Weekly Vulnerabilities Reports > February 12 to 18, 2018

Overview

524 new vulnerabilities reported during this period, including 122 critical vulnerabilities and 100 high severity vulnerabilities. This weekly summary report vulnerabilities in 480 products from 105 vendors including HP, Huawei, Microsoft, SAP, and Google. Vulnerabilities are notably categorized as "Improper Input Validation", "Information Exposure", "SQL Injection", "Cross-site Scripting", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 452 reported vulnerabilities are remotely exploitables.
  • 76 reported vulnerabilities have public exploit available.
  • 126 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 353 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 184 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 99 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

122 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-02-15 CVE-2017-8981 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.

10.0
2018-02-15 CVE-2017-8976 HP Improper Input Validation vulnerability in HP Moonshot Provisioning Manager Appliance 1.20

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

10.0
2018-02-15 CVE-2017-8975 HP Improper Input Validation vulnerability in HP Moonshot Provisioning Manager Appliance 1.20

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

10.0
2018-02-15 CVE-2017-8957 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.2

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

10.0
2018-02-15 CVE-2017-8956 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-8954 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.2

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

10.0
2018-02-15 CVE-2017-8948 HP Unspecified vulnerability in HP Network Node Manager I

A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

10.0
2018-02-15 CVE-2017-8947 HP Path Traversal vulnerability in HP Ucmdb Configuration Manager

A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.

10.0
2018-02-15 CVE-2017-5824 HP Multiple Security vulnerability in ClearPass Policy Manager

An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

10.0
2018-02-15 CVE-2017-5823 HP Unspecified vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-5821 HP Unspecified vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-5820 HP Unspecified vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-5819 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-5817 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-5816 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-5815 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

10.0
2018-02-15 CVE-2017-5814 HP SQL Injection vulnerability in HP Network Automation

A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

10.0
2018-02-15 CVE-2017-5807 HP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Data Protector

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

10.0
2018-02-15 CVE-2017-5806 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.2

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

10.0
2018-02-15 CVE-2017-5805 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.2

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

10.0
2018-02-15 CVE-2017-5804 HP Integer Overflow or Wraparound vulnerability in HP Intelligent Management Center 7.2

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

10.0
2018-02-15 CVE-2017-5802 HP Remote Privilege Escalation vulnerability in HP Vertica Analytics Platform

A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.

10.0
2018-02-15 CVE-2017-5790 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.2

A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

10.0
2018-02-15 CVE-2017-12561 HP Access of Uninitialized Pointer vulnerability in HP Intelligent Management Center

A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.

10.0
2018-02-15 CVE-2017-12558 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

10.0
2018-02-15 CVE-2017-12557 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

10.0
2018-02-15 CVE-2017-12556 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

10.0
2018-02-15 CVE-2017-12542 HP Unspecified vulnerability in HP Integrated Lights-Out 4 Firmware

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.

10.0
2018-02-15 CVE-2016-8519 HP Deserialization of Untrusted Data vulnerability in HP Operations Orchestration

A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.

10.0
2018-02-13 CVE-2018-6911 Advantech OS Command Injection vulnerability in Advantech Webaccess 8.3.0

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).

10.0
2018-02-13 CVE-2018-6292 Hyland Unspecified vulnerability in Hyland Saperion web Client 7.5.2

Remote Code Execution in Saperion Web Client version 7.5.2 83166.

10.0
2018-02-12 CVE-2017-13229 Google Improper Input Validation vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (n/a).

10.0
2018-02-16 CVE-2018-7186 Leptonica
Debian
Out-of-bounds Write vulnerability in multiple products

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.

9.8
2018-02-14 CVE-2018-1287 Apache Unspecified vulnerability in Apache Jmeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host.

9.8
2018-02-13 CVE-2018-1297 Apache Cleartext Transmission of Sensitive Information vulnerability in Apache Jmeter

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection.

9.8
2018-02-16 CVE-2018-7187 Golang
Debian
OS Command Injection vulnerability in multiple products

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

9.3
2018-02-15 CVE-2017-8984 HP Unspecified vulnerability in HP Intelligent Management Center 7.3

A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.

9.3
2018-02-15 CVE-2017-8958 HP Unspecified vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found.

9.3
2018-02-15 CVE-2017-5796 HP Cross-Site Request Forgery (CSRF) vulnerability in HP products

A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.

9.3
2018-02-15 CVE-2018-0866 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

9.3
2018-02-15 CVE-2018-0861 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

9.3
2018-02-15 CVE-2018-0858 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

9.3
2018-02-15 CVE-2018-0852 Microsoft Out-of-bounds Write vulnerability in Microsoft Office and Outlook

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability".

9.3
2018-02-15 CVE-2018-0851 Microsoft Out-of-bounds Write vulnerability in Microsoft Office, Office Word Viewer and Outlook

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability".

9.3
2018-02-15 CVE-2018-0841 Microsoft Unspecified vulnerability in Microsoft Office 2016

Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"

9.3
2018-02-15 CVE-2018-0840 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge and Internet Explorer

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

9.3
2018-02-15 CVE-2018-0834 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

9.3
2018-02-12 CVE-2017-13230 Google Out-of-bounds Write vulnerability in Google Android

In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value.

9.3
2018-02-12 CVE-2017-13228 Google Out-of-bounds Write vulnerability in Google Android

In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character.

9.3
2018-02-16 CVE-2017-14535 Netfortris OS Command Injection vulnerability in Netfortris Trixbox 2.8.0.4

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

9.0
2018-02-15 CVE-2017-8983 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

9.0
2018-02-15 CVE-2017-8967 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

9.0
2018-02-15 CVE-2017-8966 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

9.0
2018-02-15 CVE-2017-8965 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

9.0
2018-02-15 CVE-2017-8964 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

9.0
2018-02-15 CVE-2017-8963 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

9.0
2018-02-15 CVE-2017-8962 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3

A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

9.0
2018-02-15 CVE-2017-8961 HP Path Traversal vulnerability in HP Intelligent Management Center 7.3

A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.

9.0
2018-02-15 CVE-2017-5794 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.2

A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

9.0
2018-02-15 CVE-2017-5793 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.2

A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

9.0
2018-02-15 CVE-2017-12554 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found.

9.0
2018-02-15 CVE-2017-12541 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12540 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12539 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12538 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12537 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12536 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12535 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12534 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12533 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12532 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12531 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12530 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12529 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12528 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12527 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12526 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12525 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12524 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12523 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12522 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12521 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12520 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12519 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12518 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12517 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12516 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12515 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12514 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12513 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12512 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12511 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12510 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12509 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12508 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12507 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12506 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12505 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12504 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12503 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12502 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12501 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12500 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12499 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12498 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12497 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12496 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12495 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12494 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12493 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12492 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12491 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12490 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12489 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12488 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2017-12487 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found.

9.0
2018-02-15 CVE-2016-8523 HP Command Injection vulnerability in HP Smart Storage Administrator

A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.

9.0
2018-02-14 CVE-2017-6230 Ruckuswireless OS Command Injection vulnerability in Ruckuswireless products

Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems.

9.0
2018-02-14 CVE-2017-6229 Ruckuswireless OS Command Injection vulnerability in Ruckuswireless products

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

9.0
2018-02-13 CVE-2018-1383 IBM Unspecified vulnerability in IBM AIX

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine.

9.0
2018-02-12 CVE-2017-9970 Schneider Electric Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Struxureon Gateway 1.1.3

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior.

9.0
2018-02-12 CVE-2018-6926 Misp OS Command Injection vulnerability in Misp 2.4.87

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands.

9.0

100 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-02-12 CVE-2016-5397 Apache Command Injection vulnerability in Apache Thrift

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool.

8.8
2018-02-15 CVE-2017-8977 HP Improper Input Validation vulnerability in HP Moonshot Provisioning Manager Appliance 1.20

A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

8.5
2018-02-14 CVE-2018-2376 SAP Unspecified vulnerability in SAP Hana Extended Application Services 1.0

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.

8.1
2018-02-14 CVE-2018-2375 SAP Unspecified vulnerability in SAP Hana Extended Application Services 1.0

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.

8.1
2018-02-15 CVE-2017-8955 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.2

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

7.8
2018-02-15 CVE-2017-8944 HP Information Exposure vulnerability in HP Cloud Optimizer

A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.

7.8
2018-02-15 CVE-2017-5822 HP Unspecified vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

7.8
2018-02-15 CVE-2017-5818 HP Improper Input Validation vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

7.8
2018-02-15 CVE-2017-5811 HP Information Exposure vulnerability in HP Network Automation

A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

7.8
2018-02-15 CVE-2017-5808 HP Improper Input Validation vulnerability in HP Data Protector

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

7.8
2018-02-15 CVE-2017-5803 HP Information Exposure vulnerability in HP Nonstop Server Software

A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.

7.8
2018-02-15 CVE-2017-5797 HP Information Exposure vulnerability in HP Intelligent Management Center 7.3

A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.

7.8
2018-02-15 CVE-2017-12545 HP
Linux
Microsoft
NULL Pointer Dereference vulnerability in HP System Management Homepage

A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

7.8
2018-02-15 CVE-2017-17300 Huawei Improper Input Validation vulnerability in Huawei products

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability.

7.8
2018-02-15 CVE-2017-17165 Huawei Out-of-bounds Read vulnerability in Huawei products

IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability.

7.8
2018-02-15 CVE-2017-15348 Huawei Improper Input Validation vulnerability in Huawei products

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability.

7.8
2018-02-15 CVE-2017-15344 Huawei Integer Overflow or Wraparound vulnerability in Huawei Ar120-S Firmware, Ar1200 Firmware and Ar3200 Firmware

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability.

7.8
2018-02-15 CVE-2017-15343 Huawei Integer Overflow or Wraparound vulnerability in Huawei Ar120-S Firmware, Ar1200 Firmware and Ar3200 Firmware

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability.

7.8
2018-02-13 CVE-2018-6954 Systemd Project
Canonical
Opensuse
Link Following vulnerability in multiple products

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink.

7.8
2018-02-12 CVE-2017-13232 Google Information Exposure vulnerability in Google Android

In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated.

7.8
2018-02-15 CVE-2017-8946 HP Remote Code Execution vulnerability in HP Aruba Airwave Glass 1.0.0/1.0.1

A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.

7.6
2018-02-15 CVE-2018-0860 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0859 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0857 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0856 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0838 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0837 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0836 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0835 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2018-02-15 CVE-2018-0825 Microsoft Unspecified vulnerability in Microsoft products

StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability".

7.6
2018-02-18 CVE-2018-6024 Thethinkery SQL Injection vulnerability in Thethinkery Project LOG 1.5.3

SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.

7.5
2018-02-17 CVE-2018-7180 Saxum2003 SQL Injection vulnerability in Saxum2003 Astro 4.0.14

SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.

7.5
2018-02-17 CVE-2018-7179 Squadmanagement Project SQL Injection vulnerability in Squadmanagement Project Squadmanagement 1.0.3

SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.

7.5
2018-02-17 CVE-2018-7178 Saxum2003 SQL Injection vulnerability in Saxum2003 Saxum Picker 3.2.10

SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.

7.5
2018-02-17 CVE-2018-7177 Saxum2003 SQL Injection vulnerability in Saxum2003 Numerology 3.0.4

SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.

7.5
2018-02-17 CVE-2018-6585 Techjoomla SQL Injection vulnerability in Techjoomla Jticketing 2.0.16

SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.

7.5
2018-02-17 CVE-2018-6584 Dthdevelopment SQL Injection vulnerability in Dthdevelopment DT Register 3.2.7

SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.

7.5
2018-02-17 CVE-2018-6583 Quanticalabs SQL Injection vulnerability in Quanticalabs Timetable Responsive Schedule 1.5

SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.

7.5
2018-02-17 CVE-2018-6396 Google MAP Landkarten Project SQL Injection vulnerability in Google MAP Landkarten Project Google MAP Landkarten 4.2.3

SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

7.5
2018-02-17 CVE-2018-6394 Techjoomla SQL Injection vulnerability in Techjoomla Invitex 3.0.5

SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.

7.5
2018-02-17 CVE-2018-6373 Fastballproductions SQL Injection vulnerability in Fastballproductions Fastball 2.5.0

SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.

7.5
2018-02-17 CVE-2018-6372 Joombooking SQL Injection vulnerability in Joombooking JB BUS 2.3

SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.

7.5
2018-02-17 CVE-2018-6370 Neojoomla SQL Injection vulnerability in Neojoomla Neorecruit 4.1

SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.

7.5
2018-02-17 CVE-2018-6368 Comdev SQL Injection vulnerability in Comdev Jomestate PRO

SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.

7.5
2018-02-17 CVE-2018-6006 Joomsky SQL Injection vulnerability in Joomsky JS Autoz 1.0.9

SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.

7.5
2018-02-17 CVE-2018-6005 Realpin Project SQL Injection vulnerability in Realpin Project Realpin 1.5.04

SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.

7.5
2018-02-17 CVE-2018-6004 Techsolsystem SQL Injection vulnerability in Techsolsystem File Download Tracker 3.0

SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

7.5
2018-02-17 CVE-2018-5994 Joomsky SQL Injection vulnerability in Joomsky JS Jobs 1.1.9

SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.

7.5
2018-02-17 CVE-2018-5993 Aist Project SQL Injection vulnerability in Aist Project Aist 2.0

SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.

7.5
2018-02-17 CVE-2018-5992 Staff Master Project SQL Injection vulnerability in Staff Master Project Staff Master 1.0

SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.

7.5
2018-02-17 CVE-2018-5991 WEB Dorado SQL Injection vulnerability in Web-Dorado Form Maker 3.6.12

SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.

7.5
2018-02-17 CVE-2018-5990 Allvideos Reloaded Project SQL Injection vulnerability in Allvideos Reloaded Project Allvideos Reloaded

SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.

7.5
2018-02-17 CVE-2018-5989 Chillcreations SQL Injection vulnerability in Chillcreations Ccnewsletter

SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.

7.5
2018-02-17 CVE-2018-5987 Social Pinboard Project SQL Injection vulnerability in Social Pinboard Project Social Pinboard 2.0

SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.

7.5
2018-02-17 CVE-2018-5983 Jquickcontact Project SQL Injection vulnerability in Jquickcontact Project Jquickcontact 1.3.2.2.1

SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.

7.5
2018-02-17 CVE-2018-5982 Ordasoft SQL Injection vulnerability in Ordasoft Advertisement Board 3.1.0

SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.

7.5
2018-02-17 CVE-2018-5981 WEB Dorado SQL Injection vulnerability in Web-Dorado Gallery WD 1.3.6

SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.

7.5
2018-02-17 CVE-2018-5980 Solidres SQL Injection vulnerability in Solidres 2.5.1

SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

7.5
2018-02-17 CVE-2018-5975 Thekrotek SQL Injection vulnerability in Thekrotek Smart Shoutbox 3.0.0

SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.

7.5
2018-02-17 CVE-2018-5974 Albonico SQL Injection vulnerability in Albonico Simplecalendar 3.1.9

SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.

7.5
2018-02-17 CVE-2018-5971 Ordasoft SQL Injection vulnerability in Ordasoft Medialibrary 4.0.12

SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.

7.5
2018-02-17 CVE-2018-5970 Techjoomla SQL Injection vulnerability in Techjoomla Jgive 2.0.9

SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.

7.5
2018-02-15 CVE-2018-5767 Tendacn Improper Input Validation vulnerability in Tendacn Ac15 Firmware 15.03.1.16

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices.

7.5
2018-02-15 CVE-2017-8979 HP Unspecified vulnerability in HP Integrated Lights-Out 2 Firmware 2.29

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

7.5
2018-02-15 CVE-2017-8960 HP Unspecified vulnerability in HP products

An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.

7.5
2018-02-15 CVE-2017-5810 HP SQL Injection vulnerability in HP Network Automation

A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

7.5
2018-02-15 CVE-2017-5792 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

7.5
2018-02-15 CVE-2016-8512 HP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Loadrunner and Performance Center

A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.

7.5
2018-02-15 CVE-2016-8511 HP Deserialization of Untrusted Data vulnerability in HP Network Automation

A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.

7.5
2018-02-15 CVE-2011-4973 MOD NSS Project Improper Authentication vulnerability in MOD NSS Project MOD NSS 1.0.8

Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.

7.5
2018-02-15 CVE-2018-7054 Irssi
Canonical
Debian
Use After Free vulnerability in multiple products

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.

7.5
2018-02-15 CVE-2018-7053 Irssi
Debian
Canonical
Use After Free vulnerability in multiple products

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.

7.5
2018-02-15 CVE-2017-17301 Huawei Improper Certificate Validation vulnerability in Huawei products

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability.

7.5
2018-02-15 CVE-2018-5440 3S Software Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in 3S-Software Codesys Runtime System and Codesys web Server

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server.

7.5
2018-02-15 CVE-2017-18189 Sound Exchange Project
Debian
NULL Pointer Dereference vulnerability in multiple products

In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.

7.5
2018-02-15 CVE-2017-12726 Smiths Medical Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

7.5
2018-02-14 CVE-2018-7039 CCN Lite Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ccn-Lite 2.0.0

CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments.

7.5
2018-02-14 CVE-2017-18187 ARM
Debian
Integer Overflow or Wraparound vulnerability in multiple products

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.

7.5
2018-02-14 CVE-2018-2373 SAP Unspecified vulnerability in SAP Hana Extended Application Services 1.0

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

7.5
2018-02-13 CVE-2018-5459 Wago Improper Authentication vulnerability in Wago Pfc200 Firmware

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X.

7.5
2018-02-13 CVE-2018-6953 CCN Lite Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ccn-Lite 2.0.0

In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses.

7.5
2018-02-13 CVE-2018-6948 CCN Lite Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ccn-Lite 2.0.0

In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf.

7.5
2018-02-13 CVE-2018-6928 News Website Script Project SQL Injection vulnerability in News Website Script Project News Website Script 2.0.4

PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.

7.5
2018-02-13 CVE-2018-0488 ARM
Debian
Out-of-bounds Write vulnerability in multiple products

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

7.5
2018-02-13 CVE-2018-0487 ARM
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

7.5
2018-02-12 CVE-2018-6893 Finecms SQL Injection vulnerability in Finecms 5.2.0

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.

7.5
2018-02-12 CVE-2018-6863 Select Your College Script Project SQL Injection vulnerability in Select Your College Script Project Select Your College Script 2.0.2

SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.

7.5
2018-02-15 CVE-2016-8529 HP Improper Access Control vulnerability in HP Lefthand 12.5

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found.

7.3
2018-02-15 CVE-2017-17161 Huawei Improper Authentication vulnerability in Huawei Duke-L09 Firmware

The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability.

7.2
2018-02-15 CVE-2017-15351 Huawei Improper Authentication vulnerability in Huawei Honor V9 Play Firmware Jimmyal00Ac00B135

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability.

7.2
2018-02-13 CVE-2017-1714 IBM Unspecified vulnerability in IBM Client Application Access and Notes

IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege.

7.2
2018-02-12 CVE-2017-13231 Google Out-of-bounds Write vulnerability in Google Android 8.0/8.1

In libmediadrm, there is an out-of-bounds write due to improper input validation.

7.2
2018-02-12 CVE-2016-8742 Apache
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation.

7.2
2018-02-15 CVE-2017-5795 HP Information Exposure vulnerability in HP Intelligent Management Center 7.2

A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.

7.1
2018-02-15 CVE-2017-17160 Huawei Out-of-bounds Write vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data.

7.1
2018-02-15 CVE-2017-15347 Huawei Use After Free vulnerability in Huawei Mate 9 PRO Firmware Lonal00Bc00B235

Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability.

7.1
2018-02-15 CVE-2017-15330 Huawei Double Free vulnerability in Huawei Vicky-Al00A Firmware Vickyal00Ac00B124D/Vickyal00Ac00B157D/Vickyal00Ac00B167

The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability.

7.1
2018-02-12 CVE-2017-13234 Google Missing Release of Resource after Effective Lifetime vulnerability in Google Android

In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak.

7.1
2018-02-12 CVE-2017-13233 Google Resource Exhaustion vulnerability in Google Android

In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion.

7.1
2018-02-15 CVE-2018-0842 Microsoft Unspecified vulnerability in Microsoft products

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".

7.0

252 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-02-15 CVE-2018-0809 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

6.9
2018-02-15 CVE-2017-13273 Google Unspecified vulnerability in Google Android

In xt_qtaguid.c, there is a race condition due to insufficient locking.

6.9
2018-02-18 CVE-2018-7208 GNU
Redhat
Improper Input Validation vulnerability in multiple products

In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.

6.8
2018-02-16 CVE-2018-0516 Flets Untrusted Search Path vulnerability in Flets Address Selection Tool 4.0/6.0

Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2018-02-16 CVE-2018-0515 Flets Untrusted Search Path vulnerability in Flets Azukeru Backup Tool

Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2018-02-16 CVE-2018-7176 Frontaccounting Cross-Site Request Forgery (CSRF) vulnerability in Frontaccounting 2.4.3

FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).

6.8
2018-02-15 CVE-2017-5813 HP Security vulnerability in HP Network Automation

A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

6.8
2018-02-15 CVE-2017-5787 HP Denial of Service vulnerability in HP Version Control Repository Manager

A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found.

6.8
2018-02-15 CVE-2017-5781 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Matrix Operating Environment 7.6

A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.

6.8
2018-02-15 CVE-2017-12560 HP Path Traversal vulnerability in HP Intelligent Management Center 7.3

A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

6.8
2018-02-15 CVE-2017-12559 HP Path Traversal vulnerability in HP Intelligent Management Center 7.3

A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

6.8
2018-02-15 CVE-2017-12555 HP Information Exposure vulnerability in HP Intelligent Management Center 7.3

A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.

6.8
2018-02-15 CVE-2017-12725 Smiths Medical Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

6.8
2018-02-15 CVE-2017-12724 Smiths Medical Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

6.8
2018-02-15 CVE-2017-12720 Smiths Medical Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

6.8
2018-02-15 CVE-2017-12718 Smiths Medical Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

6.8
2018-02-13 CVE-2017-1711 IBM Untrusted Search Path vulnerability in IBM Client Application Access and Notes

IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory.

6.8
2018-02-18 CVE-2018-7217 Tejari Unrestricted Upload of File with Dangerous Type vulnerability in Tejari Bravo Solution

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side.

6.5
2018-02-18 CVE-2018-7206 Jupyter Unspecified vulnerability in Jupyter Oauthenticator

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3.

6.5
2018-02-15 CVE-2017-8959 HP Unspecified vulnerability in HP products

An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found.

6.5
2018-02-15 CVE-2017-5826 HP Multiple Security vulnerability in ClearPass Policy Manager

An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

6.5
2018-02-15 CVE-2017-5825 HP Multiple Security vulnerability in ClearPass Policy Manager

A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

6.5
2018-02-15 CVE-2017-5799 HP Injection vulnerability in HP Opencall Media Platform

A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found.

6.5
2018-02-15 CVE-2016-8534 HP Permissions, Privileges, and Access Controls vulnerability in HP Matrix Operating Environment 7.6

A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.

6.5
2018-02-15 CVE-2016-8533 HP Permissions, Privileges, and Access Controls vulnerability in HP Matrix Operating Environment 7.6

A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.

6.5
2018-02-15 CVE-2016-8528 Eucalyptus Permissions, Privileges, and Access Controls vulnerability in Eucalyptus

A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.

6.5
2018-02-15 CVE-2016-8520 Eucalyptus Permission Issues vulnerability in Eucalyptus

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs.

6.5
2018-02-15 CVE-2016-8515 HP Unrestricted Upload of File with Dangerous Type vulnerability in HP Version Control Repository Manager

A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found.

6.5
2018-02-15 CVE-2017-15089 Infinispan Deserialization of Untrusted Data vulnerability in Infinispan

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache.

6.5
2018-02-15 CVE-2017-15329 Huawei SQL Injection vulnerability in Huawei UMA Firmware V200R001C00

Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module.

6.5
2018-02-14 CVE-2017-1499 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM products

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server.

6.5
2018-02-14 CVE-2018-2395 SAP Unspecified vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.

6.5
2018-02-14 CVE-2018-2381 SAP Missing Authorization vulnerability in SAP ERP Financials Information System 2.0

SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

6.5
2018-02-14 CVE-2018-2379 SAP Information Exposure Through an Error Message vulnerability in SAP Hana Extended Application Services 1.0

In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.

6.5
2018-02-14 CVE-2018-2378 SAP Unspecified vulnerability in SAP Hana Extended Application Services 1.0

In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.

6.5
2018-02-14 CVE-2018-2377 SAP Unspecified vulnerability in SAP Hana Extended Application Services 1.0

In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.

6.5
2018-02-14 CVE-2018-2374 SAP Unspecified vulnerability in SAP Hana Extended Application Services 1.0

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.

6.5
2018-02-14 CVE-2018-2372 SAP Information Exposure Through Log Files vulnerability in SAP Hana Extended Application Services 1.0

A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.

6.5
2018-02-13 CVE-2017-15699 Apache Improper Input Validation vulnerability in Apache Qpid Dispatch 0.7.0/0.8.0

A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0.

6.5
2018-02-12 CVE-2017-18179 Progress Improper Authentication vulnerability in Progress Sitefinity 9.1

Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination.

6.5
2018-02-12 CVE-2018-6889 Typesettercms Code Injection vulnerability in Typesettercms Typesetter 5.1

An issue was discovered in Typesetter 5.1.

6.5
2018-02-12 CVE-2018-6860 Schools Alert Management Script Project Unrestricted Upload of File with Dangerous Type vulnerability in Schools Alert Management Script Project Schools Alert Management Script 2.0.2

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.

6.5
2018-02-15 CVE-2017-5785 HP Information Exposure vulnerability in HP Matrix Operating Environment 7.6

A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found.

6.4
2018-02-15 CVE-2018-0833 Microsoft NULL Pointer Dereference vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012

The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".

6.3
2018-02-15 CVE-2017-17159 Huawei Improper Input Validation vulnerability in Huawei Mt8-Emui4.1 Firmware and Nts-Al00 Firmware

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation.

6.1
2018-02-18 CVE-2018-7216 Tejari Cross-Site Request Forgery (CSRF) vulnerability in Tejari Bravo Solution

Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.

6.0
2018-02-15 CVE-2018-6316 Ivanti Incorrect Authorization vulnerability in Ivanti Endpoint Security 8.5

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.

6.0
2018-02-15 CVE-2016-8513 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Version Control Repository Manager

A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found.

6.0
2018-02-15 CVE-2017-18087 Atlassian Unspecified vulnerability in Atlassian Bitbucket

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.

6.0
2018-02-12 CVE-2018-6888 Typesettercms Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1

An issue was discovered in Typesetter 5.1.

6.0
2018-02-16 CVE-2018-6324 F Secure Open Redirect vulnerability in F-Secure Radar 3.9.1

F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.

5.8
2018-02-15 CVE-2017-8945 HP Open Redirect vulnerability in HP Icewall Federation Agent 3.0

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.

5.8
2018-02-15 CVE-2017-5784 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

5.8
2018-02-15 CVE-2017-5782 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

5.8
2018-02-15 CVE-2017-17285 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Lon-Al00B Firmware Lonal00Bc00

Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability.

5.8
2018-02-12 CVE-2017-9963 Schneider Electric Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Powerscada Anywhere 1.0

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests.

5.8
2018-02-12 CVE-2017-17723 Exiv2 Out-of-bounds Read vulnerability in Exiv2 0.26

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp.

5.8
2018-02-12 CVE-2017-18178 Progress Open Redirect vulnerability in Progress Sitefinity 9.1

Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax.

5.8
2018-02-15 CVE-2017-15345 Huawei Resource Exhaustion vulnerability in Huawei Lon-L29D Firmware Lonl29Dc721B186

Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability.

5.7
2018-02-15 CVE-2017-5828 HP XXE vulnerability in HP Aruba Clearpass Policy Manager

An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

5.5
2018-02-15 CVE-2017-12553 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-12552 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-12551 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-12550 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-12549 HP
Linux
Microsoft
Improper Authentication vulnerability in HP System Management Homepage

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-12548 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-12547 HP
Linux
Microsoft
Unspecified vulnerability in HP System Management Homepage

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-12546 HP
Linux
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP System Management Homepage

A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.5
2018-02-15 CVE-2017-17186 Huawei Improper Input Validation vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a DoS vulnerability.

5.5
2018-02-15 CVE-2014-0014 Emberjs Cross-site Scripting vulnerability in Emberjs Ember.Js

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.

5.4
2018-02-15 CVE-2014-0013 Emberjs Cross-site Scripting vulnerability in Emberjs Ember.Js

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.

5.4
2018-02-16 CVE-2018-6218 Trendmicro Untrusted Search Path vulnerability in Trendmicro products

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.

5.1
2018-02-14 CVE-2018-7032 Myrepos Project Injection vulnerability in Myrepos Project Myrepos

webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack.

5.1
2018-02-18 CVE-2018-7212 Sinatrarb
Microsoft
Path Traversal vulnerability in Sinatrarb Sinatra 2.0.0/2.0.1

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows.

5.0
2018-02-18 CVE-2018-7210 Idashboards Information Exposure vulnerability in Idashboards

An issue was discovered in iDashboards 9.6b.

5.0
2018-02-18 CVE-2018-7209 Idashboards Information Exposure vulnerability in Idashboards

An issue was discovered in iDashboards 9.6b.

5.0
2018-02-16 CVE-2017-18190 Apple
Debian
Canonical
Authentication Bypass by Spoofing vulnerability in multiple products

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding.

5.0
2018-02-16 CVE-2018-1000068 Jenkins
Oracle
Information Exposure vulnerability in multiple products

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

5.0
2018-02-16 CVE-2018-1000067 Jenkins
Oracle
Server-Side Request Forgery (SSRF) vulnerability in multiple products

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

5.0
2018-02-15 CVE-2017-8982 HP Unspecified vulnerability in HP Intelligent Management Center 7.3

A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

5.0
2018-02-15 CVE-2017-8980 HP Information Exposure vulnerability in HP Intelligent Management Center 7.3

A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

5.0
2018-02-15 CVE-2017-8970 HP Information Exposure vulnerability in HP Matrix Operating Environment 7.6

A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

5.0
2018-02-15 CVE-2017-8952 HP Information Exposure vulnerability in HP Sitescope

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

5.0
2018-02-15 CVE-2017-5812 HP SQL Injection vulnerability in HP Network Automation

A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

5.0
2018-02-15 CVE-2017-5801 HP Information Exposure vulnerability in HP Business Process Monitor

A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.

5.0
2018-02-15 CVE-2017-5783 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

5.0
2018-02-15 CVE-2016-8531 HP Information Exposure vulnerability in HP Matrix Operating Environment 7.6

A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.

5.0
2018-02-15 CVE-2016-8530 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found.

5.0
2018-02-15 CVE-2016-8525 HP Information Exposure vulnerability in HP Intelligent Management Center

A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found.

5.0
2018-02-15 CVE-2016-8518 HP Denial of Service vulnerability in HP Systems Insight Manager

A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

5.0
2018-02-15 CVE-2016-8516 HP Unspecified vulnerability in HP Systems Insight Manager

A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

5.0
2018-02-15 CVE-2018-7169 Shadow Project Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.5

An issue was discovered in shadow 4.5.

5.0
2018-02-15 CVE-2018-7052 Irssi
Canonical
Debian
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.

5.0
2018-02-15 CVE-2018-7051 Irssi
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.

5.0
2018-02-15 CVE-2018-7050 Irssi
Debian
Canonical
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.

5.0
2018-02-15 CVE-2018-1041 Jboss
Redhat
Infinite Loop vulnerability in multiple products

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer.

5.0
2018-02-15 CVE-2017-17299 Huawei Improper Input Validation vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability.

5.0
2018-02-15 CVE-2017-17298 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, ViewPoint 9030 V100R011C02, V100R011C03 have a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-17297 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-17296 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a memory leak vulnerability.

5.0
2018-02-15 CVE-2017-17295 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-17290 Huawei Resource Exhaustion vulnerability in Huawei Te60 Firmware and Viewpoint 9030 Firmware

The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability.

5.0
2018-02-15 CVE-2017-17288 Huawei Integer Overflow or Wraparound vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability.

5.0
2018-02-15 CVE-2017-17287 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound read vulnerability in some Huawei products.

5.0
2018-02-15 CVE-2017-17286 Huawei Out-of-bounds Write vulnerability in Huawei products

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound write vulnerability.

5.0
2018-02-15 CVE-2017-17284 Huawei Unspecified vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability.

5.0
2018-02-15 CVE-2017-17283 Huawei Improper Input Validation vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability.

5.0
2018-02-15 CVE-2017-17202 Huawei Out-of-bounds Read vulnerability in Huawei products

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability due to insufficient input validation.

5.0
2018-02-15 CVE-2017-17166 Huawei Resource Exhaustion vulnerability in Huawei products

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability.

5.0
2018-02-15 CVE-2017-17164 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei Secospace Antiddos8000 Firmware V500R001C20Spc500

Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function.

5.0
2018-02-15 CVE-2017-17157 Huawei Improper Input Validation vulnerability in Huawei products

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation.

5.0
2018-02-15 CVE-2017-17156 Huawei Improper Input Validation vulnerability in Huawei products

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation.

5.0
2018-02-15 CVE-2017-17155 Huawei Out-of-bounds Write vulnerability in Huawei products

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU.

5.0
2018-02-15 CVE-2017-17154 Huawei Improper Input Validation vulnerability in Huawei products

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a DoS vulnerability due to insufficient input validation.

5.0
2018-02-15 CVE-2017-17153 Huawei Improper Input Validation vulnerability in Huawei products

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a memory leak vulnerability due to memory release failure resulted from insufficient input validation.

5.0
2018-02-15 CVE-2017-15356 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-15355 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-15354 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-15350 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-15349 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei products

Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability.

5.0
2018-02-15 CVE-2017-15342 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability.

5.0
2018-02-15 CVE-2017-15341 Huawei Improper Certificate Validation vulnerability in Huawei products

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability.

5.0
2018-02-15 CVE-2017-15336 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-15335 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-15334 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability.

5.0
2018-02-15 CVE-2017-15332 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have a memory leak vulnerability in H323 protocol.

5.0
2018-02-15 CVE-2017-15331 Huawei Out-of-bounds Read vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have an out-of-bounds read vulnerability in H323 protocol.

5.0
2018-02-15 CVE-2018-7056 Steelcase Information Exposure vulnerability in Steelcase Roomwizard Firmware

RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.

5.0
2018-02-15 CVE-2018-7055 Steelcase Server-Side Request Forgery (SSRF) vulnerability in Steelcase Roomwizard Firmware

GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.

5.0
2018-02-15 CVE-2017-12722 Smiths Medical Out-of-bounds Read vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

5.0
2018-02-14 CVE-2018-7034 Trendnet Improper Authentication vulnerability in Trendnet products

TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.

5.0
2018-02-14 CVE-2018-2394 SAP Unspecified vulnerability in SAP Internet Graphics Server

Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.

5.0
2018-02-14 CVE-2018-2393 SAP XXE vulnerability in SAP Internet Graphics Server

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

5.0
2018-02-14 CVE-2018-2392 SAP XXE vulnerability in SAP Internet Graphics Server

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

5.0
2018-02-14 CVE-2018-2370 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP BI Launchpad 4.10/4.20/4.30

Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.

5.0
2018-02-14 CVE-2018-2369 SAP Unspecified vulnerability in SAP Hana 1.00/2.00

Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted.

5.0
2018-02-13 CVE-2018-6910 Dedecms Exposure of Resource to Wrong Sphere vulnerability in Dedecms 5.7

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.

5.0
2018-02-13 CVE-2018-6952 GNU Double Free vulnerability in GNU Patch

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

5.0
2018-02-13 CVE-2018-6951 GNU
Canonical
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in GNU patch through 2.7.6.

5.0
2018-02-13 CVE-2018-6293 Hyland Information Exposure vulnerability in Hyland Saperion web Client 7.5.2

Arbitrary File Read in Saperion Web Client version 7.5.2 83166.

5.0
2018-02-12 CVE-2017-13246 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Upstream kernel network driver.

5.0
2018-02-12 CVE-2017-13243 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android system (ui).

5.0
2018-02-12 CVE-2017-13242 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android system (bluetooth).

5.0
2018-02-12 CVE-2017-13241 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc).

5.0
2018-02-12 CVE-2017-13240 Google Information Exposure vulnerability in Google Android 8.0/8.1

A information disclosure vulnerability in the Android framework (crypto framework).

5.0
2018-02-12 CVE-2017-13239 Google Information Exposure vulnerability in Google Android 8.0

A information disclosure vulnerability in the Android framework (ui framework).

5.0
2018-02-12 CVE-2016-9570 Carbonblack NULL Pointer Dereference vulnerability in Carbonblack Carbon Black 5.1.1.60603

cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.

5.0
2018-02-12 CVE-2018-6881 Dedecms
Phome
Information Exposure vulnerability in multiple products

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.

5.0
2018-02-12 CVE-2018-6880 Phome Exposure of Resource to Wrong Sphere vulnerability in Phome Empirecms 6.6/7.0/7.2

EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.

5.0
2018-02-15 CVE-2017-8978 HP Information Exposure vulnerability in HP Icewall Mcrp, Icewall MFA and Icewall SSO

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found.

4.9
2018-02-15 CVE-2017-5809 HP Permission Issues vulnerability in HP Data Protector

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

4.9
2018-02-15 CVE-2017-5788 HP Information Exposure vulnerability in HP Nonstop Server Software

A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.

4.9
2018-02-12 CVE-2016-9569 Carbonblack Out-of-bounds Read vulnerability in Carbonblack Carbon Black 5.1.1.60603

The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.

4.9
2018-02-12 CVE-2017-13238 Google Information Exposure vulnerability in Google Android

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device.

4.7
2018-02-15 CVE-2017-8985 HP Information Exposure vulnerability in HP XP Storage Hitachi Global Link Manager

HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.

4.6
2018-02-15 CVE-2017-8951 HP Information Exposure vulnerability in HP Sitescope

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

4.6
2018-02-15 CVE-2017-5829 HP Multiple Security vulnerability in ClearPass Policy Manager

An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

4.6
2018-02-15 CVE-2018-0846 Microsoft Unspecified vulnerability in Microsoft products

The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability".

4.6
2018-02-15 CVE-2018-0844 Microsoft Unspecified vulnerability in Microsoft products

The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability".

4.6
2018-02-15 CVE-2018-0831 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".

4.6
2018-02-15 CVE-2018-0828 Microsoft Insufficiently Protected Credentials vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".

4.6
2018-02-15 CVE-2018-0827 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability".

4.6
2018-02-15 CVE-2018-0820 Microsoft Unspecified vulnerability in Microsoft products

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability".

4.6
2018-02-15 CVE-2018-0756 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".

4.6
2018-02-15 CVE-2018-0742 Microsoft Unspecified vulnerability in Microsoft products

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".

4.6
2018-02-13 CVE-2017-1720 IBM Command Injection vulnerability in IBM Client Application Access and Notes

IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC.

4.6
2018-02-12 CVE-2017-9967 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/9.0

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior.

4.6
2018-02-12 CVE-2018-6927 Linux
Canonical
Debian
Redhat
Integer Overflow or Wraparound vulnerability in Linux Kernel

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

4.6
2018-02-12 CVE-2017-13247 Google Missing Authorization vulnerability in Google Android

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock.

4.6
2018-02-12 CVE-2017-13245 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Upstream kernel audio driver.

4.6
2018-02-12 CVE-2017-13244 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Upstream kernel easel.

4.6
2018-02-12 CVE-2017-13236 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0/8.1

In the KeyStore service, there is a permissions bypass that allows access to protected resources.

4.6
2018-02-15 CVE-2018-0826 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".

4.4
2018-02-15 CVE-2018-0823 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".

4.4
2018-02-15 CVE-2018-0822 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".

4.4
2018-02-15 CVE-2018-0821 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".

4.4
2018-02-12 CVE-2018-1214 Dell
Microsoft
Use of Hard-coded Credentials vulnerability in Dell EMC Supportassist Enterprise 1.1

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process.

4.4
2018-02-18 CVE-2018-7211 Idashboards Use of a Broken or Risky Cryptographic Algorithm vulnerability in Idashboards

An issue was discovered in iDashboards 9.6b.

4.3
2018-02-18 CVE-2018-7198 Octobercms Cross-site Scripting vulnerability in Octobercms October

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.

4.3
2018-02-18 CVE-2018-7197 Pluck CMS Cross-site Scripting vulnerability in Pluck-Cms Pluck

An issue was discovered in Pluck through 4.7.4.

4.3
2018-02-16 CVE-2018-3609 Trendmicro Information Exposure Through Log Files vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.

4.3
2018-02-16 CVE-2018-1049 Systemd Project
Redhat
Canonical
Debian
Race Condition vulnerability in multiple products

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang.

4.3
2018-02-16 CVE-2017-18090 Atlassian Cross-site Scripting vulnerability in Atlassian Fisheye 4.5.0

Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

4.3
2018-02-16 CVE-2018-6944 Ultimatemember Cross-site Scripting vulnerability in Ultimatemember Ultimate Member 2.0

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

4.3
2018-02-16 CVE-2018-6943 Ultimatemember Cross-site Scripting vulnerability in Ultimatemember 2.0

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

4.3
2018-02-16 CVE-2018-6189 F Secure Cross-site Scripting vulnerability in F-Secure Radar 3.9.1

F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.

4.3
2018-02-15 CVE-2017-5798 HP Cross-site Scripting vulnerability in HP Opencall Media Platform

A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found.

4.3
2018-02-15 CVE-2017-5780 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

4.3
2018-02-15 CVE-2016-8521 HP Improper Input Validation vulnerability in HP Diagnostics 9.24/9.26

A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.

4.3
2018-02-15 CVE-2016-8517 HP Cross-site Scripting vulnerability in HP Systems Insight Manager

A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

4.3
2018-02-15 CVE-2018-7175 Xpdfreader NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00

An issue was discovered in xpdf 4.00.

4.3
2018-02-15 CVE-2018-7174 Xpdfreader Infinite Loop vulnerability in Xpdfreader Xpdf 4.00

An issue was discovered in xpdf 4.00.

4.3
2018-02-15 CVE-2018-7173 Xpdfreader Encoding Error vulnerability in Xpdfreader Xpdf 4.00

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.

4.3
2018-02-15 CVE-2017-17201 Huawei Improper Input Validation vulnerability in Huawei products

Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability.

4.3
2018-02-15 CVE-2017-17152 Huawei Improper Input Validation vulnerability in Huawei products

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation.

4.3
2018-02-15 CVE-2017-17151 Huawei Improper Input Validation vulnerability in Huawei products

Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability.

4.3
2018-02-15 CVE-2017-15353 Huawei Out-of-bounds Read vulnerability in Huawei products

Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability.

4.3
2018-02-15 CVE-2017-15346 Huawei Improper Input Validation vulnerability in Huawei products

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability.

4.3
2018-02-15 CVE-2017-15340 Huawei Unspecified vulnerability in Huawei Tag-Al00 Firmware Tagal00C92B168

Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability.

4.3
2018-02-15 CVE-2017-15339 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability.

4.3
2018-02-15 CVE-2017-15338 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability.

4.3
2018-02-15 CVE-2017-15337 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability.

4.3
2018-02-15 CVE-2017-15333 Huawei Improper Input Validation vulnerability in Huawei products

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability.

4.3
2018-02-15 CVE-2017-18088 Atlassian Improper Input Validation vulnerability in Atlassian Bitbucket

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.

4.3
2018-02-15 CVE-2018-7057 Steelcase Cross-site Scripting vulnerability in Steelcase Roomwizard Firmware

RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.

4.3
2018-02-15 CVE-2017-12723 Smiths Medical Information Exposure vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

4.3
2018-02-15 CVE-2017-12721 Smiths Medical Improper Certificate Validation vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.

4.3
2018-02-15 CVE-2018-0855 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".

4.3
2018-02-15 CVE-2018-0853 Microsoft Improper Initialization vulnerability in Microsoft Office 2010/2013/2016

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".

4.3
2018-02-15 CVE-2018-0850 Microsoft Unspecified vulnerability in Microsoft Office and Outlook

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".

4.3
2018-02-15 CVE-2018-0847 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".

4.3
2018-02-15 CVE-2018-0839 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

4.3
2018-02-15 CVE-2018-0771 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass".

4.3
2018-02-14 CVE-2018-2388 SAP Cross-site Scripting vulnerability in SAP Internet Graphics Server

Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.

4.3
2018-02-14 CVE-2018-2383 SAP Cross-site Scripting vulnerability in SAP Internet Graphics Server

Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.

4.3
2018-02-14 CVE-2018-2371 SAP Cross-site Scripting vulnerability in SAP Netweaver Java web Application 7.50

The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.

4.3
2018-02-14 CVE-2018-2364 SAP Cross-site Scripting vulnerability in SAP products

SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.

4.3
2018-02-13 CVE-2017-18186 Qpdf Project Infinite Loop vulnerability in Qpdf Project Qpdf

An issue was discovered in QPDF before 7.0.0.

4.3
2018-02-13 CVE-2017-18185 Qpdf Project Out-of-bounds Read vulnerability in Qpdf Project Qpdf

An issue was discovered in QPDF before 7.0.0.

4.3
2018-02-13 CVE-2017-18184 Qpdf Project Out-of-bounds Read vulnerability in Qpdf Project Qpdf

An issue was discovered in QPDF before 7.0.0.

4.3
2018-02-13 CVE-2017-18183 Qpdf Project Infinite Loop vulnerability in Qpdf Project Qpdf

An issue was discovered in QPDF before 7.0.0.

4.3
2018-02-13 CVE-2016-10713 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Patch

An issue was discovered in GNU patch before 2.7.6.

4.3
2018-02-13 CVE-2015-9252 Qpdf Project Resource Management Errors vulnerability in Qpdf Project Qpdf

An issue was discovered in QPDF before 7.0.0.

4.3
2018-02-13 CVE-2018-6942 Freetype
Canonical
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in FreeType 2 through 2.9.

4.3
2018-02-13 CVE-2018-6930 Imagemagick Out-of-bounds Read vulnerability in Imagemagick 7.0.722

A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.

4.3
2018-02-12 CVE-2017-9968 Schneider Electric Improper Certificate Validation vulnerability in Schneider-Electric Igss Mobile

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

4.3
2018-02-12 CVE-2017-17725 Exiv2 Integer Overflow or Wraparound vulnerability in Exiv2 0.26

In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp.

4.3
2018-02-12 CVE-2017-17724 Exiv2 Out-of-bounds Read vulnerability in Exiv2 0.26

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case.

4.3
2018-02-12 CVE-2017-17722 Exiv2 Reachable Assertion vulnerability in Exiv2 0.26

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.

4.3
2018-02-12 CVE-2017-13235 Google NULL Pointer Dereference vulnerability in Google Android

A other vulnerability in the Android media framework (n/a).

4.3
2018-02-12 CVE-2018-6845 OLX Clone Script Project Cross-site Scripting vulnerability in OLX Clone Script Project OLX Clone Script 2.0.6

PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.

4.3
2018-02-12 CVE-2018-6912 Ffmpeg Out-of-bounds Read vulnerability in Ffmpeg

The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

4.3
2018-02-16 CVE-2017-14537 Netfortris Path Traversal vulnerability in Netfortris Trixbox 2.8.0.4

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

4.0
2018-02-15 CVE-2017-8973 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

4.0
2018-02-15 CVE-2017-8972 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

4.0
2018-02-15 CVE-2017-8971 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

4.0
2018-02-15 CVE-2017-12543 HP Information Exposure vulnerability in HP products

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found.

4.0
2018-02-15 CVE-2016-8514 HP Information Exposure vulnerability in HP Version Control Repository Manager

A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found.

4.0
2018-02-15 CVE-2017-17187 Huawei Integer Overflow or Wraparound vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability.

4.0
2018-02-15 CVE-2017-17185 Huawei Out-of-bounds Read vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability.

4.0
2018-02-15 CVE-2017-17184 Huawei Integer Overflow or Wraparound vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability.

4.0
2018-02-15 CVE-2017-17183 Huawei Integer Overflow or Wraparound vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability.

4.0
2018-02-15 CVE-2017-17182 Huawei Out-of-bounds Read vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability.

4.0
2018-02-14 CVE-2018-2396 SAP Unspecified vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.

4.0
2018-02-14 CVE-2018-2391 SAP Unspecified vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.

4.0
2018-02-14 CVE-2018-2390 SAP Unspecified vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service.

4.0
2018-02-14 CVE-2018-2389 SAP Improper Encoding or Escaping of Output vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.

4.0
2018-02-14 CVE-2018-2387 SAP Unspecified vulnerability in SAP Internet Graphics Server

A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.

4.0
2018-02-14 CVE-2018-2386 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.

4.0
2018-02-14 CVE-2018-2385 SAP Divide By Zero vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.

4.0
2018-02-14 CVE-2018-2384 SAP NULL Pointer Dereference vulnerability in SAP Internet Graphics Server

Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.

4.0
2018-02-14 CVE-2018-2382 SAP Unspecified vulnerability in SAP Internet Graphics Server

A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.

4.0

50 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-02-13 CVE-2017-15709 Apache Information Exposure vulnerability in Apache Activemq

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

3.7
2018-02-15 CVE-2017-8974 HP Unspecified vulnerability in HP Nonstop Server Software

A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found.

3.6
2018-02-16 CVE-2018-7188 Tiki Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.

3.5
2018-02-16 CVE-2017-18091 Atlassian Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.

3.5
2018-02-16 CVE-2017-18089 Atlassian Cross-site Scripting vulnerability in Atlassian Crucible 4.4.0/4.4.1/4.4.2

The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

3.5
2018-02-16 CVE-2017-14536 Netfortris Cross-site Scripting vulnerability in Netfortris Trixbox 2.8.0.4

trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.

3.5
2018-02-15 CVE-2017-8993 Microfocus Cross-site Scripting vulnerability in Microfocus Project and Portfolio Management

A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found.

3.5
2018-02-15 CVE-2017-8969 HP Improper Input Validation vulnerability in HP Insight Control 7.6

An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found.

3.5
2018-02-15 CVE-2017-8953 HP Cross-site Scripting vulnerability in HP Loadrunner and Performance Center

A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found.

3.5
2018-02-15 CVE-2017-5827 HP Cross-site Scripting vulnerability in HP Aruba Clearpass Policy Manager

A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

3.5
2018-02-15 CVE-2017-5800 HP Cross-site Scripting vulnerability in HP Operations Bridge Analytics 3.0

A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found.

3.5
2018-02-15 CVE-2017-12544 HP
Linux
Microsoft
Cross-site Scripting vulnerability in HP System Management Homepage

A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

3.5
2018-02-15 CVE-2016-8535 HP Improper Input Validation vulnerability in HP Matrix Operating Environment 7.6

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.

3.5
2018-02-15 CVE-2016-8532 HP Cross-site Scripting vulnerability in HP Matrix Operating Environment 7.6

A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.

3.5
2018-02-15 CVE-2016-8522 HP Cross-site Scripting vulnerability in HP Diagnostics 9.24/9.26

A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.

3.5
2018-02-15 CVE-2018-0869 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016

SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".

3.5
2018-02-15 CVE-2018-0864 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2013/2016

SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".

3.5
2018-02-14 CVE-2017-1682 IBM Cross-site Scripting vulnerability in IBM Connections

IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting.

3.5
2018-02-12 CVE-2017-18177 Progress Cross-site Scripting vulnerability in Progress Sitefinity 9.1

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page.

3.5
2018-02-12 CVE-2017-18176 Progress Cross-site Scripting vulnerability in Progress Sitefinity 9.1

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code.

3.5
2018-02-12 CVE-2017-18175 Progress Cross-site Scripting vulnerability in Progress Sitefinity 9.1

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element.

3.5
2018-02-12 CVE-2018-6506 Minibb Cross-site Scripting vulnerability in Minibb 3.2.2

Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.

3.5
2018-02-12 CVE-2018-6864 Multireligion Responsive Matrimonial Project Cross-site Scripting vulnerability in Multireligion Responsive Matrimonial Project Multireligion Responsive Matrimonial 4.7.2

Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.

3.5
2018-02-12 CVE-2018-6862 Bitcoin MLM Project Cross-site Scripting vulnerability in Bitcoin MLM Project Bitcoin MLM 1.0.2

Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.

3.5
2018-02-12 CVE-2018-6861 Lawyer Search Script Project Cross-site Scripting vulnerability in Lawyer Search Script Project Lawyer Search Script 1.0.2

Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter.

3.5
2018-02-12 CVE-2018-6858 Facebook Clone Script Project Cross-site Scripting vulnerability in Facebook Clone Script Project Facebook Clone Script 1.0.5

Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.

3.5
2018-02-15 CVE-2017-15352 Huawei Incorrect Permission Assignment for Critical Resource vulnerability in Huawei products

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability.

2.9
2018-02-15 CVE-2018-0763 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

2.6
2018-02-15 CVE-2017-8950 HP Information Exposure vulnerability in HP Sitescope

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

2.1
2018-02-15 CVE-2017-8949 HP Unspecified vulnerability in HP Sitescope

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

2.1
2018-02-15 CVE-2017-5786 HP Local Security Bypass vulnerability in HP OfficeConnect Network Switches

A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14

2.1
2018-02-15 CVE-2017-17302 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability.

2.1
2018-02-15 CVE-2017-17294 Huawei NULL Pointer Dereference vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a null pointer dereference vulnerability.

2.1
2018-02-15 CVE-2017-17293 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability.

2.1
2018-02-15 CVE-2017-17292 Huawei Improper Input Validation vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a denial of service vulnerability in the specific module.

2.1
2018-02-15 CVE-2017-17291 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei products

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a memory leak vulnerability.

2.1
2018-02-15 CVE-2017-17289 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei products

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability.

2.1
2018-02-15 CVE-2017-17163 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Secospace Usg6600 Firmware V500R001C30Spc100

Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification.

2.1
2018-02-15 CVE-2017-17162 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei Secospace Usg6600 Firmware and Usg9500 Firmware

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times.

2.1
2018-02-15 CVE-2018-0761 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".

2.1
2018-02-15 CVE-2018-0760 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".

2.1
2018-02-15 CVE-2018-0755 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".

2.1
2018-02-14 CVE-2017-18188 Openr Link Following vulnerability in Openr Opentmpfiles

OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run.

2.1
2018-02-12 CVE-2017-9969 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric Igss Mobile

An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior.

2.1
2018-02-15 CVE-2018-0843 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability".

1.9
2018-02-15 CVE-2018-0832 Microsoft Memory Leak vulnerability in Microsoft products

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability".

1.9
2018-02-15 CVE-2018-0830 Microsoft Information Exposure vulnerability in Microsoft products

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability".

1.9
2018-02-15 CVE-2018-0829 Microsoft Information Exposure vulnerability in Microsoft products

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability".

1.9
2018-02-15 CVE-2018-0810 Microsoft Improper Initialization vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012

The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability".

1.9
2018-02-15 CVE-2018-0757 Microsoft Unspecified vulnerability in Microsoft products

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability".

1.9