Weekly Vulnerabilities Reports > January 15 to 21, 2018
Overview
316 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 446 products from 72 vendors including Oracle, Debian, Redhat, Canonical, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", "Information Exposure", and "Incorrect Authorization".
- 264 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities have public exploit available.
- 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 216 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 175 reported vulnerabilities.
- Barni has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-01-19 | CVE-2017-18044 | Commvault | OS Command Injection vulnerability in Commvault 11.0 A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. | 10.0 |
2018-01-16 | CVE-2018-5724 | Barni | Unrestricted Upload of File with Dangerous Type vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103 MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. | 10.0 |
2018-01-16 | CVE-2018-5723 | Barni | Use of Hard-coded Credentials vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103 MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. | 10.0 |
2018-01-20 | CVE-2017-14803 | Netiq | Unspecified vulnerability in Netiq Access Manager 4.3/4.4 In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. | 9.8 |
2018-01-16 | CVE-2018-5703 | Linux | Out-of-bounds Write vulnerability in Linux Kernel The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. | 9.8 |
2018-01-16 | CVE-2018-5704 | Debian Openocd | Use of Externally-Controlled Format String vulnerability in multiple products Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. | 9.3 |
2018-01-18 | CVE-2018-0099 | Cisco | OS Command Injection vulnerability in Cisco D9800 Firmware A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. | 9.0 |
44 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-01-18 | CVE-2018-2639 | Oracle Redhat | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). | 8.3 |
2018-01-18 | CVE-2018-2638 | Oracle Redhat Netapp | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). | 8.3 |
2018-01-18 | CVE-2018-2633 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 8.3 |
2018-01-19 | CVE-2017-14457 | Ethereum | Out-of-bounds Read vulnerability in Ethereum Virtual Machine An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. | 8.2 |
2018-01-19 | CVE-2017-12118 | Ethereum | Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). | 8.1 |
2018-01-19 | CVE-2017-12116 | Ethereum | Incorrect Authorization vulnerability in Ethereum Aleth An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). | 8.1 |
2018-01-19 | CVE-2017-12113 | Ethereum | Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). | 8.1 |
2018-01-19 | CVE-2017-12117 | Ethereum | Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). | 8.1 |
2018-01-19 | CVE-2017-12115 | Ethereum | Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). | 8.1 |
2018-01-19 | CVE-2017-12112 | Ethereum | Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). | 8.1 |
2018-01-18 | CVE-2017-3158 | Apache | Race Condition vulnerability in Apache Guacamole A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. | 8.1 |
2018-01-20 | CVE-2017-15108 | Spice Space Debian | OS Command Injection vulnerability in multiple products spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. | 7.8 |
2018-01-18 | CVE-2018-2710 | Oracle | Unspecified vulnerability in Oracle Solaris 10.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 7.8 |
2018-01-18 | CVE-2018-2696 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). | 7.8 |
2018-01-18 | CVE-2018-2585 | Oracle | Unspecified vulnerability in Oracle Mysql Connector/Net Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). | 7.8 |
2018-01-16 | CVE-2018-5330 | Zyxel | Unspecified vulnerability in Zyxel P-660Hw V3 Firmware ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | 7.8 |
2018-01-21 | CVE-2018-5955 | Smartmobilesoftware | Improper Input Validation vulnerability in Smartmobilesoftware Gitstack An issue was discovered in GitStack through 2.3.10. | 7.5 |
2018-01-21 | CVE-2017-18046 | Dasannetworks | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dasannetworks H640X Firmware 12.0201121/2.77P11124/3.03P21146 Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi). | 7.5 |
2018-01-21 | CVE-2016-10708 | Openbsd Debian Canonical Netapp | NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | 7.5 |
2018-01-21 | CVE-2017-18045 | Directadmin | Unspecified vulnerability in Directadmin JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request. | 7.5 |
2018-01-20 | CVE-2017-12130 | Tinysvcmdns Project | NULL Pointer Dereference vulnerability in Tinysvcmdns Project Tinysvcmdns 20171105 An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. | 7.5 |
2018-01-19 | CVE-2017-12119 | Ethereum | Improper Check for Unusual or Exceptional Conditions vulnerability in Ethereum Cpp-Ethereum An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. | 7.5 |
2018-01-19 | CVE-2017-14094 | Trendmicro | Injection vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2 A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | 7.5 |
2018-01-18 | CVE-2016-10707 | Jquery | Uncontrolled Recursion vulnerability in Jquery 3.0.0 jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. | 7.5 |
2018-01-18 | CVE-2017-12729 | Moxa | SQL Injection vulnerability in Moxa Softcms LAB View A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. | 7.5 |
2018-01-18 | CVE-2016-6814 | Apache Redhat | Deserialization of Untrusted Data vulnerability in multiple products When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. | 7.5 |
2018-01-18 | CVE-2018-2707 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending 12.3.0/12.4.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 7.5 |
2018-01-18 | CVE-2018-2704 | Oracle | Unspecified vulnerability in Oracle Banking Payments 12.3.0/12.4.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 7.5 |
2018-01-18 | CVE-2018-2647 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). | 7.5 |
2018-01-18 | CVE-2018-2627 | Oracle Redhat Netapp | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). | 7.5 |
2018-01-18 | CVE-2018-2612 | Oracle Mariadb Netapp Canonical Debian | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 7.5 |
2018-01-18 | CVE-2018-2611 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). | 7.5 |
2018-01-18 | CVE-2018-2568 | Oracle | Unspecified vulnerability in Oracle Integrated Lights OUT Manager Firmware Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). | 7.5 |
2018-01-18 | CVE-2018-2562 | Oracle Mariadb Debian Canonical Netapp Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). | 7.5 |
2018-01-17 | CVE-2018-5764 | Samba Debian Canonical | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. | 7.5 |
2018-01-17 | CVE-2018-5195 | Hancom | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Thinkfree Office NEO Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document. | 7.5 |
2018-01-16 | CVE-2018-5299 | Pulsesecure | Out-of-bounds Write vulnerability in Pulsesecure Pulse Connect Secure and Pulse Policy Secure A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution. | 7.5 |
2018-01-16 | CVE-2018-5709 | MIT | Integer Overflow or Wraparound vulnerability in MIT Kerberos An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. | 7.5 |
2018-01-15 | CVE-2018-5328 | Beims | Improper Authentication vulnerability in Beims Contractorweb.Net 5.18.0.0 ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details. | 7.5 |
2018-01-18 | CVE-2018-2637 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). | 7.4 |
2018-01-18 | CVE-2018-0115 | Cisco | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. | 7.2 |
2018-01-18 | CVE-2018-0095 | Cisco | Unspecified vulnerability in Cisco Asyncos 9.1.1005/9.7.2065 A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. | 7.2 |
2018-01-18 | CVE-2018-0088 | Cisco | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Industrial Ethernet 4010 Series Firmware A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. | 7.2 |
2018-01-16 | CVE-2018-1000004 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. | 7.1 |
239 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-01-19 | CVE-2017-12114 | Ethereum | Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). | 6.8 |
2018-01-19 | CVE-2017-14095 | Trendmicro | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2 A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | 6.8 |
2018-01-19 | CVE-2017-11398 | Trendmicro | DEPRECATED: Information Exposure Through Debug Log Files vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2 A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. | 6.8 |
2018-01-19 | CVE-2017-7327 | Yandex | Untrusted Search Path vulnerability in Yandex Browser Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | 6.8 |
2018-01-19 | CVE-2017-1693 | IBM | Insufficient Session Expiration vulnerability in IBM Integration BUS IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. | 6.8 |
2018-01-18 | CVE-2018-5766 | Libav | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. | 6.8 |
2018-01-18 | CVE-2018-0107 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Service Catalog A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. | 6.8 |
2018-01-18 | CVE-2018-2703 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). | 6.8 |
2018-01-18 | CVE-2018-2668 | Oracle Mariadb Debian Canonical Netapp Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.8 |
2018-01-18 | CVE-2018-2667 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.8 |
2018-01-18 | CVE-2018-2665 | Oracle Mariadb Debian Canonical Netapp Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.8 |
2018-01-18 | CVE-2018-2664 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). | 6.8 |
2018-01-18 | CVE-2018-2646 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 6.8 |
2018-01-18 | CVE-2018-2640 | Oracle Mariadb Debian Canonical Netapp Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.8 |
2018-01-18 | CVE-2018-2636 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). | 6.8 |
2018-01-18 | CVE-2018-2634 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). | 6.8 |
2018-01-18 | CVE-2018-2622 | Oracle Mariadb Debian Canonical Netapp Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 6.8 |
2018-01-18 | CVE-2018-2600 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.8 |
2018-01-18 | CVE-2018-2593 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). | 6.8 |
2018-01-18 | CVE-2018-2591 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). | 6.8 |
2018-01-18 | CVE-2018-2590 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). | 6.8 |
2018-01-18 | CVE-2018-2586 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 6.8 |
2018-01-18 | CVE-2018-2583 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). | 6.8 |
2018-01-18 | CVE-2018-2576 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 6.8 |
2018-01-18 | CVE-2018-2573 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). | 6.8 |
2018-01-18 | CVE-2018-2565 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). | 6.8 |
2018-01-18 | CVE-2017-5696 | Intel | Untrusted Search Path vulnerability in Intel Graphics Driver Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access. | 6.8 |
2018-01-15 | CVE-2018-5329 | Beims | Cross-Site Request Forgery (CSRF) vulnerability in Beims Contractorweb.Net 5.18.0.0 ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. | 6.8 |
2018-01-15 | CVE-2018-5702 | Transmissionbt Debian | Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. | 6.8 |
2018-01-19 | CVE-2017-15713 | Apache | Information Exposure vulnerability in Apache Hadoop Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. | 6.5 |
2018-01-18 | CVE-2017-5170 | Moxa | Uncontrolled Search Path Element vulnerability in Moxa Softnvr-Ia Live View An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. | 6.5 |
2018-01-18 | CVE-2018-2706 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending 12.3.0/12.4.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 6.5 |
2018-01-18 | CVE-2018-2705 | Oracle | Unspecified vulnerability in Oracle Banking Payments 12.3.0/12.4.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 6.5 |
2018-01-18 | CVE-2018-2660 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). | 6.5 |
2018-01-18 | CVE-2018-2648 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 6.5 |
2018-01-18 | CVE-2018-2616 | Oracle | Unspecified vulnerability in Oracle OSS Support Tools Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). | 6.5 |
2018-01-18 | CVE-2018-2615 | Oracle | Unspecified vulnerability in Oracle OSS Support Tools Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). | 6.5 |
2018-01-18 | CVE-2018-2582 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). | 6.5 |
2018-01-18 | CVE-2018-2570 | Oracle | Unspecified vulnerability in Oracle Communications Unified Inventory Management 7.2.4.2/7.3 Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). | 6.5 |
2018-01-18 | CVE-2017-10282 | Oracle | Unspecified vulnerability in Oracle Database Server 12.1.0.2/12.2.0.1 Vulnerability in the Core RDBMS component of Oracle Database Server. | 6.5 |
2018-01-17 | CVE-2018-5721 | Asuswrt Merlin | Out-of-bounds Write vulnerability in Asuswrt-Merlin Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. | 6.5 |
2018-01-16 | CVE-2018-5706 | Octopus | Improper Privilege Management vulnerability in Octopus Deploy An issue was discovered in Octopus Deploy before 4.1.9. | 6.5 |
2018-01-16 | CVE-2018-5710 | MIT | NULL Pointer Dereference vulnerability in MIT Kerberos An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. | 6.5 |
2018-01-18 | CVE-2018-2697 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0.4.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). | 6.4 |
2018-01-18 | CVE-2018-2656 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). | 6.4 |
2018-01-18 | CVE-2018-2655 | Oracle | Unspecified vulnerability in Oracle Work in Process Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Assemble/Configure to Order). | 6.4 |
2018-01-18 | CVE-2018-2649 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 6.4 |
2018-01-18 | CVE-2018-2621 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 7.3.874 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Mobile Gangway and Mustering). | 6.4 |
2018-01-18 | CVE-2018-2613 | Oracle | Unspecified vulnerability in Oracle Argus Safety Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). | 6.4 |
2018-01-18 | CVE-2017-10068 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Dashboards). | 6.4 |
2018-01-18 | CVE-2018-2578 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 6.2 |
2018-01-21 | CVE-2018-5958 | Zillya | Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0 In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424. | 6.1 |
2018-01-21 | CVE-2018-5956 | Zillya | Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0 In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414. | 6.1 |
2018-01-19 | CVE-2017-12097 | Delayed JOB WEB Project | Cross-site Scripting vulnerability in Delayed JOB web Project Delayed JOB web 1.4 An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. | 6.1 |
2018-01-19 | CVE-2017-12098 | Rails Admin Project | Cross-site Scripting vulnerability in Rails Admin Project Rails Admin 1.2.0 An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. | 6.1 |
2018-01-18 | CVE-2015-9251 | Jquery Oracle | Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |
2018-01-18 | CVE-2012-6708 | Jquery | Cross-site Scripting vulnerability in Jquery jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. | 6.1 |
2018-01-18 | CVE-2018-0102 | Cisco | Double Free vulnerability in Cisco Nx-Os 7.2(1)D(1)/7.2(2)D1(1)/7.2(2)D1(2) A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 6.1 |
2018-01-18 | CVE-2018-2641 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). | 6.1 |
2018-01-16 | CVE-2018-5714 | Malwarefox | Improper Input Validation vulnerability in Malwarefox Anti-Malware 2.72.169 In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054. | 6.1 |
2018-01-16 | CVE-2018-5713 | Malwarefox | Improper Input Validation vulnerability in Malwarefox Anti-Malware 2.72.169 In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010. | 6.1 |
2018-01-19 | CVE-2018-1362 | IBM | Unspecified vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. | 6.0 |
2018-01-18 | CVE-2018-2642 | Oracle | Unspecified vulnerability in Oracle Argus Safety Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: File Upload). | 6.0 |
2018-01-18 | CVE-2018-2601 | Oracle | Unspecified vulnerability in Oracle Internet Directory 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0 Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). | 6.0 |
2018-01-18 | CVE-2018-2595 | Oracle | Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4 Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). | 6.0 |
2018-01-18 | CVE-2018-2594 | Oracle | Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4 Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). | 6.0 |
2018-01-18 | CVE-2018-2618 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). | 5.9 |
2018-01-19 | CVE-2014-4919 | Oxid Esales | Permissions, Privileges, and Access Controls vulnerability in Oxid-Esales Eshop OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups. | 5.8 |
2018-01-19 | CVE-2017-6142 | F5 | Improper Certificate Validation vulnerability in F5 Big-Ip Advanced Firewall Manager X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. | 5.8 |
2018-01-18 | CVE-2014-2017 | Oxidforge | CRLF Injection vulnerability in Oxidforge Eshop CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.8 |
2018-01-18 | CVE-2018-0097 | Cisco | Open Redirect vulnerability in Cisco Prime Infrastructure A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. | 5.8 |
2018-01-18 | CVE-2017-12308 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. | 5.8 |
2018-01-18 | CVE-2018-2732 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Reconciliation Framework Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2729 | Oracle | Unspecified vulnerability in Oracle Financial Services Funds Transfer Pricing Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2728 | Oracle | Unspecified vulnerability in Oracle Financial Services Funds Transfer Pricing Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2722 | Oracle | Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery 8.0.5 Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2719 | Oracle | Unspecified vulnerability in Oracle Financial Services Hedge Management and Ifrs Valuations 8.0.5.0.0 Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2716 | Oracle | Unspecified vulnerability in Oracle Financial Services Market Risk Measurement and Management 8.0.5 Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2714 | Oracle | Unspecified vulnerability in Oracle Financial Services Market Risk 8.0.5.0.0 Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2713 | Oracle | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). | 5.8 |
2018-01-18 | CVE-2018-2712 | Oracle | Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.5.0.0 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2711 | Oracle | Unspecified vulnerability in Oracle Jdeveloper Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). | 5.8 |
2018-01-18 | CVE-2018-2699 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Application Express component of Oracle Database Server. | 5.8 |
2018-01-18 | CVE-2018-2692 | Oracle | Unspecified vulnerability in Oracle Financial Services Asset Liability Management Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2682 | Oracle | Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2674 | Oracle | Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff). | 5.8 |
2018-01-18 | CVE-2018-2670 | Oracle | Unspecified vulnerability in Oracle Financial Services Profitability Management Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2669 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). | 5.8 |
2018-01-18 | CVE-2018-2661 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). | 5.8 |
2018-01-18 | CVE-2018-2659 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). | 5.8 |
2018-01-18 | CVE-2018-2658 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). | 5.8 |
2018-01-18 | CVE-2018-2654 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2 Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Company Dir / Org Chart Viewer). | 5.8 |
2018-01-18 | CVE-2018-2644 | Oracle | Unspecified vulnerability in Oracle Argus Safety Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Worklist). | 5.8 |
2018-01-18 | CVE-2018-2635 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Login). | 5.8 |
2018-01-18 | CVE-2018-2626 | Oracle | Unspecified vulnerability in Oracle Financial Services Balance Sheet Planning Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.8 |
2018-01-18 | CVE-2018-2609 | Oracle | Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). | 5.8 |
2018-01-18 | CVE-2018-2597 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Dining Room Management 8.0.78 Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere). | 5.8 |
2018-01-18 | CVE-2018-2596 | Oracle | Unspecified vulnerability in Oracle Webcenter Content 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). | 5.8 |
2018-01-18 | CVE-2018-2567 | Oracle | Unspecified vulnerability in Oracle Communications Order and Service Management Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). | 5.8 |
2018-01-18 | CVE-2018-2564 | Oracle | Unspecified vulnerability in Oracle Webcenter Content 11.1.1.9.0 Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). | 5.8 |
2018-01-18 | CVE-2017-17860 | Google Samsung | Improper Input Validation vulnerability in Google Android In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. | 5.7 |
2018-01-19 | CVE-2018-5786 | Long Range ZIP Project Debian | Infinite Loop vulnerability in multiple products In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). | 5.5 |
2018-01-18 | CVE-2018-0110 | Cisco | Incorrect Authorization vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. | 5.5 |
2018-01-18 | CVE-2018-2731 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.1/9.2 Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). | 5.5 |
2018-01-18 | CVE-2018-2730 | Oracle | Unspecified vulnerability in Oracle Retail Merchandising System 16.0 Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Cross Pillar). | 5.5 |
2018-01-18 | CVE-2018-2727 | Oracle | Unspecified vulnerability in Oracle Financial Services Market Risk Measurement and Management 8.0.5 Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2726 | Oracle | Unspecified vulnerability in Oracle Financial Services Market Risk 8.0.0.0.0/8.0.5.0.0 Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2725 | Oracle | Unspecified vulnerability in Oracle Financial Services Hedge Management and Ifrs Valuations 8.0.5 Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2724 | Oracle | Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.5.0.0 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2723 | Oracle | Unspecified vulnerability in Oracle Financial Services Asset Liability Management Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2721 | Oracle | Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery 8.0.5 Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2720 | Oracle | Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2691 | Oracle | Unspecified vulnerability in Oracle User Management Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation). | 5.5 |
2018-01-18 | CVE-2018-2679 | Oracle | Unspecified vulnerability in Oracle Financial Services Profitability Management Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2666 | Oracle | Unspecified vulnerability in Oracle Hospitality Labor Management 8.5.1/9.0.0 Vulnerability in the Oracle Hospitality Labor Management component of Oracle Hospitality Applications (subcomponent: Webservice Endpoint). | 5.5 |
2018-01-18 | CVE-2018-2662 | Oracle | Unspecified vulnerability in Oracle Transportation Management Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). | 5.5 |
2018-01-18 | CVE-2018-2650 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). | 5.5 |
2018-01-18 | CVE-2018-2643 | Oracle | Unspecified vulnerability in Oracle Argus Safety Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Case Selection). | 5.5 |
2018-01-18 | CVE-2018-2630 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking 11.5.0/11.6.0/11.7.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security Management System). | 5.5 |
2018-01-18 | CVE-2018-2620 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). | 5.5 |
2018-01-18 | CVE-2018-2592 | Oracle | Unspecified vulnerability in Oracle Financial Services Balance Sheet Planning Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). | 5.5 |
2018-01-18 | CVE-2018-2574 | Oracle | Unspecified vulnerability in Oracle Siebel Customer Relationship Management Desktop 16.0/17.0 Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client). | 5.5 |
2018-01-18 | CVE-2018-2571 | Oracle | Unspecified vulnerability in Oracle Communications Unified Inventory Management 7.2.4.2/7.3 Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). | 5.5 |
2018-01-18 | CVE-2017-10301 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 9.1.00 Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). | 5.5 |
2018-01-17 | CVE-2018-5747 | Long Range ZIP Project Debian | Use After Free vulnerability in multiple products In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). | 5.5 |
2018-01-16 | CVE-2014-9485 | Minizip Project | Path Traversal vulnerability in Minizip Project Minizip Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive. | 5.5 |
2018-01-16 | CVE-2018-5711 | PHP Debian Canonical | Infinite Loop vulnerability in multiple products gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. | 5.5 |
2018-01-18 | CVE-2018-2629 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). | 5.3 |
2018-01-18 | CVE-2018-2603 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). | 5.3 |
2018-01-19 | CVE-2017-14460 | Parity | Unspecified vulnerability in Parity Ethereum Client 1.7.8 An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. | 5.1 |
2018-01-19 | CVE-2017-7326 | Yandex | Race Condition vulnerability in Yandex Browser Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | 5.1 |
2018-01-18 | CVE-2018-2680 | Oracle | Unspecified vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the Java VM component of Oracle Database Server. | 5.1 |
2018-01-19 | CVE-2017-14097 | Trendmicro | Unspecified vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2 An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system. | 5.0 |
2018-01-19 | CVE-2017-14082 | Trendmicro | Information Exposure vulnerability in Trendmicro Mobile Security An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | 5.0 |
2018-01-19 | CVE-2017-7325 | Yandex | Improper Input Validation vulnerability in Yandex Browser Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open. | 5.0 |
2018-01-19 | CVE-2015-6926 | Oxid Esales | Improper Authentication vulnerability in Oxid-Esales Eshop The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | 5.0 |
2018-01-18 | CVE-2018-0111 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. | 5.0 |
2018-01-18 | CVE-2018-0108 | Cisco | XXE vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. | 5.0 |
2018-01-18 | CVE-2018-0105 | Cisco | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. | 5.0 |
2018-01-18 | CVE-2018-0094 | Cisco | Resource Exhaustion vulnerability in Cisco Unified Computing System Central Software 1.4(1A) A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. | 5.0 |
2018-01-18 | CVE-2018-0090 | Cisco | Resource Exhaustion vulnerability in Cisco Nx-Os 7.3(2)N1(0.6)/8.3(0)Kms(0.31)/8.8(3.5)S0 A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. | 5.0 |
2018-01-18 | CVE-2018-0089 | Cisco | Cleartext Storage of Sensitive Information vulnerability in Cisco Policy Suite 10.0.0/11.0.0/11.1.0 A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. | 5.0 |
2018-01-18 | CVE-2018-0086 | Cisco | Resource Exhaustion vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. | 5.0 |
2018-01-18 | CVE-2018-2700 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0.4.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). | 5.0 |
2018-01-18 | CVE-2018-2683 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). | 5.0 |
2018-01-18 | CVE-2018-2672 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). | 5.0 |
2018-01-18 | CVE-2018-2657 | Oracle Redhat Schneider Electric HP | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). | 5.0 |
2018-01-18 | CVE-2018-2653 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Connected Query). | 5.0 |
2018-01-18 | CVE-2018-2652 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 5.0 |
2018-01-18 | CVE-2018-2651 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). | 5.0 |
2018-01-18 | CVE-2018-2625 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0/12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 5.0 |
2018-01-18 | CVE-2018-2624 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). | 5.0 |
2018-01-18 | CVE-2018-2623 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). | 5.0 |
2018-01-18 | CVE-2018-2617 | Oracle | Unspecified vulnerability in Oracle OSS Support Tools Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). | 5.0 |
2018-01-18 | CVE-2018-2610 | Oracle | Unspecified vulnerability in Oracle Hyperion Data Relationship Management 11.1.2.4.330 Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). | 5.0 |
2018-01-18 | CVE-2018-2608 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.7 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). | 5.0 |
2018-01-18 | CVE-2018-2604 | Oracle | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 5.0 |
2018-01-18 | CVE-2018-2589 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). | 5.0 |
2018-01-18 | CVE-2018-2561 | Oracle | Unspecified vulnerability in Oracle Http Server Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). | 5.0 |
2018-01-16 | CVE-2018-5728 | Cobham | Information Exposure vulnerability in Cobham Seatel 121 Firmware Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. | 5.0 |
2018-01-16 | CVE-2018-5726 | Barni | Information Exposure vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103 MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. | 5.0 |
2018-01-16 | CVE-2018-5725 | Barni | Use of Hard-coded Credentials vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103 MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. | 5.0 |
2018-01-18 | CVE-2018-0096 | Cisco | Incorrect Authorization vulnerability in Cisco Prime Infrastructure 3.2(0.0)/3.3(0.0) A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. | 4.9 |
2018-01-18 | CVE-2018-2701 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0.4.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). | 4.9 |
2018-01-18 | CVE-2018-2681 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2 Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Security). | 4.9 |
2018-01-18 | CVE-2018-2599 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 4.8 |
2018-01-18 | CVE-2018-2581 | Oracle Redhat Netapp | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). | 4.7 |
2018-01-21 | CVE-2018-5957 | Zillya | Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0 In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C. | 4.6 |
2018-01-18 | CVE-2018-2733 | Oracle | Unspecified vulnerability in Oracle Hyperion Planning 11.1.2.4.007 Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). | 4.6 |
2018-01-16 | CVE-2017-16554 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. | 4.6 |
2018-01-16 | CVE-2017-16552 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. | 4.6 |
2018-01-16 | CVE-2017-16550 | K7Computing | Unspecified vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. | 4.6 |
2018-01-16 | CVE-2017-16549 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. | 4.6 |
2018-01-16 | CVE-2017-11072 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs. | 4.6 | |
2018-01-18 | CVE-2018-2602 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). | 4.5 |
2018-01-18 | CVE-2018-2690 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-01-18 | CVE-2018-2689 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-01-18 | CVE-2018-2688 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-01-18 | CVE-2018-2687 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-01-18 | CVE-2018-2686 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-01-18 | CVE-2018-2685 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-01-18 | CVE-2018-2569 | Oracle | Unspecified vulnerability in Oracle Java ME 8.3 Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). | 4.4 |
2018-01-16 | CVE-2017-16557 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. | 4.4 |
2018-01-16 | CVE-2017-16555 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. | 4.4 |
2018-01-16 | CVE-2017-16553 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. | 4.4 |
2018-01-16 | CVE-2017-16551 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. | 4.4 |
2018-01-19 | CVE-2017-14096 | Trendmicro | Cross-site Scripting vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2 A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | 4.3 |
2018-01-19 | CVE-2018-5785 | Uclouvain Debian Canonical | Integer Overflow or Wraparound vulnerability in multiple products In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). | 4.3 |
2018-01-19 | CVE-2018-5784 | Libtiff Debian Canonical | Resource Exhaustion vulnerability in multiple products In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. | 4.3 |
2018-01-19 | CVE-2018-5783 | Podofo Project | Allocation of Resources Without Limits or Throttling vulnerability in Podofo Project Podofo 0.9.5 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). | 4.3 |
2018-01-18 | CVE-2018-5776 | Wordpress | Cross-site Scripting vulnerability in Wordpress WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | 4.3 |
2018-01-18 | CVE-2018-5773 | Python Markdown2 Project | Cross-site Scripting vulnerability in Python-Markdown2 Project Python-Markdown2 An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. | 4.3 |
2018-01-18 | CVE-2017-16863 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. | 4.3 |
2018-01-18 | CVE-2017-18033 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | 4.3 |
2018-01-18 | CVE-2017-15869 | Livezilla | Cross-site Scripting vulnerability in Livezilla Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter. | 4.3 |
2018-01-18 | CVE-2018-5772 | Exiv2 | Uncontrolled Recursion vulnerability in Exiv2 0.26 In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. | 4.3 |
2018-01-18 | CVE-2018-0098 | Cisco | Cross-site Scripting vulnerability in Cisco Wap150 Firmware and Wap361 Firmware A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2018-01-18 | CVE-2018-0093 | Cisco | Cross-site Scripting vulnerability in Cisco web Security Appliance A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2018-01-18 | CVE-2018-0091 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2018-01-18 | CVE-2017-12307 | Cisco | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
2018-01-18 | CVE-2018-2678 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 4.3 |
2018-01-18 | CVE-2018-2677 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). | 4.3 |
2018-01-18 | CVE-2018-2676 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.3 |
2018-01-18 | CVE-2018-2675 | Oracle | Unspecified vulnerability in Oracle Java Advanced Management Console 2.8 Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). | 4.3 |
2018-01-18 | CVE-2018-2673 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.7/2.8/2.9 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). | 4.3 |
2018-01-18 | CVE-2018-2663 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). | 4.3 |
2018-01-18 | CVE-2018-2588 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). | 4.3 |
2018-01-18 | CVE-2017-10262 | Oracle | Information Exposure vulnerability in Oracle Access Manager 11.1.2.3.0 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). | 4.3 |
2018-01-17 | CVE-2018-5258 | Banconeon | Improper Certificate Validation vulnerability in Banconeon Neon 1.6.14 The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
2018-01-16 | CVE-2018-5727 | Uclouvain | Integer Overflow or Wraparound vulnerability in Uclouvain Openjpeg 2.3.0 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). | 4.3 |
2018-01-16 | CVE-2018-5715 | Sugarcrm | Cross-site Scripting vulnerability in Sugarcrm 3.5.1 phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). | 4.3 |
2018-01-16 | CVE-2018-5370 | Bizlogicdev | Cross-site Scripting vulnerability in Bizlogicdev Xnami 1.0 BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI. | 4.3 |
2018-01-16 | CVE-2014-9482 | Libdwarf Project | Use After Free vulnerability in Libdwarf Project Libdwarf Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file. | 4.3 |
2018-01-16 | CVE-2014-6071 | Jquery | Cross-site Scripting vulnerability in Jquery 1.4.2 jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | 4.3 |
2018-01-16 | CVE-2014-6027 | Torrentflux Project | Cross-site Scripting vulnerability in Torrentflux Project Torrentflux 2.4 Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | 4.3 |
2018-01-16 | CVE-2018-5712 | PHP Debian Canonical | Cross-site Scripting vulnerability in PHP An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. | 4.3 |
2018-01-16 | CVE-2017-18032 | Wpdownloadmanager | Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. | 4.3 |
2018-01-15 | CVE-2018-5479 | Foxsash | Cross-site Scripting vulnerability in Foxsash Imghosting 1.5 FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. | 4.3 |
2018-01-18 | CVE-2018-2698 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.1 |
2018-01-18 | CVE-2018-2694 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.1 |
2018-01-18 | CVE-2018-2693 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). | 4.1 |
2018-01-18 | CVE-2017-12197 | Libpam4J Project Debian Redhat | Improper Input Validation vulnerability in multiple products It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. | 4.0 |
2018-01-18 | CVE-2018-0109 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. | 4.0 |
2018-01-18 | CVE-2018-2715 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). | 4.0 |
2018-01-18 | CVE-2018-2702 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Strategic Sourcing 9.2 Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). | 4.0 |
2018-01-18 | CVE-2018-2695 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). | 4.0 |
2018-01-18 | CVE-2018-2684 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Registration Process). | 4.0 |
2018-01-18 | CVE-2018-2671 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Purchasing 9.2 Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). | 4.0 |
2018-01-18 | CVE-2018-2645 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). | 4.0 |
2018-01-18 | CVE-2018-2632 | Oracle | Unspecified vulnerability in Oracle Siebel Engineering-Installer and Deployment 16.0/17.0 Vulnerability in the Siebel Engineering - Installer and Deployment component of Oracle Siebel CRM (subcomponent: Siebel Approval Manager). | 4.0 |
2018-01-18 | CVE-2018-2631 | Oracle | Unspecified vulnerability in Oracle Transportation Management Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). | 4.0 |
2018-01-18 | CVE-2018-2619 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.7 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). | 4.0 |
2018-01-18 | CVE-2018-2607 | Oracle | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 4.0 |
2018-01-18 | CVE-2018-2605 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 4.0 |
2018-01-18 | CVE-2018-2584 | Oracle | Unspecified vulnerability in Oracle Webcenter Sites 11.1.1.8.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 4.0 |
2018-01-18 | CVE-2018-2566 | Oracle | Unspecified vulnerability in Oracle Integrated Lights OUT Manager Firmware Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). | 4.0 |
2018-01-16 | CVE-2016-0219 | IBM | XXE vulnerability in IBM products XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. | 4.0 |
2018-01-16 | CVE-2016-0215 | IBM HP Linux Microsoft Oracle | Improper Input Validation vulnerability in IBM DB2 IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database. | 4.0 |
2018-01-16 | CVE-2015-7484 | IBM | Information Exposure vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. | 4.0 |
26 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-01-18 | CVE-2018-2579 | Oracle Redhat Debian Canonical Schneider Electric HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). | 3.7 |
2018-01-18 | CVE-2017-10273 | Oracle | Path Traversal vulnerability in Oracle Jdeveloper Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). | 3.7 |
2018-01-20 | CVE-2017-15111 | Keycloak Httpd Client Install Project | Link Following vulnerability in Keycloak-Httpd-Client-Install Project Keycloak-Httpd-Client-Install keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. | 3.6 |
2018-01-18 | CVE-2018-0100 | Cisco | XXE vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. | 3.6 |
2018-01-18 | CVE-2018-0092 | Cisco | Missing Authorization vulnerability in Cisco Nx-Os 7.0(3)I5(2)/7.0(3)I6(1)/7.0(3)I7(1) A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. | 3.6 |
2018-01-18 | CVE-2018-2709 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending 12.3.0/12.4.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 3.5 |
2018-01-18 | CVE-2018-2708 | Oracle | Unspecified vulnerability in Oracle Banking Payments 12.3.0/12.4.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 3.5 |
2018-01-18 | CVE-2018-2614 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 3.5 |
2018-01-17 | CVE-2017-16865 | Atlassian | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). | 3.5 |
2018-01-16 | CVE-2017-17947 | Pulsesecure | Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. | 3.5 |
2018-01-16 | CVE-2017-8802 | Synocor | Cross-site Scripting vulnerability in Synocor Zimbra Collaboration Suite 8.8.0 Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality. | 3.5 |
2018-01-16 | CVE-2016-0207 | IBM | Improper Input Validation vulnerability in IBM Algo Risk Application 4.9.1/5.0.0/5.1.0 IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | 3.5 |
2018-01-16 | CVE-2015-7486 | IBM | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2018-01-16 | CVE-2015-7485 | IBM | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2018-01-16 | CVE-2015-7474 | IBM | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2018-01-18 | CVE-2018-2717 | Oracle | Unspecified vulnerability in Oracle Solaris 10.0/11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). | 3.3 |
2018-01-20 | CVE-2017-15112 | Keycloak Httpd Client Install Project | Information Exposure vulnerability in Keycloak-Httpd-Client-Install Project Keycloak-Httpd-Client-Install keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users. | 2.1 |
2018-01-18 | CVE-2018-0106 | Cisco | Files or Directories Accessible to External Parties vulnerability in Cisco Elastic Services Controller A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. | 2.1 |
2018-01-18 | CVE-2018-2606 | Oracle | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0/4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 2.1 |
2018-01-18 | CVE-2018-2580 | Oracle | Unspecified vulnerability in Oracle Applications DBA Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch). | 2.1 |
2018-01-18 | CVE-2018-2577 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 2.1 |
2018-01-18 | CVE-2018-2575 | Oracle | Unspecified vulnerability in Oracle Database Server 11.2.0.4/12.2.0.1 Vulnerability in the Core RDBMS component of Oracle Database Server. | 2.1 |
2018-01-18 | CVE-2017-5699 | Intel | Improper Input Validation vulnerability in Intel Minnowboard 3 Firmware Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs. | 2.1 |
2018-01-16 | CVE-2017-17429 | K7Computing | Improper Input Validation vulnerability in K7Computing products In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL. | 2.1 |
2018-01-16 | CVE-2017-16556 | K7Computing | Improper Input Validation vulnerability in K7Computing products In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations. | 2.1 |
2018-01-18 | CVE-2018-2560 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 1.2 |