Weekly Vulnerabilities Reports > January 29 to February 4, 2018

Overview

207 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 299 products from 109 vendors including Atlassian, Debian, IBM, Canonical, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "SQL Injection", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 165 reported vulnerabilities are remotely exploitables.
  • 34 reported vulnerabilities have public exploit available.
  • 80 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 166 reported vulnerabilities are exploitable by an anonymous user.
  • Atlassian has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Iball has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-31 CVE-2018-6476 Superantispyware Improper Input Validation vulnerability in Superantispyware 6.0.1254

In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.

10.0
2018-01-31 CVE-2018-5701 Iolo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iolo System Shield 5.0.0.136

In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.

10.0
2018-01-30 CVE-2016-6598 BMC Improper Access Control vulnerability in BMC Track-It! 11.4

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010.

10.0
2018-01-29 CVE-2018-0101 Cisco Double Free vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

10.0
2018-01-29 CVE-2018-6387 Iball Use of Hard-coded Credentials vulnerability in Iball Ib-Wra150N Firmware 1.2.6

iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.

10.0
2018-02-02 CVE-2018-6551 GNU Integer Overflow or Wraparound vulnerability in GNU Glibc 2.24/2.25/2.26

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.

9.8
2018-02-02 CVE-2018-6486 Microfocus XXE vulnerability in Microfocus products

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10.

9.8
2018-01-29 CVE-2017-4947 Vmware Deserialization of Untrusted Data vulnerability in VMWare Vrealize Automation and Vsphere Integrated Containers

VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon.

9.8
2018-02-03 CVE-2017-18123 Dokuwiki
Debian
Improper Input Validation vulnerability in multiple products

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

9.3
2018-02-02 CVE-2018-6318 Sophos Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.).

9.3
2018-01-31 CVE-2017-15655 Asus Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Asuswrt

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X.

9.3
2018-01-31 CVE-2018-6475 Superantispyware Untrusted Search Path vulnerability in Superantispyware 6.0.1254

In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.

9.3
2018-01-31 CVE-2014-1632 Eventum Project Permission Issues vulnerability in Eventum Project Eventum

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.

9.3
2018-02-02 CVE-2018-6317 Claymore Dual Miner Project Use of Externally-Controlled Format String vulnerability in Claymore Dual Miner Project Claymore Dual Miner

The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.

9.1
2018-02-01 CVE-2018-6186 Citrix Server-Side Request Forgery (SSRF) vulnerability in Citrix Netscaler 12.0

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account.

9.0
2018-01-29 CVE-2018-6388 Iball OS Command Injection vulnerability in Iball Ib-Wra150N Firmware 1.2.6

iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.

9.0

57 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-01-29 CVE-2018-3835 Disneyanimation Out-of-bounds Write vulnerability in Disneyanimation Ptex 2.2

An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX.

8.8
2018-02-02 CVE-2017-18120 Lcdf Double Free vulnerability in Lcdf Gifsicle 1.90

A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.

7.8
2018-01-31 CVE-2018-6479 Seasofsolutions Unspecified vulnerability in Seasofsolutions IP Camera Firmware

An issue was discovered on Netwave IP Camera devices.

7.8
2018-01-31 CVE-2018-0136 Cisco Unspecified vulnerability in Cisco IOS XR 5.3.4

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition.

7.8
2018-01-30 CVE-2018-6407 Conceptronic Improper Input Validation vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices.

7.8
2018-01-30 CVE-2014-4705 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.

7.8
2018-01-29 CVE-2017-18079 Linux
Canonical
NULL Pointer Dereference vulnerability in multiple products

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.

7.8
2018-01-29 CVE-2017-18078 Systemd Project
Debian
Opensuse
Link Following vulnerability in multiple products

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

7.8
2018-01-31 CVE-2017-15654 Asus Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743

Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.

7.6
2018-02-03 CVE-2017-17108 Konakart Path Traversal vulnerability in Konakart

Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server.

7.5
2018-02-02 CVE-2018-6581 Joommasters SQL Injection vulnerability in Joommasters JMS Music 1.1.1

SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.

7.5
2018-02-02 CVE-2018-6580 Janguo Unrestricted Upload of File with Dangerous Type vulnerability in Janguo Jimtawl 2.1.6/2.2.5

Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.

7.5
2018-02-02 CVE-2018-6579 Jextn SQL Injection vulnerability in Jextn Reverse Auction 3.1.0

SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.

7.5
2018-02-02 CVE-2018-6578 Jextn SQL Injection vulnerability in Jextn JE Paypervideo 3.0.0

SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.

7.5
2018-02-02 CVE-2018-6577 Jextn SQL Injection vulnerability in Jextn Membership 3.1.0

SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.

7.5
2018-02-02 CVE-2018-6576 Ezcode SQL Injection vulnerability in Ezcode Event Manager 1.0

SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.

7.5
2018-02-02 CVE-2018-6575 Jextn SQL Injection vulnerability in Jextn Classified 1.0.0

SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.

7.5
2018-02-02 CVE-2018-6548 Webmproject Use After Free vulnerability in Webmproject Libwebm

A use-after-free issue was discovered in libwebm through 2018-02-02.

7.5
2018-02-02 CVE-2018-6537 Flexense Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze 10.4.18

A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.

7.5
2018-02-02 CVE-2018-6521 Simplesamlphp
Debian
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters.
7.5
2018-02-01 CVE-2015-2204 Evergreen ILS Information Exposure vulnerability in Evergreen-Ils Evergreen

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.

7.5
2018-02-01 CVE-2014-3244 Sugarcrm XXE vulnerability in Sugarcrm

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

7.5
2018-02-01 CVE-2014-3005 Zabbix
Fedoraproject
XXE vulnerability in multiple products

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

7.5
2018-02-01 CVE-2011-4069 Packetfence LDAP Injection vulnerability in Packetfence

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

7.5
2018-02-01 CVE-2011-4068 Packetfence Improper Authentication vulnerability in Packetfence

The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.

7.5
2018-02-01 CVE-2018-6485 GNU
Redhat
Oracle
Netapp
Integer Overflow or Wraparound vulnerability in multiple products

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

7.5
2018-02-01 CVE-2018-0510 Kkcald Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kkcald Project Kkcald 0.7.19

Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors.

7.5
2018-02-01 CVE-2017-16861 Atlassian Unspecified vulnerability in Atlassian Crucible and Fisheye

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur.

7.5
2018-01-30 CVE-2016-6599 BMC Credentials Management vulnerability in BMC Track-It! 11.4

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010.

7.5
2018-01-30 CVE-2018-6376 Joomla SQL Injection vulnerability in Joomla Joomla!

In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

7.5
2018-01-30 CVE-2018-6398 Joomlacalendars SQL Injection vulnerability in Joomlacalendars Event Calendar 3.0.1

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.

7.5
2018-01-30 CVE-2018-6395 Joomlacalendars SQL Injection vulnerability in Joomlacalendars Visual Calendar 3.1.3

SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.

7.5
2018-01-29 CVE-2016-10711 Debian
Apsis
HTTP Request Smuggling vulnerability in multiple products

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

7.5
2018-01-29 CVE-2017-12626 Apache Infinite Loop vulnerability in Apache POI

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

7.5
2018-01-29 CVE-2017-1000353 Jenkins
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution.

7.5
2018-01-29 CVE-2018-6367 Vastal SQL Injection vulnerability in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9

SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.

7.5
2018-01-29 CVE-2018-6365 Datacomponents SQL Injection vulnerability in Datacomponents Tsitebuilder 1.0

SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.

7.5
2018-01-29 CVE-2018-6364 Multilanguage Real Estate MLM Script Project SQL Injection vulnerability in Multilanguage Real Estate MLM Script Project Multilanguage Real Estate MLM Script

SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.

7.5
2018-01-29 CVE-2018-6363 Taskrabbit Clone Project SQL Injection vulnerability in Taskrabbit Clone Project Taskrabbit Clone 1.0

SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.

7.5
2018-02-03 CVE-2018-1185 Dell OS Command Injection vulnerability in Dell products

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3.

7.2
2018-02-03 CVE-2018-1184 Dell OS Command Injection vulnerability in Dell products

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3.

7.2
2018-02-02 CVE-2017-5727 Intel NULL Pointer Dereference vulnerability in Intel Graphics Driver

Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.

7.2
2018-02-02 CVE-2017-14180 Apport Project
Canonical
Resource Exhaustion vulnerability in multiple products

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.

7.2
2018-02-02 CVE-2017-14179 Apport Project
Canonical
Resource Exhaustion vulnerability in multiple products

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.

7.2
2018-02-02 CVE-2017-14177 Apport Project
Canonical
Resource Exhaustion vulnerability in multiple products

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges.

7.2
2018-02-01 CVE-2014-3752 Gdata Software Permissions, Privileges, and Access Controls vulnerability in Gdata-Software Totalprotection 24.0.2.1

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.

7.2
2018-02-01 CVE-2017-1000408 GNU Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc 2.1.1

A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable.

7.2
2018-01-31 CVE-2017-16945 Haystacksoftware Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ

The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.

7.2
2018-01-31 CVE-2017-16928 Haystacksoftware Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ

The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.

7.2
2018-01-31 CVE-2018-6384 Nsclient Unquoted Search Path or Element vulnerability in Nsclient Nsclient++ 0.3.8.76

Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.

7.2
2018-01-31 CVE-2017-1233 IBM Incorrect Authorization vulnerability in IBM Bigfix Remote Control 9.1.4

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges.

7.2
2018-01-31 CVE-2018-1000001 GNU
Canonical
Redhat
Out-of-bounds Write vulnerability in multiple products

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

7.2
2018-01-30 CVE-2018-6195 Splashing Images Project Unspecified vulnerability in Splashing Images Project Splashing Images 1.0/2.0/2.1

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.

7.2
2018-01-29 CVE-2018-6393 Sangoma SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter.

7.2
2018-01-31 CVE-2017-16914 Linux NULL Pointer Dereference vulnerability in Linux Kernel

The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.

7.1
2018-01-31 CVE-2017-16913 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.

7.1
2018-01-31 CVE-2017-16912 Linux Out-of-bounds Read vulnerability in Linux Kernel

The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.

7.1

117 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-02-01 CVE-2017-1000409 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc 2.5

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable.

6.9
2018-02-04 CVE-2018-6611 Openmpt Out-of-bounds Read vulnerability in Openmpt Libopenmpt and Openmpt

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.

6.8
2018-02-02 CVE-2017-18122 Simplesamlphp
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16.

6.8
2018-02-02 CVE-2017-18080 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo

The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.

6.8
2018-02-02 CVE-2017-18042 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo

The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.

6.8
2018-02-02 CVE-2018-6543 GNU Integer Overflow or Wraparound vulnerability in GNU Binutils 2.30

In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size.

6.8
2018-02-01 CVE-2014-9502 Open Atrium Project Cross-Site Request Forgery (CSRF) vulnerability in Open Atrium Project Open Atrium

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.

6.8
2018-02-01 CVE-2018-0509 Kkcald Project Cross-Site Request Forgery (CSRF) vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21

Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.

6.8
2018-01-31 CVE-2018-6480 CCN Lite Incorrect Type Conversion or Cast vulnerability in Ccn-Lite 2.0.0

A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention).

6.8
2018-01-31 CVE-2018-6462 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Viewer and Viewer AX SDK

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.

6.8
2018-01-31 CVE-2018-5996 7 ZIP
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

6.8
2018-01-30 CVE-2018-6408 Conceptronic Cross-Site Request Forgery (CSRF) vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices.

6.8
2018-01-30 CVE-2018-6406 Webmproject Out-of-bounds Read vulnerability in Webmproject Libwebm

The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.

6.8
2018-01-30 CVE-2017-17969 7 ZIP
Debian
Out-of-bounds Write vulnerability in multiple products

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

6.8
2018-01-29 CVE-2018-6391 Netis Systems Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Wf2419 Firmware 2.2.36123

A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices.

6.8
2018-01-29 CVE-2017-1000356 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.

6.8
2018-01-29 CVE-2017-4951 Vmware Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch

VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog.

6.8
2018-01-29 CVE-2018-6007 Joomsky Cross-Site Request Forgery (CSRF) vulnerability in Joomsky JS Support Ticket 1.1.0

CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.

6.8
2018-01-29 CVE-2018-5720 Dodocool Cross-Site Request Forgery (CSRF) vulnerability in Dodocool Dc38 Firmware Rtn2Aw.Gd.R3465.1.20161103

An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices.

6.8
2018-02-01 CVE-2018-1192 Pivotal Software Information Exposure vulnerability in Pivotal Software products

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs.

6.5
2018-02-01 CVE-2015-2203 Evergreen ILS Information Exposure vulnerability in Evergreen-Ils Evergreen 2.5.9/2.6.7/2.7.4

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.

6.5
2018-02-01 CVE-2013-7435 Evergreen ILS Information Exposure vulnerability in Evergreen-Ils Evergreen

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

6.5
2018-01-31 CVE-2017-15653 Asus Insufficient Session Expiration vulnerability in Asus Asuswrt

Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.

6.5
2018-01-30 CVE-2017-1731 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console.

6.5
2018-01-29 CVE-2018-6383 Monstra Incomplete Blacklist vulnerability in Monstra

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.

6.5
2018-01-29 CVE-2017-1000354 Jenkins Improper Authentication vulnerability in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user.

6.5
2018-02-03 CVE-2018-6596 Django Anymail Project
Debian
Information Exposure vulnerability in multiple products

webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.

6.4
2018-01-31 CVE-2018-6374 Pulsesecure Improper Certificate Validation vulnerability in Pulsesecure Desktop Linux Client

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation.

6.4
2018-01-30 CVE-2011-2902 Glyphandcog
Debian
Improper Input Validation vulnerability in multiple products

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

6.4
2018-01-30 CVE-2017-1000141 Mahara Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara

An issue was discovered in Mahara before 18.10.0.

6.4
2018-01-29 CVE-2018-1364 IBM XXE vulnerability in IBM Content Navigator 2.0.3/3.0.2/3.0.3

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

6.4
2018-02-02 CVE-2018-6525 Inca Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.

6.1
2018-02-02 CVE-2018-6524 Inca Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.

6.1
2018-02-02 CVE-2018-6523 Inca Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.

6.1
2018-02-02 CVE-2018-6522 Inca Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.

6.1
2018-01-31 CVE-2018-6474 Superantispyware Improper Input Validation vulnerability in Superantispyware 6.0.1254

In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148.

6.1
2018-01-31 CVE-2018-6473 Superantispyware Improper Input Validation vulnerability in Superantispyware 6.0.1254

In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080.

6.1
2018-01-31 CVE-2018-6472 Superantispyware Improper Input Validation vulnerability in Superantispyware 6.0.1254

In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c.

6.1
2018-01-31 CVE-2018-6471 Superantispyware Improper Input Validation vulnerability in Superantispyware 6.0.1254

In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078.

6.1
2018-02-01 CVE-2017-2297 Puppet Improper Authentication vulnerability in Puppet Enterprise

Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens.

6.0
2018-01-31 CVE-2017-15698 Apache
Debian
Improper Certificate Validation vulnerability in multiple products

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes.

5.9
2018-02-02 CVE-2018-6520 Simplesamlphp Open Redirect vulnerability in Simplesamlphp

SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.

5.8
2018-02-01 CVE-2017-3160 Apache Man in the Middle Security Bypass vulnerability in Apache Cordova For Android

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build.

5.8
2018-02-02 CVE-2016-0342 IBM Improper Access Control vulnerability in IBM Tririga Application Platform

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access.

5.5
2018-02-02 CVE-2016-0300 IBM Improper Input Validation vulnerability in IBM Tririga Application Platform

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation.

5.5
2018-02-02 CVE-2018-6544 Artifex
Debian
Uncontrolled Recursion vulnerability in multiple products

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

5.5
2018-02-01 CVE-2017-2293 Puppet Unspecified vulnerability in Puppet Enterprise

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents.

5.5
2018-02-01 CVE-2014-9503 Open Atrium Project Permissions, Privileges, and Access Controls vulnerability in Open Atrium Project Open Atrium

The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.

5.5
2018-01-31 CVE-2017-18043 Qemu
Debian
Canonical
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

5.5
2018-01-29 CVE-2017-9513 Atlassian Missing Authorization vulnerability in Atlassian Activity Streams

Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.

5.5
2018-01-31 CVE-2017-15706 Apache Improperly Implemented Security Check for Standard vulnerability in Apache Tomcat

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute.

5.3
2018-02-03 CVE-2018-6594 Dlitz
Debian
Canonical
Inadequate Encryption Strength vulnerability in multiple products

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack).

5.0
2018-02-03 CVE-2015-2186 EDX Improper Input Validation vulnerability in EDX Configuration and Edx-Platform

The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting.

5.0
2018-02-03 CVE-2009-5144 MOD Gnutls Project 7PK - Security Features vulnerability in MOD Gnutls Project MOD Gnutls

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.

5.0
2018-02-02 CVE-2016-0312 IBM Information Exposure vulnerability in IBM Tririga Application Platform

IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager.

5.0
2018-02-02 CVE-2017-18038 Atlassian Path Traversal vulnerability in Atlassian Bitbucket

The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.

5.0
2018-02-02 CVE-2017-14178 Snapcraft Improper Handling of Exceptional Conditions vulnerability in Snapcraft Snapd

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.

5.0
2018-02-02 CVE-2018-6526 Mantisbt Information Exposure vulnerability in Mantisbt

view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.

5.0
2018-02-02 CVE-2018-6519 Simplesamlphp
Debian
Injection vulnerability in multiple products

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.

5.0
2018-02-01 CVE-2014-9504 Open Atrium Project Improper Access Control vulnerability in Open Atrium Project Open Atrium

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.

5.0
2018-02-01 CVE-2018-6470 Nibbleblog Information Exposure vulnerability in Nibbleblog 4.0.5

Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.

5.0
2018-01-31 CVE-2014-1631 Eventum Project Permission Issues vulnerability in Eventum Project Eventum

Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.

5.0
2018-01-31 CVE-2018-6460 Anchorfree Information Exposure vulnerability in Anchorfree Hotspot Shield

Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895.

5.0
2018-01-31 CVE-2017-1000411 Opendaylight Improper Resource Shutdown or Release vulnerability in Opendaylight and Openflow

OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown.

5.0
2018-01-31 CVE-2018-6412 Linux Information Exposure vulnerability in Linux Kernel

In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.

5.0
2018-01-30 CVE-2018-6397 Joomlacalendars Path Traversal vulnerability in Joomlacalendars Picture Calendar 3.1.4

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.

5.0
2018-01-29 CVE-2017-15133 Miekg DNS Prject Resource Exhaustion vulnerability in Miekg-Dns Prject Miekg-Dns

A denial of service flaw was found in miekg-dns before 1.0.4.

5.0
2018-01-29 CVE-2017-14698 Asus Improper Authentication vulnerability in Asus products

ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.

5.0
2018-01-29 CVE-2018-6008 Joomlatag Information Exposure vulnerability in Joomlatag Jtag Members Directory 5.3.7

Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.

5.0
2018-02-02 CVE-2018-6319 Sophos NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument.

4.9
2018-02-02 CVE-2016-0329 IBM Open Redirect vulnerability in IBM Emptoris Sourcing

Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.9
2018-02-02 CVE-2018-6536 Icinga Incorrect Permission Assignment for Critical Resource vulnerability in Icinga

An issue was discovered in Icinga 2.x through 2.8.1.

4.9
2018-02-01 CVE-2014-3519 Openvz Improper Access Control vulnerability in Openvz Vzkernel 2.6.32

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.

4.9
2018-01-31 CVE-2017-16858 Atlassian Improper Authentication vulnerability in Atlassian Crowd

The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature.

4.9
2018-02-04 CVE-2018-6606 Malwarefox Incorrect Permission Assignment for Critical Resource vulnerability in Malwarefox Antimalware 2.74.0.150

An issue was discovered in MalwareFox AntiMalware 2.74.0.150.

4.6
2018-02-03 CVE-2018-6593 Malwarefox Incorrect Permission Assignment for Critical Resource vulnerability in Malwarefox Antimalware 2.74.0.150

An issue was discovered in MalwareFox AntiMalware 2.74.0.150.

4.6
2018-02-02 CVE-2014-1834 Echor Project Command Injection vulnerability in Echor Project Echor 0.1.6

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.

4.6
2018-02-02 CVE-2018-6560 Flatpak
Redhat
Interpretation Conflict vulnerability in multiple products

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

4.6
2018-01-31 CVE-2017-8916 Cisecurity Weak Password Recovery Mechanism for Forgotten Password vulnerability in Cisecurity Cis-Cat PRO Dashboard

In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.

4.6
2018-01-30 CVE-2018-5441 Phoenixcontact Improper Input Validation vulnerability in Phoenixcontact products

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0.

4.6
2018-02-04 CVE-2018-6616 Uclouvain
Debian
Canonical
Oracle
Resource Exhaustion vulnerability in multiple products

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.

4.3
2018-02-04 CVE-2018-6612 Jhead Project Integer Underflow (Wrap or Wraparound) vulnerability in Jhead Project Jhead 3.0

An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.

4.3
2018-02-04 CVE-2017-17703 Synacor Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.

4.3
2018-02-02 CVE-2018-5261 Flexense Missing Encryption of Sensitive Data vulnerability in Flexense Diskboss

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier.

4.3
2018-02-02 CVE-2015-2796 Projectpier Cross-site Scripting vulnerability in Projectpier 0.8.8

Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.

4.3
2018-02-02 CVE-2018-6561 Dojotoolkit Cross-site Scripting vulnerability in Dojotoolkit Dojo 1.13.0

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

4.3
2018-02-02 CVE-2017-18121 Simplesamlphp
Debian
Cross-site Scripting vulnerability in multiple products

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.

4.3
2018-02-02 CVE-2017-18086 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

4.3
2018-02-02 CVE-2017-18085 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

4.3
2018-02-02 CVE-2017-18081 Atlassian Cross-site Scripting vulnerability in Atlassian Bamboo

The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.

4.3
2018-02-02 CVE-2017-18039 Atlassian Cross-site Scripting vulnerability in Atlassian Jira

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

4.3
2018-02-02 CVE-2018-6545 Ipswitch Cross-site Scripting vulnerability in Ipswitch Moveit 8.1

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx.

4.3
2018-02-02 CVE-2018-6542 Zziplib Project Unspecified vulnerability in Zziplib Project Zziplib 0.13.67

In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.

4.3
2018-02-02 CVE-2018-6541 Zziplib Project
Canonical
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c).
4.3
2018-02-02 CVE-2018-6540 Zziplib Project
Canonical
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.
4.3
2018-02-01 CVE-2018-0511 Meowapps Cross-site Scripting vulnerability in Meowapps WP Retina 2X

Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-02-01 CVE-2018-0508 Kkcald Project Cross-site Scripting vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21

Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

4.3
2018-02-01 CVE-2018-6484 Zziplib Project
Canonical
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c.
4.3
2018-01-31 CVE-2018-6465 WP Property Hive Cross-site Scripting vulnerability in Wp-Property-Hive Propertyhive

The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

4.3
2018-01-31 CVE-2018-6464 Mycolorway Cross-site Scripting vulnerability in Mycolorway Simditor 2.3.11

Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.

4.3
2018-01-31 CVE-2017-1773 IBM Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway

IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic.

4.3
2018-01-30 CVE-2018-6405 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer.

4.3
2018-01-30 CVE-2018-6380 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

4.3
2018-01-30 CVE-2018-6379 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.

4.3
2018-01-30 CVE-2018-6377 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox

4.3
2018-01-30 CVE-2018-6355 Iball Cross-site Scripting vulnerability in Iball Ib-Wrb302N Firmware 1.0.1Sep82017

/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter.

4.3
2018-01-29 CVE-2018-6392 Ffmpeg
Debian
Out-of-bounds Read vulnerability in multiple products

The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.

4.3
2018-01-29 CVE-2018-6390 WPS Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in WPS Office 10.1.0.7106/10.2.0.5978

The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.

4.3
2018-01-29 CVE-2018-6381 Zziplib Project
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.

4.3
2018-01-29 CVE-2017-14190 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.

4.3
2018-02-02 CVE-2017-18037 Atlassian Path Traversal vulnerability in Atlassian Bitbucket

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.

4.0
2018-02-02 CVE-2017-18036 Atlassian Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.

4.0
2018-02-02 CVE-2017-18035 Atlassian Missing Authorization vulnerability in Atlassian Crucible and Fisheye

The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.

4.0
2018-02-01 CVE-2017-2296 Puppet Improper Input Validation vulnerability in Puppet Enterprise 2017.1.0/2017.1.1/2017.2.1

In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service.

4.0
2018-01-31 CVE-2017-15656 Asus Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743

Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.

4.0
2018-01-29 CVE-2017-1000355 Jenkins Deserialization of Untrusted Data vulnerability in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

4.0
2018-01-29 CVE-2017-14699 Asus XXE vulnerability in Asus products

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.

4.0

17 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-02-04 CVE-2017-8783 Synacor Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.

3.5
2018-02-02 CVE-2016-0311 IBM Cross-site Scripting vulnerability in IBM Tivoli Business Service Manager 6.1.0/6.1.1

Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-02-02 CVE-2016-0303 IBM Cross-site Scripting vulnerability in IBM Tivoli Integrated Portal

Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2018-02-02 CVE-2017-18084 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

3.5
2018-02-02 CVE-2017-18083 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

3.5
2018-02-02 CVE-2017-18082 Atlassian Cross-site Scripting vulnerability in Atlassian Bamboo

The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.

3.5
2018-02-02 CVE-2017-18041 Atlassian Cross-site Scripting vulnerability in Atlassian Bamboo

The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

3.5
2018-02-02 CVE-2017-18040 Atlassian Cross-site Scripting vulnerability in Atlassian Bamboo

The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

3.5
2018-02-02 CVE-2017-18034 Atlassian Cross-site Scripting vulnerability in Atlassian Crucible

The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.

3.5
2018-02-02 CVE-2018-6550 Monstra Cross-site Scripting vulnerability in Monstra

Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.

3.5
2018-01-30 CVE-2018-6194 Splashing Images Project Cross-site Scripting vulnerability in Splashing Images Project Splashing Images 1.0/2.0/2.1

A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.

3.5
2018-01-30 CVE-2018-6382 Mantisbt SQL Injection vulnerability in Mantisbt 2.10.0

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address.

3.3
2018-02-02 CVE-2014-1835 Echor Project Credentials Management vulnerability in Echor Project Echor 0.1.6

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

2.1
2018-01-29 CVE-2017-1784 IBM
Netapp
Information Exposure vulnerability in multiple products

IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user.

2.1
2018-01-29 CVE-2017-1783 IBM
Netapp
Improper Authentication vulnerability in multiple products

IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication.

2.1
2018-01-29 CVE-2017-1779 IBM
Netapp
Insufficiently Protected Credentials vulnerability in multiple products

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user.

2.1
2018-01-31 CVE-2017-16911 Linux Information Exposure vulnerability in Linux Kernel

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses.

1.9