Weekly Vulnerabilities Reports > January 29 to February 4, 2018
Overview
207 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 299 products from 109 vendors including Atlassian, Debian, IBM, Canonical, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "SQL Injection", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 165 reported vulnerabilities are remotely exploitables.
- 34 reported vulnerabilities have public exploit available.
- 80 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 166 reported vulnerabilities are exploitable by an anonymous user.
- Atlassian has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Iball has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-01-31 | CVE-2018-6476 | Superantispyware | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. | 10.0 |
2018-01-31 | CVE-2018-5701 | Iolo | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iolo System Shield 5.0.0.136 In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003. | 10.0 |
2018-01-30 | CVE-2016-6598 | BMC | Improper Access Control vulnerability in BMC Track-It! 11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. | 10.0 |
2018-01-29 | CVE-2018-0101 | Cisco | Double Free vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. | 10.0 |
2018-01-29 | CVE-2018-6387 | Iball | Use of Hard-coded Credentials vulnerability in Iball Ib-Wra150N Firmware 1.2.6 iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. | 10.0 |
2018-02-02 | CVE-2018-6551 | GNU | Integer Overflow or Wraparound vulnerability in GNU Glibc 2.24/2.25/2.26 The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. | 9.8 |
2018-02-02 | CVE-2018-6486 | Microfocus | XXE vulnerability in Microfocus products XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. | 9.8 |
2018-01-29 | CVE-2017-4947 | Vmware | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Automation and Vsphere Integrated Containers VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. | 9.8 |
2018-02-03 | CVE-2017-18123 | Dokuwiki Debian | Improper Input Validation vulnerability in multiple products The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. | 9.3 |
2018-02-02 | CVE-2018-6318 | Sophos | Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). | 9.3 |
2018-01-31 | CVE-2017-15655 | Asus | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Asuswrt Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. | 9.3 |
2018-01-31 | CVE-2018-6475 | Superantispyware | Untrusted Search Path vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | 9.3 |
2018-01-31 | CVE-2014-1632 | Eventum Project | Permission Issues vulnerability in Eventum Project Eventum htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | 9.3 |
2018-02-02 | CVE-2018-6317 | Claymore Dual Miner Project | Use of Externally-Controlled Format String vulnerability in Claymore Dual Miner Project Claymore Dual Miner The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service. | 9.1 |
2018-02-01 | CVE-2018-6186 | Citrix | Server-Side Request Forgery (SSRF) vulnerability in Citrix Netscaler 12.0 Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. | 9.0 |
2018-01-29 | CVE-2018-6388 | Iball | OS Command Injection vulnerability in Iball Ib-Wra150N Firmware 1.2.6 iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. | 9.0 |
57 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-01-29 | CVE-2018-3835 | Disneyanimation | Out-of-bounds Write vulnerability in Disneyanimation Ptex 2.2 An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. | 8.8 |
2018-02-02 | CVE-2017-18120 | Lcdf | Double Free vulnerability in Lcdf Gifsicle 1.90 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. | 7.8 |
2018-01-31 | CVE-2018-6479 | Seasofsolutions | Unspecified vulnerability in Seasofsolutions IP Camera Firmware An issue was discovered on Netwave IP Camera devices. | 7.8 |
2018-01-31 | CVE-2018-0136 | Cisco | Unspecified vulnerability in Cisco IOS XR 5.3.4 A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. | 7.8 |
2018-01-30 | CVE-2018-6407 | Conceptronic | Improper Input Validation vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. | 7.8 |
2018-01-30 | CVE-2014-4705 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | 7.8 |
2018-01-29 | CVE-2017-18079 | Linux Canonical | NULL Pointer Dereference vulnerability in multiple products drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. | 7.8 |
2018-01-29 | CVE-2017-18078 | Systemd Project Debian Opensuse | Link Following vulnerability in multiple products systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | 7.8 |
2018-01-31 | CVE-2017-15654 | Asus | Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | 7.6 |
2018-02-03 | CVE-2017-17108 | Konakart | Path Traversal vulnerability in Konakart Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server. | 7.5 |
2018-02-02 | CVE-2018-6581 | Joommasters | SQL Injection vulnerability in Joommasters JMS Music 1.1.1 SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. | 7.5 |
2018-02-02 | CVE-2018-6580 | Janguo | Unrestricted Upload of File with Dangerous Type vulnerability in Janguo Jimtawl 2.1.6/2.2.5 Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. | 7.5 |
2018-02-02 | CVE-2018-6579 | Jextn | SQL Injection vulnerability in Jextn Reverse Auction 3.1.0 SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. | 7.5 |
2018-02-02 | CVE-2018-6578 | Jextn | SQL Injection vulnerability in Jextn JE Paypervideo 3.0.0 SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | 7.5 |
2018-02-02 | CVE-2018-6577 | Jextn | SQL Injection vulnerability in Jextn Membership 3.1.0 SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | 7.5 |
2018-02-02 | CVE-2018-6576 | Ezcode | SQL Injection vulnerability in Ezcode Event Manager 1.0 SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. | 7.5 |
2018-02-02 | CVE-2018-6575 | Jextn | SQL Injection vulnerability in Jextn Classified 1.0.0 SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. | 7.5 |
2018-02-02 | CVE-2018-6548 | Webmproject | Use After Free vulnerability in Webmproject Libwebm A use-after-free issue was discovered in libwebm through 2018-02-02. | 7.5 |
2018-02-02 | CVE-2018-6537 | Flexense | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze 10.4.18 A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. | 7.5 |
2018-02-02 | CVE-2018-6521 | Simplesamlphp Debian | The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. | 7.5 |
2018-02-01 | CVE-2015-2204 | Evergreen ILS | Information Exposure vulnerability in Evergreen-Ils Evergreen Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | 7.5 |
2018-02-01 | CVE-2014-3244 | Sugarcrm | XXE vulnerability in Sugarcrm XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | 7.5 |
2018-02-01 | CVE-2014-3005 | Zabbix Fedoraproject | XXE vulnerability in multiple products XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | 7.5 |
2018-02-01 | CVE-2011-4069 | Packetfence | LDAP Injection vulnerability in Packetfence html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. | 7.5 |
2018-02-01 | CVE-2011-4068 | Packetfence | Improper Authentication vulnerability in Packetfence The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | 7.5 |
2018-02-01 | CVE-2018-6485 | GNU Redhat Oracle Netapp | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | 7.5 |
2018-02-01 | CVE-2018-0510 | Kkcald Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kkcald Project Kkcald 0.7.19 Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors. | 7.5 |
2018-02-01 | CVE-2017-16861 | Atlassian | Unspecified vulnerability in Atlassian Crucible and Fisheye It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. | 7.5 |
2018-01-30 | CVE-2016-6599 | BMC | Credentials Management vulnerability in BMC Track-It! 11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. | 7.5 |
2018-01-30 | CVE-2018-6376 | Joomla | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 7.5 |
2018-01-30 | CVE-2018-6398 | Joomlacalendars | SQL Injection vulnerability in Joomlacalendars Event Calendar 3.0.1 SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. | 7.5 |
2018-01-30 | CVE-2018-6395 | Joomlacalendars | SQL Injection vulnerability in Joomlacalendars Visual Calendar 3.1.3 SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. | 7.5 |
2018-01-29 | CVE-2016-10711 | Debian Apsis | HTTP Request Smuggling vulnerability in multiple products Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. | 7.5 |
2018-01-29 | CVE-2017-12626 | Apache | Infinite Loop vulnerability in Apache POI Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). | 7.5 |
2018-01-29 | CVE-2017-1000353 | Jenkins Oracle | Deserialization of Untrusted Data vulnerability in multiple products Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. | 7.5 |
2018-01-29 | CVE-2018-6367 | Vastal | SQL Injection vulnerability in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. | 7.5 |
2018-01-29 | CVE-2018-6365 | Datacomponents | SQL Injection vulnerability in Datacomponents Tsitebuilder 1.0 SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. | 7.5 |
2018-01-29 | CVE-2018-6364 | Multilanguage Real Estate MLM Script Project | SQL Injection vulnerability in Multilanguage Real Estate MLM Script Project Multilanguage Real Estate MLM Script SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. | 7.5 |
2018-01-29 | CVE-2018-6363 | Taskrabbit Clone Project | SQL Injection vulnerability in Taskrabbit Clone Project Taskrabbit Clone 1.0 SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. | 7.5 |
2018-02-03 | CVE-2018-1185 | Dell | OS Command Injection vulnerability in Dell products An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. | 7.2 |
2018-02-03 | CVE-2018-1184 | Dell | OS Command Injection vulnerability in Dell products An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. | 7.2 |
2018-02-02 | CVE-2017-5727 | Intel | NULL Pointer Dereference vulnerability in Intel Graphics Driver Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access. | 7.2 |
2018-02-02 | CVE-2017-14180 | Apport Project Canonical | Resource Exhaustion vulnerability in multiple products Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | 7.2 |
2018-02-02 | CVE-2017-14179 | Apport Project Canonical | Resource Exhaustion vulnerability in multiple products Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | 7.2 |
2018-02-02 | CVE-2017-14177 | Apport Project Canonical | Resource Exhaustion vulnerability in multiple products Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. | 7.2 |
2018-02-01 | CVE-2014-3752 | Gdata Software | Permissions, Privileges, and Access Controls vulnerability in Gdata-Software Totalprotection 24.0.2.1 The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call. | 7.2 |
2018-02-01 | CVE-2017-1000408 | GNU | Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc 2.1.1 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. | 7.2 |
2018-01-31 | CVE-2017-16945 | Haystacksoftware | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | 7.2 |
2018-01-31 | CVE-2017-16928 | Haystacksoftware | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | 7.2 |
2018-01-31 | CVE-2018-6384 | Nsclient | Unquoted Search Path or Element vulnerability in Nsclient Nsclient++ 0.3.8.76 Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder. | 7.2 |
2018-01-31 | CVE-2017-1233 | IBM | Incorrect Authorization vulnerability in IBM Bigfix Remote Control 9.1.4 IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. | 7.2 |
2018-01-31 | CVE-2018-1000001 | GNU Canonical Redhat | Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | 7.2 |
2018-01-30 | CVE-2018-6195 | Splashing Images Project | Unspecified vulnerability in Splashing Images Project Splashing Images 1.0/2.0/2.1 admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php. | 7.2 |
2018-01-29 | CVE-2018-6393 | Sangoma | SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24 FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. | 7.2 |
2018-01-31 | CVE-2017-16914 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. | 7.1 |
2018-01-31 | CVE-2017-16913 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. | 7.1 |
2018-01-31 | CVE-2017-16912 | Linux | Out-of-bounds Read vulnerability in Linux Kernel The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. | 7.1 |
117 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-02-01 | CVE-2017-1000409 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc 2.5 A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. | 6.9 |
2018-02-04 | CVE-2018-6611 | Openmpt | Out-of-bounds Read vulnerability in Openmpt Libopenmpt and Openmpt soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. | 6.8 |
2018-02-02 | CVE-2017-18122 | Simplesamlphp Debian | Improper Verification of Cryptographic Signature vulnerability in multiple products A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. | 6.8 |
2018-02-02 | CVE-2017-18080 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 6.8 |
2018-02-02 | CVE-2017-18042 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 6.8 |
2018-02-02 | CVE-2018-6543 | GNU | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.30 In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. | 6.8 |
2018-02-01 | CVE-2014-9502 | Open Atrium Project | Cross-Site Request Forgery (CSRF) vulnerability in Open Atrium Project Open Atrium Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | 6.8 |
2018-02-01 | CVE-2018-0509 | Kkcald Project | Cross-Site Request Forgery (CSRF) vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21 Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2018-01-31 | CVE-2018-6480 | CCN Lite | Incorrect Type Conversion or Cast vulnerability in Ccn-Lite 2.0.0 A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). | 6.8 |
2018-01-31 | CVE-2018-6462 | Tracker Software | Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Viewer and Viewer AX SDK Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. | 6.8 |
2018-01-31 | CVE-2018-5996 | 7 ZIP Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 6.8 |
2018-01-30 | CVE-2018-6408 | Conceptronic | Cross-Site Request Forgery (CSRF) vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. | 6.8 |
2018-01-30 | CVE-2018-6406 | Webmproject | Out-of-bounds Read vulnerability in Webmproject Libwebm The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. | 6.8 |
2018-01-30 | CVE-2017-17969 | 7 ZIP Debian | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. | 6.8 |
2018-01-29 | CVE-2018-6391 | Netis Systems | Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Wf2419 Firmware 2.2.36123 A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. | 6.8 |
2018-01-29 | CVE-2017-1000356 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | 6.8 |
2018-01-29 | CVE-2017-4951 | Vmware | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. | 6.8 |
2018-01-29 | CVE-2018-6007 | Joomsky | Cross-Site Request Forgery (CSRF) vulnerability in Joomsky JS Support Ticket 1.1.0 CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | 6.8 |
2018-01-29 | CVE-2018-5720 | Dodocool | Cross-Site Request Forgery (CSRF) vulnerability in Dodocool Dc38 Firmware Rtn2Aw.Gd.R3465.1.20161103 An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. | 6.8 |
2018-02-01 | CVE-2018-1192 | Pivotal Software | Information Exposure vulnerability in Pivotal Software products In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. | 6.5 |
2018-02-01 | CVE-2015-2203 | Evergreen ILS | Information Exposure vulnerability in Evergreen-Ils Evergreen 2.5.9/2.6.7/2.7.4 Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | 6.5 |
2018-02-01 | CVE-2013-7435 | Evergreen ILS | Information Exposure vulnerability in Evergreen-Ils Evergreen The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | 6.5 |
2018-01-31 | CVE-2017-15653 | Asus | Insufficient Session Expiration vulnerability in Asus Asuswrt Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | 6.5 |
2018-01-30 | CVE-2017-1731 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. | 6.5 |
2018-01-29 | CVE-2018-6383 | Monstra | Incomplete Blacklist vulnerability in Monstra Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. | 6.5 |
2018-01-29 | CVE-2017-1000354 | Jenkins | Improper Authentication vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. | 6.5 |
2018-02-03 | CVE-2018-6596 | Django Anymail Project Debian | Information Exposure vulnerability in multiple products webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events. | 6.4 |
2018-01-31 | CVE-2018-6374 | Pulsesecure | Improper Certificate Validation vulnerability in Pulsesecure Desktop Linux Client The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. | 6.4 |
2018-01-30 | CVE-2011-2902 | Glyphandcog Debian | Improper Input Validation vulnerability in multiple products zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. | 6.4 |
2018-01-30 | CVE-2017-1000141 | Mahara | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara An issue was discovered in Mahara before 18.10.0. | 6.4 |
2018-01-29 | CVE-2018-1364 | IBM | XXE vulnerability in IBM Content Navigator 2.0.3/3.0.2/3.0.3 IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2018-02-02 | CVE-2018-6525 | Inca | Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38 In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458. | 6.1 |
2018-02-02 | CVE-2018-6524 | Inca | Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38 In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20. | 6.1 |
2018-02-02 | CVE-2018-6523 | Inca | Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38 In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c. | 6.1 |
2018-02-02 | CVE-2018-6522 | Inca | Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38 In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408. | 6.1 |
2018-01-31 | CVE-2018-6474 | Superantispyware | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. | 6.1 |
2018-01-31 | CVE-2018-6473 | Superantispyware | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. | 6.1 |
2018-01-31 | CVE-2018-6472 | Superantispyware | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. | 6.1 |
2018-01-31 | CVE-2018-6471 | Superantispyware | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. | 6.1 |
2018-02-01 | CVE-2017-2297 | Puppet | Improper Authentication vulnerability in Puppet Enterprise Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. | 6.0 |
2018-01-31 | CVE-2017-15698 | Apache Debian | Improper Certificate Validation vulnerability in multiple products When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. | 5.9 |
2018-02-02 | CVE-2018-6520 | Simplesamlphp | Open Redirect vulnerability in Simplesamlphp SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | 5.8 |
2018-02-01 | CVE-2017-3160 | Apache | Man in the Middle Security Bypass vulnerability in Apache Cordova For Android After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. | 5.8 |
2018-02-02 | CVE-2016-0342 | IBM | Improper Access Control vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. | 5.5 |
2018-02-02 | CVE-2016-0300 | IBM | Improper Input Validation vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. | 5.5 |
2018-02-02 | CVE-2018-6544 | Artifex Debian | Uncontrolled Recursion vulnerability in multiple products pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | 5.5 |
2018-02-01 | CVE-2017-2293 | Puppet | Unspecified vulnerability in Puppet Enterprise Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. | 5.5 |
2018-02-01 | CVE-2014-9503 | Open Atrium Project | Permissions, Privileges, and Access Controls vulnerability in Open Atrium Project Open Atrium The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks. | 5.5 |
2018-01-31 | CVE-2017-18043 | Qemu Debian Canonical | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). | 5.5 |
2018-01-29 | CVE-2017-9513 | Atlassian | Missing Authorization vulnerability in Atlassian Activity Streams Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | 5.5 |
2018-01-31 | CVE-2017-15706 | Apache | Improperly Implemented Security Check for Standard vulnerability in Apache Tomcat As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. | 5.3 |
2018-02-03 | CVE-2018-6594 | Dlitz Debian Canonical | Inadequate Encryption Strength vulnerability in multiple products lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). | 5.0 |
2018-02-03 | CVE-2015-2186 | EDX | Improper Input Validation vulnerability in EDX Configuration and Edx-Platform The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. | 5.0 |
2018-02-03 | CVE-2009-5144 | MOD Gnutls Project | 7PK - Security Features vulnerability in MOD Gnutls Project MOD Gnutls mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. | 5.0 |
2018-02-02 | CVE-2016-0312 | IBM | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. | 5.0 |
2018-02-02 | CVE-2017-18038 | Atlassian | Path Traversal vulnerability in Atlassian Bitbucket The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | 5.0 |
2018-02-02 | CVE-2017-14178 | Snapcraft | Improper Handling of Exceptional Conditions vulnerability in Snapcraft Snapd In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions. | 5.0 |
2018-02-02 | CVE-2018-6526 | Mantisbt | Information Exposure vulnerability in Mantisbt view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. | 5.0 |
2018-02-02 | CVE-2018-6519 | Simplesamlphp Debian | Injection vulnerability in multiple products The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | 5.0 |
2018-02-01 | CVE-2014-9504 | Open Atrium Project | Improper Access Control vulnerability in Open Atrium Project Open Atrium The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. | 5.0 |
2018-02-01 | CVE-2018-6470 | Nibbleblog | Information Exposure vulnerability in Nibbleblog 4.0.5 Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. | 5.0 |
2018-01-31 | CVE-2014-1631 | Eventum Project | Permission Issues vulnerability in Eventum Project Eventum Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | 5.0 |
2018-01-31 | CVE-2018-6460 | Anchorfree | Information Exposure vulnerability in Anchorfree Hotspot Shield Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. | 5.0 |
2018-01-31 | CVE-2017-1000411 | Opendaylight | Improper Resource Shutdown or Release vulnerability in Opendaylight and Openflow OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. | 5.0 |
2018-01-31 | CVE-2018-6412 | Linux | Information Exposure vulnerability in Linux Kernel In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | 5.0 |
2018-01-30 | CVE-2018-6397 | Joomlacalendars | Path Traversal vulnerability in Joomlacalendars Picture Calendar 3.1.4 Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. | 5.0 |
2018-01-29 | CVE-2017-15133 | Miekg DNS Prject | Resource Exhaustion vulnerability in Miekg-Dns Prject Miekg-Dns A denial of service flaw was found in miekg-dns before 1.0.4. | 5.0 |
2018-01-29 | CVE-2017-14698 | Asus | Improper Authentication vulnerability in Asus products ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | 5.0 |
2018-01-29 | CVE-2018-6008 | Joomlatag | Information Exposure vulnerability in Joomlatag Jtag Members Directory 5.3.7 Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | 5.0 |
2018-02-02 | CVE-2018-6319 | Sophos | NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. | 4.9 |
2018-02-02 | CVE-2016-0329 | IBM | Open Redirect vulnerability in IBM Emptoris Sourcing Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |
2018-02-02 | CVE-2018-6536 | Icinga | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 4.9 |
2018-02-01 | CVE-2014-3519 | Openvz | Improper Access Control vulnerability in Openvz Vzkernel 2.6.32 The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | 4.9 |
2018-01-31 | CVE-2017-16858 | Atlassian | Improper Authentication vulnerability in Atlassian Crowd The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. | 4.9 |
2018-02-04 | CVE-2018-6606 | Malwarefox | Incorrect Permission Assignment for Critical Resource vulnerability in Malwarefox Antimalware 2.74.0.150 An issue was discovered in MalwareFox AntiMalware 2.74.0.150. | 4.6 |
2018-02-03 | CVE-2018-6593 | Malwarefox | Incorrect Permission Assignment for Critical Resource vulnerability in Malwarefox Antimalware 2.74.0.150 An issue was discovered in MalwareFox AntiMalware 2.74.0.150. | 4.6 |
2018-02-02 | CVE-2014-1834 | Echor Project | Command Injection vulnerability in Echor Project Echor 0.1.6 The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | 4.6 |
2018-02-02 | CVE-2018-6560 | Flatpak Redhat | Interpretation Conflict vulnerability in multiple products In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. | 4.6 |
2018-01-31 | CVE-2017-8916 | Cisecurity | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Cisecurity Cis-Cat PRO Dashboard In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access. | 4.6 |
2018-01-30 | CVE-2018-5441 | Phoenixcontact | Improper Input Validation vulnerability in Phoenixcontact products An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. | 4.6 |
2018-02-04 | CVE-2018-6616 | Uclouvain Debian Canonical Oracle | Resource Exhaustion vulnerability in multiple products In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. | 4.3 |
2018-02-04 | CVE-2018-6612 | Jhead Project | Integer Underflow (Wrap or Wraparound) vulnerability in Jhead Project Jhead 3.0 An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. | 4.3 |
2018-02-04 | CVE-2017-17703 | Synacor | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS. | 4.3 |
2018-02-02 | CVE-2018-5261 | Flexense | Missing Encryption of Sensitive Data vulnerability in Flexense Diskboss An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. | 4.3 |
2018-02-02 | CVE-2015-2796 | Projectpier | Cross-site Scripting vulnerability in Projectpier 0.8.8 Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php. | 4.3 |
2018-02-02 | CVE-2018-6561 | Dojotoolkit | Cross-site Scripting vulnerability in Dojotoolkit Dojo 1.13.0 dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. | 4.3 |
2018-02-02 | CVE-2017-18121 | Simplesamlphp Debian | Cross-site Scripting vulnerability in multiple products The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. | 4.3 |
2018-02-02 | CVE-2017-18086 | Atlassian | Cross-site Scripting vulnerability in Atlassian Confluence Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | 4.3 |
2018-02-02 | CVE-2017-18085 | Atlassian | Cross-site Scripting vulnerability in Atlassian Confluence The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | 4.3 |
2018-02-02 | CVE-2017-18081 | Atlassian | Cross-site Scripting vulnerability in Atlassian Bamboo The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | 4.3 |
2018-02-02 | CVE-2017-18039 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | 4.3 |
2018-02-02 | CVE-2018-6545 | Ipswitch | Cross-site Scripting vulnerability in Ipswitch Moveit 8.1 Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. | 4.3 |
2018-02-02 | CVE-2018-6542 | Zziplib Project | Unspecified vulnerability in Zziplib Project Zziplib 0.13.67 In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. | 4.3 |
2018-02-02 | CVE-2018-6541 | Zziplib Project Canonical | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). | 4.3 |
2018-02-02 | CVE-2018-6540 | Zziplib Project Canonical | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. | 4.3 |
2018-02-01 | CVE-2018-0511 | Meowapps | Cross-site Scripting vulnerability in Meowapps WP Retina 2X Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2018-02-01 | CVE-2018-0508 | Kkcald Project | Cross-site Scripting vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21 Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2018-02-01 | CVE-2018-6484 | Zziplib Project Canonical | In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. | 4.3 |
2018-01-31 | CVE-2018-6465 | WP Property Hive | Cross-site Scripting vulnerability in Wp-Property-Hive Propertyhive The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. | 4.3 |
2018-01-31 | CVE-2018-6464 | Mycolorway | Cross-site Scripting vulnerability in Mycolorway Simditor 2.3.11 Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1. | 4.3 |
2018-01-31 | CVE-2017-1773 | IBM | Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. | 4.3 |
2018-01-30 | CVE-2018-6405 | Imagemagick Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. | 4.3 |
2018-01-30 | CVE-2018-6380 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | 4.3 |
2018-01-30 | CVE-2018-6379 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | 4.3 |
2018-01-30 | CVE-2018-6377 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | 4.3 |
2018-01-30 | CVE-2018-6355 | Iball | Cross-site Scripting vulnerability in Iball Ib-Wrb302N Firmware 1.0.1Sep82017 /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. | 4.3 |
2018-01-29 | CVE-2018-6392 | Ffmpeg Debian | Out-of-bounds Read vulnerability in multiple products The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. | 4.3 |
2018-01-29 | CVE-2018-6390 | WPS | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in WPS Office 10.1.0.7106/10.2.0.5978 The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. | 4.3 |
2018-01-29 | CVE-2018-6381 | Zziplib Project Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. | 4.3 |
2018-01-29 | CVE-2017-14190 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. | 4.3 |
2018-02-02 | CVE-2017-18037 | Atlassian | Path Traversal vulnerability in Atlassian Bitbucket The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag. | 4.0 |
2018-02-02 | CVE-2017-18036 | Atlassian | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | 4.0 |
2018-02-02 | CVE-2017-18035 | Atlassian | Missing Authorization vulnerability in Atlassian Crucible and Fisheye The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. | 4.0 |
2018-02-01 | CVE-2017-2296 | Puppet | Improper Input Validation vulnerability in Puppet Enterprise 2017.1.0/2017.1.1/2017.2.1 In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. | 4.0 |
2018-01-31 | CVE-2017-15656 | Asus | Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | 4.0 |
2018-01-29 | CVE-2017-1000355 | Jenkins | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | 4.0 |
2018-01-29 | CVE-2017-14699 | Asus | XXE vulnerability in Asus products Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. | 4.0 |
17 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-02-04 | CVE-2017-8783 | Synacor | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS. | 3.5 |
2018-02-02 | CVE-2016-0311 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Business Service Manager 6.1.0/6.1.1 Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2018-02-02 | CVE-2016-0303 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Integrated Portal Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2018-02-02 | CVE-2017-18084 | Atlassian | Cross-site Scripting vulnerability in Atlassian Confluence The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | 3.5 |
2018-02-02 | CVE-2017-18083 | Atlassian | Cross-site Scripting vulnerability in Atlassian Confluence The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | 3.5 |
2018-02-02 | CVE-2017-18082 | Atlassian | Cross-site Scripting vulnerability in Atlassian Bamboo The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | 3.5 |
2018-02-02 | CVE-2017-18041 | Atlassian | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 3.5 |
2018-02-02 | CVE-2017-18040 | Atlassian | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 3.5 |
2018-02-02 | CVE-2017-18034 | Atlassian | Cross-site Scripting vulnerability in Atlassian Crucible The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch. | 3.5 |
2018-02-02 | CVE-2018-6550 | Monstra | Cross-site Scripting vulnerability in Monstra Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | 3.5 |
2018-01-30 | CVE-2018-6194 | Splashing Images Project | Cross-site Scripting vulnerability in Splashing Images Project Splashing Images 1.0/2.0/2.1 A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php. | 3.5 |
2018-01-30 | CVE-2018-6382 | Mantisbt | SQL Injection vulnerability in Mantisbt 2.10.0 MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. | 3.3 |
2018-02-02 | CVE-2014-1835 | Echor Project | Credentials Management vulnerability in Echor Project Echor 0.1.6 The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | 2.1 |
2018-01-29 | CVE-2017-1784 | IBM Netapp | Information Exposure vulnerability in multiple products IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. | 2.1 |
2018-01-29 | CVE-2017-1783 | IBM Netapp | Improper Authentication vulnerability in multiple products IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. | 2.1 |
2018-01-29 | CVE-2017-1779 | IBM Netapp | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. | 2.1 |
2018-01-31 | CVE-2017-16911 | Linux | Information Exposure vulnerability in Linux Kernel The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. | 1.9 |