Weekly Vulnerabilities Reports > January 1 to 7, 2018

Overview

206 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 43 high severity vulnerabilities. This weekly summary report vulnerabilities in 436 products from 123 vendors including Microsoft, Debian, K7Computing, Canonical, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 162 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 67 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 169 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • EMC has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-05 CVE-2017-15548 EMC Improper Authentication vulnerability in EMC products

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.

10.0
2018-01-05 CVE-2014-8579 Trendnet USE of Hard-Coded Credentials vulnerability in Trendnet Tew-823Dru Firmware

TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.

10.0
2018-01-05 CVE-2017-16720 Advantech Path Traversal vulnerability in Advantech Webaccess

A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier.

10.0
2018-01-03 CVE-2017-1000469 Cobbler Project Improper Input Validation vulnerability in Cobbler Project Cobbler 2.2.1

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

10.0
2018-01-03 CVE-2017-18017 Linux USE After Free vulnerability in Linux Kernel

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

10.0
2018-01-04 CVE-2018-5210 Samsung Out-Of-Bounds Write vulnerability in Samsung Mobile

On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern).

9.3
2018-01-04 CVE-2018-0104 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user.

9.3
2018-01-04 CVE-2018-0103 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user.

9.3
2018-01-05 CVE-2017-15550 EMC Path Traversal vulnerability in EMC products

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.

9.0
2018-01-05 CVE-2017-15549 EMC Unrestricted Upload of File With Dangerous Type vulnerability in EMC products

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.

9.0
2018-01-05 CVE-2017-16666 Xplico OS Command Injection vulnerability in Xplico

Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file.

9.0
2018-01-04 CVE-2017-17867 Intenogroup Incorrect Permission Assignment for Critical Resource vulnerability in Intenogroup Iopsys 4.0

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share.

9.0

43 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-04 CVE-2018-0781 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0778 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0777 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0776 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0775 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0774 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0773 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0772 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore, Edge and Internet Explorer

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0770 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0769 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0768 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0762 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore, Edge and Internet Explorer

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-04 CVE-2018-0758 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-01-06 CVE-2018-5208 Irssi
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.

7.5
2018-01-06 CVE-2018-5206 Irssi
Debian
Null Pointer Dereference vulnerability in multiple products

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.

7.5
2018-01-05 CVE-2017-16724 Advantech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3.

7.5
2018-01-05 CVE-2017-16716 Advantech SQL Injection vulnerability in Advantech Webaccess

A SQL Injection issue was discovered in WebAccess versions prior to 8.3.

7.5
2018-01-04 CVE-2014-7862 Zohocorp Permissions, Privileges, and Access Controls vulnerability in Zohocorp Desktop Central

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

7.5
2018-01-04 CVE-2017-15714 Apache Injection vulnerability in Apache Ofbiz 16.11.01/16.11.02/16.11.03

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed.

7.5
2018-01-04 CVE-2017-8046 Pivotal Software Improper Input Validation vulnerability in Pivotal Software Spring Boot and Spring Data Rest

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

7.5
2018-01-03 CVE-2017-1000487 Plexus Utils Project
Debian
OS Command Injection vulnerability in multiple products

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

7.5
2018-01-03 CVE-2017-1000486 Primetek Inadequate Encryption Strength vulnerability in Primetek Primefaces

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

7.5
2018-01-03 CVE-2017-1000471 Embedthis Null Pointer Dereference vulnerability in Embedthis Goahead 4.0.0

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.

7.5
2018-01-03 CVE-2017-1000480 Smarty Code Injection vulnerability in Smarty

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.

7.5
2018-01-03 CVE-2017-1000501 Awstats
Debian
Path Traversal vulnerability in multiple products

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

7.5
2018-01-03 CVE-2017-1000497 Pepperminty Wiki Project XXE vulnerability in Pepperminty-Wiki Project Pepperminty-Wiki 0.15

Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution

7.5
2018-01-03 CVE-2017-1000493 Rocket Chat Injection vulnerability in Rocket.Chat

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover

7.5
2018-01-02 CVE-2017-1000437 Creolabs Buffer Errors vulnerability in Creolabs Gravity 1.0

Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.

7.5
2018-01-02 CVE-2017-1000430 Rust Base64 Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rust-Base64 Project Rust-Base64

rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions

7.5
2018-01-02 CVE-2017-1000423 B2Evolution Improper Input Validation vulnerability in B2Evolution

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.

7.5
2018-01-02 CVE-2017-1000421 Gifsicle Project
Debian
USE After Free vulnerability in multiple products

Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution

7.5
2018-01-02 CVE-2017-1000458 BRO Out-Of-Bounds Write vulnerability in BRO 2.5.2

Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.

7.5
2018-01-02 CVE-2017-1000453 Cmsmadesimple Injection vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.

7.5
2018-01-02 CVE-2017-17098 GPS Server Code Injection vulnerability in Gps-Server GPS Tracking Software

The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.

7.5
2018-01-02 CVE-2017-1000444 Openhacker Project SQL Injection vulnerability in Openhacker Project Openhacker 0.1.47

Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution

7.5
2018-01-01 CVE-2018-3811 Oturia SQL Injection vulnerability in Oturia Smart Google Code Inserter

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server.

7.5
2018-01-01 CVE-2018-3810 Oturia Improper Authentication vulnerability in Oturia Smart Google Code Inserter

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress.

7.5
2018-01-05 CVE-2017-4946 Vmware Incorrect Authorization vulnerability in VMWare products

The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability.

7.2
2018-01-04 CVE-2017-18020 Samsung Improper Input Validation vulnerability in Samsung Mobile

On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory.

7.2
2018-01-03 CVE-2017-1000473 Linux Dash Project OS Command Injection vulnerability in Linux-Dash Project Linux-Dash

Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.

7.2
2018-01-04 CVE-2018-0753 Microsoft Unspecified vulnerability in Microsoft products

Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability".

7.1
2018-01-03 CVE-2017-1000476 Imagemagick
Debian
Canonical
Resource Exhaustion vulnerability in multiple products

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.

7.1
2018-01-02 CVE-2017-9966 Schneider Electric Unspecified vulnerability in Schneider-Electric Pelco Videoxpert

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior.

7.1

114 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-04 CVE-2018-0788 Microsoft Unspecified vulnerability in Microsoft products

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".

6.9
2018-01-05 CVE-2018-5253 Axiosys Infinite Loop vulnerability in Axiosys Bento4 1.5.1.0

The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.

6.8
2018-01-05 CVE-2018-5248 Imagemagick
Debian
Canonical
Out-Of-Bounds Read vulnerability in multiple products

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

6.8
2018-01-05 CVE-2017-16905 Duolingo
Google
Code Injection vulnerability in Duolingo Tinycards

The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.

6.8
2018-01-04 CVE-2017-1672 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager

IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2018-01-03 CVE-2017-1000479 Netgate
Opnsense Project
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set.

6.8
2018-01-03 CVE-2017-1000489 Acquia
Mautic
Improper Authentication vulnerability in multiple products

Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address

6.8
2018-01-03 CVE-2017-1000499 Phpmyadmin Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness.

6.8
2018-01-03 CVE-2017-1000498 Androidsvg Project XXE vulnerability in Androidsvg Project Androidsvg 1.2.2

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

6.8
2018-01-03 CVE-2017-1000496 Commsy XXE vulnerability in Commsy 9.0.0

Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.

6.8
2018-01-02 CVE-2017-1000433 Pysaml2 Project
Debian
Improper Authentication vulnerability in multiple products

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled.

6.8
2018-01-02 CVE-2017-1000422 Gnome
Debian
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution

6.8
2018-01-02 CVE-2017-1000456 Freedesktop
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

6.8
2018-01-02 CVE-2017-1000418 Mindwerks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mindwerks Wildmidi

The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

6.8
2018-01-02 CVE-2017-1000450 Opencv
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow.

6.8
2018-01-05 CVE-2017-4948 Vmware Information Exposure vulnerability in VMWare Horizon View and Workstation

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll.

6.6
2018-01-03 CVE-2018-4862 Octopus Improper Privilege Management vulnerability in Octopus Deploy

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.

6.5
2018-01-02 CVE-2017-1000438 Openmicroscopy Unspecified vulnerability in Openmicroscopy Omero

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.

6.5
2018-01-01 CVE-2018-3814 Craftcms Unrestricted Upload of File With Dangerous Type vulnerability in Craftcms Craft CMS 2.6.3000

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.

6.5
2018-01-02 CVE-2017-1000420 Syncthing Link Following vulnerability in Syncthing

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

6.4
2018-01-04 CVE-2018-5220 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

6.1
2018-01-04 CVE-2018-5219 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.

6.1
2018-01-04 CVE-2018-5218 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.

6.1
2018-01-04 CVE-2018-5217 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.

6.1
2018-01-03 CVE-2018-5088 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.

6.1
2018-01-03 CVE-2018-5087 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.

6.1
2018-01-03 CVE-2018-5086 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

6.1
2018-01-03 CVE-2018-5085 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

6.1
2018-01-03 CVE-2018-5084 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

6.1
2018-01-03 CVE-2018-5083 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

6.1
2018-01-03 CVE-2018-5082 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

6.1
2018-01-03 CVE-2018-5081 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

6.1
2018-01-03 CVE-2018-5080 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

6.1
2018-01-03 CVE-2018-5079 K7Computing Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

6.1
2018-01-03 CVE-2018-5073 Advanced Real Estate Script Project Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script

Online Ticket Booking has CSRF via admin/movieedit.php.

6.0
2018-01-02 CVE-2017-1000432 Vanillaforums Cross-Site Request Forgery (CSRF) vulnerability in Vanillaforums Vanilla Forums

Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access

6.0
2018-01-02 CVE-2017-1000452 Samlify Project XML Injection (Aka Blind Xpath Injection) vulnerability in Samlify Project Samlify

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

6.0
2018-01-04 CVE-2018-0803 Microsoft Incorrect Authorization vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".

5.8
2018-01-03 CVE-2017-1000484 Plone Open Redirect vulnerability in Plone

By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website.

5.8
2018-01-03 CVE-2017-1000472 Pocoproject
Debian
Path Traversal vulnerability in multiple products

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".

5.8
2018-01-03 CVE-2017-1000481 Plone Open Redirect vulnerability in Plone

When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url.

5.8
2018-01-02 CVE-2017-1000434 Furikake Project Open Redirect vulnerability in Furikake Project Furikake 0.1.0

Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));

5.8
2018-01-02 CVE-2017-9964 Schneider Electric Path Traversal vulnerability in Schneider-Electric Pelco Videoxpert

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1.

5.8
2018-01-07 CVE-2014-10069 Hitrontech Cryptographic Issues vulnerability in Hitrontech Cve-30360 Firmware 3.1.1.21

Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.

5.0
2018-01-06 CVE-2018-5207 Irssi
Debian
USE of Externally-Controlled Format String vulnerability in multiple products

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.

5.0
2018-01-06 CVE-2018-5205 Irssi
Debian
Canonical
USE of Externally-Controlled Format String vulnerability in multiple products

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

5.0
2018-01-05 CVE-2017-18021 Qtpass USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Qtpass

It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords.

5.0
2018-01-05 CVE-2017-16753 Advantech Improper Input Validation vulnerability in Advantech Webaccess

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3.

5.0
2018-01-05 CVE-2017-16728 Advantech Null Pointer Dereference vulnerability in Advantech Webaccess

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3.

5.0
2018-01-04 CVE-2017-14960 Opentext SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

5.0
2018-01-04 CVE-2018-0114 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco Node-Jose

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token.

5.0
2018-01-03 CVE-2017-1000470 Embedthis Integer Overflow OR Wraparound vulnerability in Embedthis Goahead web Server 4.0.0

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.

5.0
2018-01-03 CVE-2017-1000477 Xmlbundle Project XXE vulnerability in Xmlbundle Project Xmlbundle 0.1.7

XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.

5.0
2018-01-02 CVE-2017-1000419 Phpbb Server-Side Request Forgery (SSRF) vulnerability in PHPbb 3.2.0

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

5.0
2018-01-02 CVE-2017-1000448 Structured Data Path Traversal vulnerability in Structured-Data Structured Data Linter

Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.

5.0
2018-01-02 CVE-2017-1000412 Linaro Information Exposure vulnerability in Linaro Op-Tee

Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.

5.0
2018-01-02 CVE-2017-17097 GPS Server Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Gps-Server GPS Tracking Software

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password.

5.0
2018-01-02 CVE-2017-9965 Schneider Electric Path Traversal vulnerability in Schneider-Electric Pelco Videoxpert

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior.

5.0
2018-01-01 CVE-2018-3813 Flir Information Exposure vulnerability in Flir products

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.

5.0
2018-01-01 CVE-2017-18009 Opencv Out-Of-Bounds Read vulnerability in Opencv 3.3.1

In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.

5.0
2018-01-05 CVE-2018-5244 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests.

4.9
2018-01-04 CVE-2017-5754 Intel
ARM
Information Exposure vulnerability in Intel products

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

4.7
2018-01-04 CVE-2017-5753 Intel
Canonical
Debian
Oracle
Synology
Opensuse
Suse
ARM
Pepperl Fuchs
Netapp
Phoenixcontact
Siemens
Vmware
Information Exposure vulnerability in multiple products

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

4.7
2018-01-04 CVE-2017-5715 Intel
ARM
Information Exposure vulnerability in Intel products

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

4.7
2018-01-04 CVE-2018-0752 Microsoft Incorrect Permission Assignment FOR Critical Resource vulnerability in Microsoft products

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability".

4.6
2018-01-04 CVE-2018-0749 Microsoft Unspecified vulnerability in Microsoft products

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".

4.6
2018-01-04 CVE-2018-0748 Microsoft Improper Privilege Management vulnerability in Microsoft products

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".

4.6
2018-01-03 CVE-2017-1000494 Miniupnp Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Miniupnp Project Miniupnpd

Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact

4.6
2018-01-02 CVE-2017-1000454 Cmsmadesimple Injection vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1

4.6
2018-01-02 CVE-2017-1000451 FS GIT Project Unspecified vulnerability in Fs-Git Project Fs-Git

fs-git is a file system like api for git repository.

4.6
2018-01-04 CVE-2018-0744 Microsoft Unspecified vulnerability in Microsoft products

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

4.4
2018-01-04 CVE-2018-0743 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

4.4
2018-01-05 CVE-2018-5251 Libming
Debian
Incorrect Conversion Between Numeric Types vulnerability in multiple products

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c).

4.3
2018-01-05 CVE-2018-5249 Shaarli Project Cross-Site Scripting vulnerability in Shaarli Project Shaarli

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).

4.3
2018-01-05 CVE-2018-5247 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.

4.3
2018-01-05 CVE-2018-5246 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.

4.3
2018-01-05 CVE-2017-18022 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

4.3
2018-01-04 CVE-2017-1673 IBM Cross-Site Scripting vulnerability in IBM Security KEY Lifecycle Manager

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting.

4.3
2018-01-04 CVE-2017-1669 IBM Information Exposure vulnerability in IBM Security KEY Lifecycle Manager

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters.

4.3
2018-01-04 CVE-2017-1665 IBM
Debian
Inadequate Encryption Strength vulnerability in multiple products

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

4.3
2018-01-04 CVE-2017-1664 IBM Inadequate Encryption Strength vulnerability in IBM Security KEY Lifecycle Manager

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

4.3
2018-01-04 CVE-2017-17837 Apache Cross-Site Scripting vulnerability in Apache Deltaspike 1.8.0

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling.

4.3
2018-01-04 CVE-2018-0800 Microsoft Information Exposure vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

4.3
2018-01-04 CVE-2018-0766 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

4.3
2018-01-04 CVE-2018-1190 Pivotal Cross-Site Scripting vulnerability in Pivotal Cf-Release, UAA and UAA Bosh

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0.

4.3
2018-01-04 CVE-2017-14383 Dell Cross-Site Scripting vulnerability in Dell EMC Vnx1 Firmware and EMC Vnx2 Firmware

In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability.

4.3
2018-01-03 CVE-2017-1000461 Brave Incorrect Permission Assignment FOR Critical Resource vulnerability in Brave Browser

Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).

4.3
2018-01-03 CVE-2017-1000460 Libav
Ffmpeg
Google
Null Pointer Dereference vulnerability in multiple products

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

4.3
2018-01-03 CVE-2017-1000488 Acquia
Mautic
Cross-Site Scripting vulnerability in multiple products

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.

4.3
2018-01-03 CVE-2018-4868 Exiv2 Allocation of Resources Without Limits OR Throttling vulnerability in Exiv2 0.26

The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

4.3
2018-01-03 CVE-2017-1000492 Leanote Cross-Site Scripting vulnerability in Leanote Desktop 2.5

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration

4.3
2018-01-03 CVE-2017-1000491 Shiba Project Cross-Site Scripting vulnerability in Shiba Project Shiba 1.1.0

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

4.3
2018-01-03 CVE-2017-1000459 Leanote Cross-Site Scripting vulnerability in Leanote

Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes

4.3
2018-01-02 CVE-2017-1000427 Marked Project Cross-Site Scripting vulnerability in Marked Project Marked

marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.

4.3
2018-01-02 CVE-2017-1000425 Liferay Cross-Site Scripting vulnerability in Liferay Portal

Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.

4.3
2018-01-02 CVE-2017-1000426 Omniscale Cross-Site Scripting vulnerability in Omniscale Mapproxy

MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.

4.3
2018-01-02 CVE-2017-1000431 EZ Cross-Site Scripting vulnerability in EZ Publish

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g.

4.3
2018-01-02 CVE-2017-1000424 Atom Unspecified vulnerability in Atom Electron

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.

4.3
2018-01-02 CVE-2017-1000413 Linaro Information Exposure vulnerability in Linaro Op-Tee

Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.

4.3
2018-01-02 CVE-2017-1000445 Imagemagick
Debian
Canonical
Null Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service

4.3
2018-01-02 CVE-2017-1000443 Openhacker Project Cross-Site Scripting vulnerability in Openhacker Project Openhacker 0.1.47

Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.

4.3
2018-01-02 CVE-2017-18015 Share This Image Project Cross-Site Scripting vulnerability in Share This Image Project Share This Image

The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.

4.3
2018-01-01 CVE-2017-18013 Libtiff Null Pointer Dereference vulnerability in Libtiff 4.0.9

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

4.3
2018-01-01 CVE-2017-18012 Z URL Preview Project Cross-Site Scripting vulnerability in Z-Url Preview Project Z-Url Preview 1.6.1

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.

4.3
2018-01-01 CVE-2017-18011 Clickbank Cross-Site Scripting vulnerability in Clickbank Affiliate ADS FOR Clickbank products

The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.

4.3
2018-01-01 CVE-2017-18010 E GOI Cross-Site Scripting vulnerability in E-Goi Smart Marketing SMS and Newsletters Forms

The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.

4.3
2018-01-01 CVE-2017-18008 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.

4.3
2018-01-01 CVE-2017-18006 Extensis Cross-Site Scripting vulnerability in Extensis Portfolio Netpublish

netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.

4.3
2018-01-05 CVE-2014-8540 Gitlab Permissions, Privileges, and Access Controls vulnerability in Gitlab

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

4.0
2018-01-05 CVE-2014-8336 WP Dbmanager Project Improper Input Validation vulnerability in Wp-Dbmanager Project Wp-Dbmanager

The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.

4.0
2018-01-04 CVE-2017-1727 IBM Information Exposure Through LOG Files vulnerability in IBM Security KEY Lifecycle Manager

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system.

4.0
2018-01-03 CVE-2017-1000483 Plone Unspecified vulnerability in Plone

Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1.

4.0
2018-01-03 CVE-2017-1000490 Acquia
Mautic
Path Traversal vulnerability in multiple products

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

4.0
2018-01-02 CVE-2017-1557 IBM Unspecified vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests.

4.0

37 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-04 CVE-2017-1699 IBM Incorrect Permission Assignment FOR Critical Resource vulnerability in IBM Websphere MQ

IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates.

3.6
2018-01-04 CVE-2018-0751 Microsoft Improper Privilege Management vulnerability in Microsoft products

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability".

3.6
2018-01-04 CVE-2017-18019 K7Computing Improper Input Validation vulnerability in K7Computing Total Security 14.2.0.252

In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory.

3.6
2018-01-04 CVE-2018-5216 Radiantcms Cross-Site Scripting vulnerability in Radiantcms Radiant CMS 1.1.4

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.

3.5
2018-01-04 CVE-2018-5215 Fork CMS Cross-Site Scripting vulnerability in Fork-Cms Fork CMS 5.0.7

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.

3.5
2018-01-04 CVE-2018-5214 ADD Link TO Facebook Project Cross-Site Scripting vulnerability in ADD Link TO Facebook Project ADD Link TO Facebook

The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.

3.5
2018-01-04 CVE-2018-5213 Simple Download Monitor Project Cross-Site Scripting vulnerability in Simple Download Monitor Project Simple Download Monitor 3.5.4

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.

3.5
2018-01-04 CVE-2018-5212 Simple Download Monitor Project Cross-Site Scripting vulnerability in Simple Download Monitor Project Simple Download Monitor 3.5.4

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.

3.5
2018-01-03 CVE-2018-5078 Advanced Real Estate Script Project Cross-Site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script

Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

3.5
2018-01-03 CVE-2018-5077 Advanced Real Estate Script Project Cross-Site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script

Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

3.5
2018-01-03 CVE-2018-5076 Advanced Real Estate Script Project Cross-Site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script

Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.

3.5
2018-01-03 CVE-2018-5075 Advanced Real Estate Script Project Cross-Site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script

Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

3.5
2018-01-03 CVE-2018-5074 Advanced Real Estate Script Project Cross-Site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

3.5
2018-01-03 CVE-2018-5072 Advanced Real Estate Script Project Cross-Site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script

Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.

3.5
2018-01-03 CVE-2017-1000462 Bookstackapp Cross-Site Scripting vulnerability in Bookstackapp Bookstack 0.18.4

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.

3.5
2018-01-03 CVE-2017-1000482 Plone Cross-Site Scripting vulnerability in Plone

A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.

3.5
2018-01-03 CVE-2017-1000478 Elabftw Cross-Site Scripting vulnerability in Elabftw 1.7.8

ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.

3.5
2018-01-03 CVE-2017-1000467 Lavalite Cross-Site Scripting vulnerability in Lavalite 5.2.4

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.

3.5
2018-01-03 CVE-2017-1000495 Quickappscms Cross-Site Scripting vulnerability in Quickappscms Quickapps CMS 2.0.0

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account

3.5
2018-01-03 CVE-2017-1000466 Invoiceninja Cross-Site Scripting vulnerability in Invoiceninja Invoice Ninja 3.8.1

Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.

3.5
2018-01-03 CVE-2017-1000463 Leafpub Cross-Site Scripting vulnerability in Leafpub 1.2.0

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.

3.5
2018-01-02 CVE-2017-1000457 Mojoportal Cross-Site Scripting vulnerability in Mojoportal 2.5.0.0

Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter.

3.5
2018-01-02 CVE-2017-1000442 Passbolt Cross-Site Scripting vulnerability in Passbolt API

Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace

3.5
2018-01-05 CVE-2018-5252 Entropymine Excessive Iteration vulnerability in Entropymine Imageworsener 1.3.2

libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.

2.6
2018-01-04 CVE-2018-0780 Microsoft Out-Of-Bounds Read vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

2.6
2018-01-04 CVE-2018-0767 Microsoft Out-Of-Bounds Read vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

2.6
2018-01-04 CVE-2018-0741 Microsoft Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008

The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".

2.6
2018-01-05 CVE-2014-8335 WP Dbmanager Project Credentials Management vulnerability in Wp-Dbmanager Project Wp-Dbmanager

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

2.1
2018-01-05 CVE-2017-4945 Vmware
Apple
Unspecified vulnerability in VMWare Fusion and Workstation

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability.

2.1
2018-01-04 CVE-2018-0754 Microsoft Unspecified vulnerability in Microsoft products

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".

2.1
2018-01-04 CVE-2018-0750 Microsoft Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008

The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

2.1
2018-01-03 CVE-2017-1000485 Nylas Mail Lives Project Incorrect Permission Assignment for Critical Resource vulnerability in Nylas Mail Lives Project Nylas Mail 2.2.2

Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.

2.1
2018-01-02 CVE-2017-1000455 GNU Origin Validation Error vulnerability in GNU Guixsd

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.

2.1
2018-01-04 CVE-2018-0747 Microsoft Unspecified vulnerability in Microsoft products

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability".

1.9
2018-01-04 CVE-2018-0746 Microsoft Improper Initialization vulnerability in Microsoft products

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability".

1.9
2018-01-04 CVE-2018-0745 Microsoft Improper Initialization vulnerability in Microsoft Windows 10 and Windows Server 2016

The Windows kernel in Windows 10 version 1703.

1.9
2018-01-04 CVE-2017-18018 GNU Race Condition vulnerability in GNU Coreutils

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

1.9