOIT-DB
shanghai — 2345_security_guardIn 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548.2018-05-09not yet calculatedCVE-2018-10955
MISC
shanghai — 2345_security_guard
 
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050.2018-05-10not yet calculatedCVE-2018-10976
MISC
shanghai — 2345_security_guard
 
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100.2018-05-10not yet calculatedCVE-2018-10974
MISC
shanghai — 2345_security_guard
 
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4.2018-05-10not yet calculatedCVE-2018-10977
MISC
shanghai — 2345_security_guard
 
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.2018-05-09not yet calculatedCVE-2018-10830
MISC
shanghai — 2345_security_guard
 
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered.2018-05-09not yet calculatedCVE-2018-10962
MISC
shanghai — 2345_security_guard
 
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088.2018-05-09not yet calculatedCVE-2018-10952
MISC
shanghai — 2345_security_guard
 
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C.2018-05-09not yet calculatedCVE-2018-10953
MISC
shenzhen_anni — 5_in_1_xvr_devices
 
download.rsp on ShenZhen Anni “5 in 1 XVR” devices allows remote attackers to download the configuration (without a login) to discover the password.2018-05-09not yet calculatedCVE-2018-10770
MISC
MISC
silex_technology_and_ge_healthcare — silex_technology_sd-320an_and_ge_healthcare_mobilelink_geh_320an
 
Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.2018-05-09not yet calculatedCVE-2018-6021
MISC
silex_technology_and_ge_healthcare — silex_technology_sx-500_and_ge_healthcare_mobilelink_geh_500
 
In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.2018-05-09not yet calculatedCVE-2018-6020
MISC
synology — calendar
 
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.2018-05-10not yet calculatedCVE-2018-8915
CONFIRM
synology — drive
 
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.2018-05-10not yet calculatedCVE-2018-8910
CONFIRM
synology — media_server
 
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.2018-05-10not yet calculatedCVE-2018-8914
CONFIRM
synology — note_station
 
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.2018-05-09not yet calculatedCVE-2018-8911
CONFIRM
synology — note_station
 
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.2018-05-09not yet calculatedCVE-2018-8912
CONFIRM
vecna — vgo_robot
 
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network.2018-05-09not yet calculatedCVE-2018-8860
BID
MISC
vecna — vgo_robot
 
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.2018-05-09not yet calculatedCVE-2018-8866
BID
MISC
vesta — control_panel
 
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST[‘path’] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.2018-05-06not yet calculatedCVE-2018-10686
MISC
MISC
wildfly — wildfly
 
An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using “anonymous” access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution.2018-05-09not yet calculatedCVE-2018-10682
MISC
xdg-utils — xdg-utils
 
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.2018-05-10not yet calculatedCVE-2017-18266
MISC
MISC
MISC
MISC
xen — xen
 
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.2018-05-10not yet calculatedCVE-2018-10982
CONFIRM
CONFIRM
xen — xen
 
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.2018-05-10not yet calculatedCVE-2018-10981
CONFIRM
CONFIRM
yxcms — yxcms
 
An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.2018-05-12not yet calculatedCVE-2018-11003
MISC
z-nomp — z-nomp
 
Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,…,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies.2018-05-09not yet calculatedCVE-2018-10831
MISC
MISC
zimbra — collaboration_suite
 
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.2018-05-09not yet calculatedCVE-2018-10950
MISC
zimbra — collaboration_suite
 
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.2018-05-09not yet calculatedCVE-2018-10951
MISC
zimbra — collaboration_suite
 
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the “HTTP 404 – account is not active” and “HTTP 401 – must authenticate” errors.2018-05-09not yet calculatedCVE-2018-10949
MISC
zoho_manageengine — netflow_analyzer
 
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.2018-05-10not yet calculatedCVE-2018-10803
CONFIRM
zoho_manageengine — servicedesk_plus
 
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user’s logon domain if the accounts exists, or ‘null’ if it does not.2018-05-11not yet calculatedCVE-2018-7248
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.