Weekly Vulnerabilities Reports > January 15 to 21, 2018

Overview

316 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 429 products from 72 vendors including Oracle, Cisco, Debian, Canonical, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", "Information Exposure", and "Incorrect Authorization".

  • 268 reported vulnerabilities are remotely exploitables.
  • 17 reported vulnerabilities have public exploit available.
  • 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 218 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 175 reported vulnerabilities.
  • Barni has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-20 CVE-2017-14803 Netiq Unspecified vulnerability in Netiq Access Manager 4.3/4.4

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.

10.0
2018-01-19 CVE-2017-18044 Commvault OS Command Injection vulnerability in Commvault 11.0

A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6.

10.0
2018-01-16 CVE-2018-5724 Barni Unrestricted Upload of File With Dangerous Type vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.

10.0
2018-01-16 CVE-2018-5723 Barni USE of Hard-Coded Credentials vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103

MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.

10.0
2018-01-16 CVE-2018-5703 Linux Out-Of-Bounds Write vulnerability in Linux Kernel

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.

10.0
2018-01-16 CVE-2018-5704 Debian
Openocd
USE of Externally-Controlled Format String vulnerability in multiple products

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

9.3
2018-01-18 CVE-2018-0099 Cisco OS Command Injection vulnerability in Cisco D9800 Firmware

A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack.

9.0

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-18 CVE-2018-2710 Oracle Unspecified vulnerability in Oracle Solaris 10.0

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

7.8
2018-01-18 CVE-2018-2696 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges).

7.8
2018-01-18 CVE-2018-2585 Oracle Unspecified vulnerability in Oracle Mysql Connector/Net

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net).

7.8
2018-01-16 CVE-2018-5330 Zyxel Unspecified vulnerability in Zyxel P-660Hw V3 Firmware

ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.

7.8
2018-01-21 CVE-2018-5955 Smartmobilesoftware Improper Input Validation vulnerability in Smartmobilesoftware Gitstack

An issue was discovered in GitStack through 2.3.10.

7.5
2018-01-21 CVE-2017-18046 Dasannetworks Buffer Errors vulnerability in Dasannetworks H640X Firmware 12.0201121/2.77P11124/3.03P21146

Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).

7.5
2018-01-21 CVE-2017-18045 Directadmin Unspecified vulnerability in Directadmin

JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.

7.5
2018-01-19 CVE-2017-14094 Trendmicro Injection vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.

7.5
2018-01-18 CVE-2017-12729 Moxa SQL Injection vulnerability in Moxa Softcms LAB View

A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6.

7.5
2018-01-18 CVE-2016-6814 Apache
Redhat
Deserialization of Untrusted Data vulnerability in multiple products

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g.

7.5
2018-01-18 CVE-2018-2707 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending 12.3.0/12.4.0

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

7.5
2018-01-18 CVE-2018-2704 Oracle Unspecified vulnerability in Oracle Banking Payments 12.3.0/12.4.0

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

7.5
2018-01-18 CVE-2018-2647 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).

7.5
2018-01-18 CVE-2018-2612 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).

7.5
2018-01-18 CVE-2018-2611 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services).

7.5
2018-01-18 CVE-2018-2568 Oracle Unspecified vulnerability in Oracle Integrated Lights OUT Manager Firmware

Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application).

7.5
2018-01-18 CVE-2018-2562 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition).

7.5
2018-01-17 CVE-2018-5195 Hancom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hancom Thinkfree Office NEO

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.

7.5
2018-01-16 CVE-2018-5299 Pulsesecure Out-Of-Bounds Write vulnerability in Pulsesecure Pulse Connect Secure and Pulse Policy Secure

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

7.5
2018-01-15 CVE-2018-5328 Beims Improper Authentication vulnerability in Beims Contractorweb.Net 5.18.0.0

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details.

7.5
2018-01-18 CVE-2018-0115 Cisco OS Command Injection vulnerability in Cisco Staros

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system.

7.2
2018-01-18 CVE-2018-0095 Cisco Unspecified vulnerability in Cisco Asyncos 9.1.1005/9.7.2065

A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access.

7.2
2018-01-18 CVE-2018-0088 Cisco Incorrect Permission Assignment FOR Critical Resource vulnerability in Cisco Industrial Ethernet 4010 Series Firmware

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device.

7.2
2018-01-16 CVE-2018-1000004 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

7.1

256 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-19 CVE-2017-12118 Ethereum Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum

An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).

6.8
2018-01-19 CVE-2017-12116 Ethereum Incorrect Authorization vulnerability in Ethereum Aleth

An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).

6.8
2018-01-19 CVE-2017-12113 Ethereum Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum

An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).

6.8
2018-01-19 CVE-2017-12117 Ethereum Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum

An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).

6.8
2018-01-19 CVE-2017-12115 Ethereum Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum

An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).

6.8
2018-01-19 CVE-2017-12112 Ethereum Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum

An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).

6.8
2018-01-19 CVE-2017-14095 Trendmicro Inclusion of Functionality From Untrusted Control Sphere vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.

6.8
2018-01-19 CVE-2017-11398 Trendmicro Deprecated: Information Exposure Through Debug LOG Files vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

6.8
2018-01-19 CVE-2017-7327 Yandex Untrusted Search Path vulnerability in Yandex Browser

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

6.8
2018-01-19 CVE-2017-1693 IBM Insufficient Session Expiration vulnerability in IBM Integration BUS

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out.

6.8
2018-01-18 CVE-2017-3158 Apache Race Condition vulnerability in Apache Guacamole

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap.

6.8
2018-01-18 CVE-2018-5766 Libav Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libav

In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c.

6.8
2018-01-18 CVE-2018-0107 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Service Catalog

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.

6.8
2018-01-18 CVE-2018-2703 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges).

6.8
2018-01-18 CVE-2018-2668 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

6.8
2018-01-18 CVE-2018-2667 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

6.8
2018-01-18 CVE-2018-2665 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

6.8
2018-01-18 CVE-2018-2664 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).

6.8
2018-01-18 CVE-2018-2646 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

6.8
2018-01-18 CVE-2018-2640 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

6.8
2018-01-18 CVE-2018-2639 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).

6.8
2018-01-18 CVE-2018-2636 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security).

6.8
2018-01-18 CVE-2018-2622 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).

6.8
2018-01-18 CVE-2018-2600 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

6.8
2018-01-18 CVE-2018-2593 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology).

6.8
2018-01-18 CVE-2018-2591 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition).

6.8
2018-01-18 CVE-2018-2590 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema).

6.8
2018-01-18 CVE-2018-2586 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

6.8
2018-01-18 CVE-2018-2583 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure).

6.8
2018-01-18 CVE-2018-2576 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

6.8
2018-01-18 CVE-2018-2573 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS).

6.8
2018-01-18 CVE-2018-2565 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB).

6.8
2018-01-18 CVE-2017-5696 Intel Untrusted Search Path vulnerability in Intel Graphics Driver

Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.

6.8
2018-01-15 CVE-2018-5329 Beims Cross-Site Request Forgery (CSRF) vulnerability in Beims Contractorweb.Net 5.18.0.0

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages.

6.8
2018-01-15 CVE-2018-5702 Transmissionbt
Debian
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
6.8
2018-01-18 CVE-2017-5170 Moxa Uncontrolled Search Path Element vulnerability in Moxa Softnvr-Ia Live View

An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions.

6.5
2018-01-18 CVE-2018-2706 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending 12.3.0/12.4.0

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

6.5
2018-01-18 CVE-2018-2705 Oracle Unspecified vulnerability in Oracle Banking Payments 12.3.0/12.4.0

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

6.5
2018-01-18 CVE-2018-2660 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core).

6.5
2018-01-18 CVE-2018-2648 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

6.5
2018-01-18 CVE-2018-2616 Oracle Unspecified vulnerability in Oracle OSS Support Tools

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant).

6.5
2018-01-18 CVE-2018-2615 Oracle Unspecified vulnerability in Oracle OSS Support Tools

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant).

6.5
2018-01-18 CVE-2018-2570 Oracle Unspecified vulnerability in Oracle Communications Unified Inventory Management 7.2.4.2/7.3

Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal).

6.5
2018-01-18 CVE-2017-10282 Oracle Unspecified vulnerability in Oracle Database Server 12.1.0.2/12.2.0.1

Vulnerability in the Core RDBMS component of Oracle Database Server.

6.5
2018-01-17 CVE-2018-5721 Asuswrt Merlin Out-Of-Bounds Write vulnerability in Asuswrt-Merlin

Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting.

6.5
2018-01-16 CVE-2018-5706 Octopus Improper Privilege Management vulnerability in Octopus Deploy

An issue was discovered in Octopus Deploy before 4.1.9.

6.5
2018-01-19 CVE-2017-14457 Ethereum Out-Of-Bounds Read vulnerability in Ethereum Virtual Machine

An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum.

6.4
2018-01-18 CVE-2018-2697 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0.4.0

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System).

6.4
2018-01-18 CVE-2018-2656 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server).

6.4
2018-01-18 CVE-2018-2655 Oracle Unspecified vulnerability in Oracle Work in Process

Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Assemble/Configure to Order).

6.4
2018-01-18 CVE-2018-2649 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

6.4
2018-01-18 CVE-2018-2621 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 7.3.874

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Mobile Gangway and Mustering).

6.4
2018-01-18 CVE-2018-2613 Oracle Unspecified vulnerability in Oracle Argus Safety

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login).

6.4
2018-01-18 CVE-2017-10068 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Dashboards).

6.4
2018-01-18 CVE-2018-2578 Oracle Unspecified vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

6.2
2018-01-21 CVE-2018-5958 Zillya Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0

In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424.

6.1
2018-01-21 CVE-2018-5956 Zillya Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0

In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414.

6.1
2018-01-18 CVE-2018-0102 Cisco Double Free vulnerability in Cisco Nx-Os 7.2(1)D(1)/7.2(2)D1(1)/7.2(2)D1(2)

A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.

6.1
2018-01-16 CVE-2018-5714 Malwarefox Improper Input Validation vulnerability in Malwarefox Anti-Malware 2.72.169

In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.

6.1
2018-01-16 CVE-2018-5713 Malwarefox Improper Input Validation vulnerability in Malwarefox Anti-Malware 2.72.169

In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.

6.1
2018-01-19 CVE-2018-1362 IBM Unspecified vulnerability in IBM Curam Social Program Management

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges.

6.0
2018-01-18 CVE-2018-2642 Oracle Unspecified vulnerability in Oracle Argus Safety

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: File Upload).

6.0
2018-01-18 CVE-2018-2601 Oracle Unspecified vulnerability in Oracle Internet Directory 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0

Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager).

6.0
2018-01-18 CVE-2018-2595 Oracle Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4

Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets).

6.0
2018-01-18 CVE-2018-2594 Oracle Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4

Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets).

6.0
2018-01-19 CVE-2014-4919 Oxid Esales Permissions, Privileges, and Access Controls vulnerability in Oxid-Esales Eshop

OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.

5.8
2018-01-19 CVE-2017-6142 F5 Improper Certificate Validation vulnerability in F5 Big-Ip Advanced Firewall Manager

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.

5.8
2018-01-18 CVE-2014-2017 Oxidforge Crlf Injection vulnerability in Oxidforge Eshop

CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.8
2018-01-18 CVE-2018-0097 Cisco Open Redirect vulnerability in Cisco Prime Infrastructure

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect.

5.8
2018-01-18 CVE-2017-12308 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system.

5.8
2018-01-18 CVE-2018-2732 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Reconciliation Framework

Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2729 Oracle Unspecified vulnerability in Oracle Financial Services Funds Transfer Pricing

Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2728 Oracle Unspecified vulnerability in Oracle Financial Services Funds Transfer Pricing

Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2722 Oracle Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery 8.0.5

Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2719 Oracle Unspecified vulnerability in Oracle Financial Services Hedge Management and Ifrs Valuations 8.0.5.0.0

Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2716 Oracle Unspecified vulnerability in Oracle Financial Services Market Risk Measurement and Management 8.0.5

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2714 Oracle Unspecified vulnerability in Oracle Financial Services Market Risk 8.0.5.0.0

Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2713 Oracle Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0

Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application).

5.8
2018-01-18 CVE-2018-2712 Oracle Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.5.0.0

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2711 Oracle Unspecified vulnerability in Oracle Jdeveloper

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework).

5.8
2018-01-18 CVE-2018-2699 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Application Express component of Oracle Database Server.

5.8
2018-01-18 CVE-2018-2692 Oracle Unspecified vulnerability in Oracle Financial Services Asset Liability Management

Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2682 Oracle Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management

Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2674 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff).

5.8
2018-01-18 CVE-2018-2670 Oracle Unspecified vulnerability in Oracle Financial Services Profitability Management

Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2669 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report).

5.8
2018-01-18 CVE-2018-2661 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core).

5.8
2018-01-18 CVE-2018-2659 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC).

5.8
2018-01-18 CVE-2018-2658 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC).

5.8
2018-01-18 CVE-2018-2654 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Company Dir / Org Chart Viewer).

5.8
2018-01-18 CVE-2018-2644 Oracle Unspecified vulnerability in Oracle Argus Safety

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Worklist).

5.8
2018-01-18 CVE-2018-2637 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX).
5.8
2018-01-18 CVE-2018-2635 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Login).

5.8
2018-01-18 CVE-2018-2626 Oracle Unspecified vulnerability in Oracle Financial Services Balance Sheet Planning

Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface).

5.8
2018-01-18 CVE-2018-2609 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).

5.8
2018-01-18 CVE-2018-2599 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).
5.8
2018-01-18 CVE-2018-2597 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Dining Room Management 8.0.78

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere).

5.8
2018-01-18 CVE-2018-2596 Oracle Unspecified vulnerability in Oracle Webcenter Content 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server).

5.8
2018-01-18 CVE-2018-2567 Oracle Unspecified vulnerability in Oracle Communications Order and Service Management

Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal).

5.8
2018-01-18 CVE-2018-2564 Oracle Unspecified vulnerability in Oracle Webcenter Content 11.1.1.9.0

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server).

5.8
2018-01-18 CVE-2017-17860 Google
Samsung
Improper Input Validation vulnerability in Google Android

In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key.

5.7
2018-01-18 CVE-2018-0110 Cisco Incorrect Authorization vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application.

5.5
2018-01-18 CVE-2018-2731 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.1/9.2

Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status).

5.5
2018-01-18 CVE-2018-2730 Oracle Unspecified vulnerability in Oracle Retail Merchandising System 16.0

Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Cross Pillar).

5.5
2018-01-18 CVE-2018-2727 Oracle Unspecified vulnerability in Oracle Financial Services Market Risk Measurement and Management 8.0.5

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2726 Oracle Unspecified vulnerability in Oracle Financial Services Market Risk 8.0.0.0.0/8.0.5.0.0

Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2725 Oracle Unspecified vulnerability in Oracle Financial Services Hedge Management and Ifrs Valuations 8.0.5.0.0

Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2724 Oracle Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.5.0.0

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2723 Oracle Unspecified vulnerability in Oracle Financial Services Asset Liability Management

Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2721 Oracle Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery 8.0.5

Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2720 Oracle Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management

Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2691 Oracle Unspecified vulnerability in Oracle User Management

Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation).

5.5
2018-01-18 CVE-2018-2679 Oracle Unspecified vulnerability in Oracle Financial Services Profitability Management

Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2666 Oracle Unspecified vulnerability in Oracle Hospitality Labor Management 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Labor Management component of Oracle Hospitality Applications (subcomponent: Webservice Endpoint).

5.5
2018-01-18 CVE-2018-2662 Oracle Unspecified vulnerability in Oracle Transportation Management

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security).

5.5
2018-01-18 CVE-2018-2650 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report).

5.5
2018-01-18 CVE-2018-2643 Oracle Unspecified vulnerability in Oracle Argus Safety

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Case Selection).

5.5
2018-01-18 CVE-2018-2630 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking 11.5.0/11.6.0/11.7.0

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security Management System).

5.5
2018-01-18 CVE-2018-2620 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform).

5.5
2018-01-18 CVE-2018-2592 Oracle Unspecified vulnerability in Oracle Financial Services Balance Sheet Planning

Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface).

5.5
2018-01-18 CVE-2018-2574 Oracle Unspecified vulnerability in Oracle Siebel Customer Relationship Management Desktop 16.0/17.0

Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client).

5.5
2018-01-18 CVE-2018-2571 Oracle Unspecified vulnerability in Oracle Communications Unified Inventory Management 7.2.4.2/7.3

Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal).

5.5
2018-01-18 CVE-2017-10301 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 9.1.00

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal).

5.5
2018-01-19 CVE-2017-14460 Parity Unspecified vulnerability in Parity Ethereum Client 1.7.8

An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8.

5.1
2018-01-19 CVE-2017-7326 Yandex Race Condition vulnerability in Yandex Browser

Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page

5.1
2018-01-18 CVE-2018-2680 Oracle Unspecified vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2/12.2.0.1

Vulnerability in the Java VM component of Oracle Database Server.

5.1
2018-01-18 CVE-2018-2638 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).

5.1
2018-01-18 CVE-2018-2633 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).
5.1
2018-01-21 CVE-2016-10708 Openbsd
Debian
Canonical
Netapp
Null Pointer Dereference vulnerability in multiple products

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

5.0
2018-01-20 CVE-2017-12130 Tinysvcmdns Project Null Pointer Dereference vulnerability in Tinysvcmdns Project Tinysvcmdns 20171105

An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05.

5.0
2018-01-19 CVE-2017-12119 Ethereum Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Ethereum Cpp-Ethereum

An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC.

5.0
2018-01-19 CVE-2017-14097 Trendmicro Unspecified vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2

An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.

5.0
2018-01-19 CVE-2017-14082 Trendmicro Information Exposure vulnerability in Trendmicro Mobile Security

An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.

5.0
2018-01-19 CVE-2017-7325 Yandex Improper Input Validation vulnerability in Yandex Browser

Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.

5.0
2018-01-19 CVE-2015-6926 Oxid Esales Improper Authentication vulnerability in Oxid-Esales Eshop

The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.

5.0
2018-01-18 CVE-2016-10707 Jquery Resource Exhaustion vulnerability in Jquery 3.0.0

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names.

5.0
2018-01-18 CVE-2018-0111 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application.

5.0
2018-01-18 CVE-2018-0108 Cisco XXE vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection.

5.0
2018-01-18 CVE-2018-0105 Cisco Forced Browsing vulnerability in Cisco Unified Communications Manager

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.

5.0
2018-01-18 CVE-2018-0094 Cisco Resource Exhaustion vulnerability in Cisco Unified Computing System Central Software 1.4(1A)

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device.

5.0
2018-01-18 CVE-2018-0090 Cisco Resource Exhaustion vulnerability in Cisco Nx-Os 7.3(2)N1(0.6)/8.3(0)Kms(0.31)/8.8(3.5)S0

A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface.

5.0
2018-01-18 CVE-2018-0089 Cisco Cleartext Storage of Sensitive Information vulnerability in Cisco Policy Suite 10.0.0/11.0.0/11.1.0

A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data.

5.0
2018-01-18 CVE-2018-0086 Cisco Resource Exhaustion vulnerability in Cisco Unified Customer Voice Portal

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.

5.0
2018-01-18 CVE-2018-2700 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0.4.0

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System).

5.0
2018-01-18 CVE-2018-2683 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS).

5.0
2018-01-18 CVE-2018-2672 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS).

5.0
2018-01-18 CVE-2018-2657 Oracle
Redhat
Schneider Electric
HP
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization).
5.0
2018-01-18 CVE-2018-2653 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Connected Query).

5.0
2018-01-18 CVE-2018-2652 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

5.0
2018-01-18 CVE-2018-2651 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher).

5.0
2018-01-18 CVE-2018-2625 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0/12.2.1.2.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

5.0
2018-01-18 CVE-2018-2624 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).

5.0
2018-01-18 CVE-2018-2623 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).

5.0
2018-01-18 CVE-2018-2617 Oracle Unspecified vulnerability in Oracle OSS Support Tools

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant).

5.0
2018-01-18 CVE-2018-2610 Oracle Unspecified vulnerability in Oracle Hyperion Data Relationship Management 11.1.2.4.330

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security).

5.0
2018-01-18 CVE-2018-2608 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.7

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security).

5.0
2018-01-18 CVE-2018-2604 Oracle Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.1

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

5.0
2018-01-18 CVE-2018-2603 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).
5.0
2018-01-18 CVE-2018-2589 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server).

5.0
2018-01-18 CVE-2018-2561 Oracle Unspecified vulnerability in Oracle Http Server

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener).

5.0
2018-01-17 CVE-2018-5764 Samba
Debian
Canonical
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
5.0
2018-01-16 CVE-2018-5728 Cobham Information Exposure vulnerability in Cobham Seatel 121 Firmware

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.

5.0
2018-01-16 CVE-2018-5726 Barni Information Exposure vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103

MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.

5.0
2018-01-16 CVE-2018-5725 Barni USE of Hard-Coded Credentials vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.

5.0
2018-01-16 CVE-2018-5709 MIT Integer Overflow OR Wraparound vulnerability in MIT Kerberos

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.

5.0
2018-01-18 CVE-2018-0096 Cisco Incorrect Authorization vulnerability in Cisco Prime Infrastructure 3.2(0.0)/3.3(0.0)

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration.

4.9
2018-01-18 CVE-2018-2701 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0.4.0

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System).

4.9
2018-01-18 CVE-2018-2681 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Security).

4.9
2018-01-21 CVE-2018-5957 Zillya Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0

In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.

4.6
2018-01-20 CVE-2017-15108 Spice Space OS Command Injection vulnerability in Spice-Space Spice-Vdagent 0.17.0

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

4.6
2018-01-18 CVE-2018-2733 Oracle Unspecified vulnerability in Oracle Hyperion Planning 11.1.2.4.007

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security).

4.6
2018-01-16 CVE-2017-16554 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

4.6
2018-01-16 CVE-2017-16552 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

4.6
2018-01-16 CVE-2017-16550 K7Computing Unspecified vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

4.6
2018-01-16 CVE-2017-16549 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

4.6
2018-01-16 CVE-2017-11072 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs.

4.6
2018-01-18 CVE-2018-2690 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-01-18 CVE-2018-2689 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-01-18 CVE-2018-2688 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-01-18 CVE-2018-2687 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-01-18 CVE-2018-2686 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-01-18 CVE-2018-2685 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-01-18 CVE-2018-2569 Oracle Unspecified vulnerability in Oracle Java ME 8.3

Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer).

4.4
2018-01-16 CVE-2017-16557 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

4.4
2018-01-16 CVE-2017-16555 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

4.4
2018-01-16 CVE-2017-16553 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

4.4
2018-01-16 CVE-2017-16551 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

4.4
2018-01-19 CVE-2017-12114 Ethereum Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum

An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).

4.3
2018-01-19 CVE-2017-12097 Delayed JOB WEB Project Cross-Site Scripting vulnerability in Delayed JOB web Project Delayed JOB web 1.4

An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4.

4.3
2018-01-19 CVE-2017-14096 Trendmicro Cross-Site Scripting vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2

A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.

4.3
2018-01-19 CVE-2017-12098 Rails Admin Project Cross-Site Scripting vulnerability in Rails Admin Project Rails Admin 1.2.0

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0.

4.3
2018-01-19 CVE-2018-5786 Long Range ZIP Project Infinite Loop vulnerability in Long Range ZIP Project Long Range ZIP 0.631

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c).

4.3
2018-01-19 CVE-2018-5785 Openjpeg
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c).

4.3
2018-01-19 CVE-2018-5784 Libtiff
Debian
Canonical
Resource Exhaustion vulnerability in multiple products

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c.

4.3
2018-01-19 CVE-2018-5783 Podofo Project Allocation of Resources Without Limits OR Throttling vulnerability in Podofo Project Podofo 0.9.5

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h).

4.3
2018-01-18 CVE-2015-9251 Jquery
Oracle
Cross-Site Scripting vulnerability in multiple products

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

4.3
2018-01-18 CVE-2012-6708 Jquery Cross-Site Scripting vulnerability in Jquery

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks.

4.3
2018-01-18 CVE-2018-5776 Wordpress Cross-Site Scripting vulnerability in Wordpress

WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).

4.3
2018-01-18 CVE-2018-5773 Python Markdown2 Project Cross-Site Scripting vulnerability in Python-Markdown2 Project Python-Markdown2

An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5.

4.3
2018-01-18 CVE-2017-16863 Atlassian Cross-Site Scripting vulnerability in Atlassian Jira

The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.

4.3
2018-01-18 CVE-2017-18033 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.

4.3
2018-01-18 CVE-2017-15869 Livezilla Cross-Site Scripting vulnerability in Livezilla

Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.

4.3
2018-01-18 CVE-2018-5772 Exiv2 Uncontrolled Recursion vulnerability in Exiv2 0.26

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file.

4.3
2018-01-18 CVE-2018-0098 Cisco Cross-Site Scripting vulnerability in Cisco Wap150 Firmware and Wap361 Firmware

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2018-01-18 CVE-2018-0093 Cisco Cross-Site Scripting vulnerability in Cisco web Security Appliance

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2018-01-18 CVE-2018-0091 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2018-01-18 CVE-2017-12307 Cisco Cross-Site Scripting vulnerability in Cisco products

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system.

4.3
2018-01-18 CVE-2018-2678 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).
4.3
2018-01-18 CVE-2018-2677 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT).
4.3
2018-01-18 CVE-2018-2676 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.3
2018-01-18 CVE-2018-2675 Oracle Unspecified vulnerability in Oracle Java Advanced Management Console 2.8

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server).

4.3
2018-01-18 CVE-2018-2673 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS).

4.3
2018-01-18 CVE-2018-2663 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).
4.3
2018-01-18 CVE-2018-2634 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS).
4.3
2018-01-18 CVE-2018-2618 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE).
4.3
2018-01-18 CVE-2018-2582 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
4.3
2018-01-18 CVE-2018-2581 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).

4.3
2018-01-18 CVE-2018-2579 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).
4.3
2018-01-18 CVE-2017-10262 Oracle Information Exposure vulnerability in Oracle Access Manager 11.1.2.3.0

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin).

4.3
2018-01-17 CVE-2018-5747 Lrzip Project USE After Free vulnerability in Lrzip Project Lrzip 0.631

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c).

4.3
2018-01-17 CVE-2018-5258 Banconeon Improper Certificate Validation vulnerability in Banconeon Neon 1.6.14

The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

4.3
2018-01-16 CVE-2018-5727 Openjpeg Integer Overflow OR Wraparound vulnerability in Openjpeg 2.3.0

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c).

4.3
2018-01-16 CVE-2018-5715 Sugarcrm Cross-Site Scripting vulnerability in Sugarcrm 3.5.1

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).

4.3
2018-01-16 CVE-2018-5370 Bizlogicdev Cross-Site Scripting vulnerability in Bizlogicdev Xnami 1.0

BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.

4.3
2018-01-16 CVE-2014-9485 Minizip Project Path Traversal vulnerability in Minizip Project Minizip

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.

4.3
2018-01-16 CVE-2014-9482 Libdwarf Project USE After Free vulnerability in Libdwarf Project Libdwarf

Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.

4.3
2018-01-16 CVE-2014-6071 Jquery Cross-Site Scripting vulnerability in Jquery 1.4.2

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.

4.3
2018-01-16 CVE-2014-6027 Torrentflux Project Cross-Site Scripting vulnerability in Torrentflux Project Torrentflux 2.4

Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.

4.3
2018-01-16 CVE-2018-5712 PHP
Debian
Canonical
Cross-Site Scripting vulnerability in PHP

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1.

4.3
2018-01-16 CVE-2018-5711 PHP
Debian
Canonical
Infinite Loop vulnerability in PHP

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function.

4.3
2018-01-16 CVE-2017-18032 Wpdownloadmanager Cross-Site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager

The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.

4.3
2018-01-15 CVE-2018-5479 Foxsash Cross-Site Scripting vulnerability in Foxsash Imghosting 1.5

FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks.

4.3
2018-01-18 CVE-2018-2698 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.1
2018-01-18 CVE-2018-2694 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.1
2018-01-18 CVE-2018-2693 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions).

4.1
2018-01-19 CVE-2017-15713 Apache Information Exposure vulnerability in Apache Hadoop

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process.

4.0
2018-01-18 CVE-2017-12197 Libpam4J Project
Debian
Redhat
Improper Input Validation vulnerability in multiple products

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating.

4.0
2018-01-18 CVE-2018-0109 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application.

4.0
2018-01-18 CVE-2018-2715 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.2.0/12.2.1.3.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security).

4.0
2018-01-18 CVE-2018-2702 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Strategic Sourcing 9.2

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing).

4.0
2018-01-18 CVE-2018-2695 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query).

4.0
2018-01-18 CVE-2018-2684 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Registration Process).

4.0
2018-01-18 CVE-2018-2671 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Purchasing 9.2

Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration).

4.0
2018-01-18 CVE-2018-2645 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema).

4.0
2018-01-18 CVE-2018-2632 Oracle Unspecified vulnerability in Oracle Siebel Engineering-Installer and Deployment 16.0/17.0

Vulnerability in the Siebel Engineering - Installer and Deployment component of Oracle Siebel CRM (subcomponent: Siebel Approval Manager).

4.0
2018-01-18 CVE-2018-2631 Oracle Unspecified vulnerability in Oracle Transportation Management

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security).

4.0
2018-01-18 CVE-2018-2619 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.7

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security).

4.0
2018-01-18 CVE-2018-2607 Oracle Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.1

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

4.0
2018-01-18 CVE-2018-2605 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

4.0
2018-01-18 CVE-2018-2588 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP).
4.0
2018-01-18 CVE-2018-2584 Oracle Unspecified vulnerability in Oracle Webcenter Sites 11.1.1.8.0

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI).

4.0
2018-01-18 CVE-2018-2566 Oracle Unspecified vulnerability in Oracle Integrated Lights OUT Manager Firmware

Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application).

4.0
2018-01-16 CVE-2016-0219 IBM XXE vulnerability in IBM products

XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data.

4.0
2018-01-16 CVE-2016-0215 IBM
HP
Linux
Microsoft
Oracle
Improper Input Validation vulnerability in IBM DB2

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

4.0
2018-01-16 CVE-2015-7484 IBM Information Exposure vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine.

4.0
2018-01-16 CVE-2018-5710 MIT Null Pointer Dereference vulnerability in MIT Kerberos

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.

4.0

29 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-18 CVE-2018-2627 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer).

3.7
2018-01-18 CVE-2018-2602 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n).
3.7
2018-01-18 CVE-2017-10273 Oracle Path Traversal vulnerability in Oracle Jdeveloper

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment).

3.7
2018-01-20 CVE-2017-15111 Keycloak Httpd Client Install Project Link Following vulnerability in Keycloak-Httpd-Client-Install Project Keycloak-Httpd-Client-Install

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

3.6
2018-01-18 CVE-2018-0100 Cisco XXE vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system.

3.6
2018-01-18 CVE-2018-0092 Cisco Missing Authorization vulnerability in Cisco Nx-Os 7.0(3)I5(2)/7.0(3)I6(1)/7.0(3)I7(1)

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts.

3.6
2018-01-18 CVE-2018-2709 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending 12.3.0/12.4.0

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

3.5
2018-01-18 CVE-2018-2708 Oracle Unspecified vulnerability in Oracle Banking Payments 12.3.0/12.4.0

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

3.5
2018-01-18 CVE-2018-2614 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2018-01-17 CVE-2017-16865 Atlassian Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF).

3.5
2018-01-16 CVE-2017-17947 Pulsesecure Cross-Site Scripting vulnerability in Pulsesecure Pulse Connect Secure

A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized.

3.5
2018-01-16 CVE-2017-8802 Synocor Cross-Site Scripting vulnerability in Synocor Zimbra Collaboration Suite 8.8.0

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality.

3.5
2018-01-16 CVE-2016-0207 IBM Improper Input Validation vulnerability in IBM Algo Risk Application 4.9.1/5.0.0/5.1.0

IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

3.5
2018-01-16 CVE-2015-7486 IBM Cross-Site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-01-16 CVE-2015-7485 IBM Cross-Site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-01-16 CVE-2015-7474 IBM Cross-Site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-01-18 CVE-2018-2717 Oracle Unspecified vulnerability in Oracle Solaris 10.0/11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform).

3.3
2018-01-18 CVE-2018-2641 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT).
2.6
2018-01-18 CVE-2018-2629 Oracle
Redhat
Debian
Canonical
Schneider Electric
HP
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS).
2.6
2018-01-20 CVE-2017-15112 Keycloak Httpd Client Install Project Information Exposure vulnerability in Keycloak-Httpd-Client-Install Project Keycloak-Httpd-Client-Install

keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.

2.1
2018-01-18 CVE-2018-0106 Cisco Files OR Directories Accessible TO External Parties vulnerability in Cisco Elastic Services Controller

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system.

2.1
2018-01-18 CVE-2018-2606 Oracle Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0/4.2.1

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

2.1
2018-01-18 CVE-2018-2580 Oracle Unspecified vulnerability in Oracle Applications DBA

Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch).

2.1
2018-01-18 CVE-2018-2577 Oracle Unspecified vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

2.1
2018-01-18 CVE-2018-2575 Oracle Unspecified vulnerability in Oracle Database Server 11.2.0.4/12.2.0.1

Vulnerability in the Core RDBMS component of Oracle Database Server.

2.1
2018-01-18 CVE-2017-5699 Intel Improper Input Validation vulnerability in Intel Minnowboard 3 Firmware

Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.

2.1
2018-01-16 CVE-2017-17429 K7Computing Improper Input Validation vulnerability in K7Computing products

In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

2.1
2018-01-16 CVE-2017-16556 K7Computing Improper Input Validation vulnerability in K7Computing products

In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.

2.1
2018-01-18 CVE-2018-2560 Oracle Unspecified vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

1.2