Weekly Vulnerabilities Reports > February 26 to March 4, 2018
Overview
246 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 175 products from 98 vendors including Adobe, Debian, Netiq, Canonical, and Redhat. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", and "NULL Pointer Dereference".
- 206 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities have public exploit available.
- 56 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 208 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 41 reported vulnerabilities.
- Netiq has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-03-01 | CVE-2018-7573 | Ftpshell | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ftpshell Client 6.70 An issue was discovered in FTPShell Client 6.7. | 10.0 |
2018-02-27 | CVE-2018-4895 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 10.0 |
2018-02-27 | CVE-2018-4879 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 10.0 |
2018-02-27 | CVE-2018-4872 | Adobe | Unspecified vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 10.0 |
2018-02-26 | CVE-2017-11634 | Use of Hard-coded Credentials vulnerability in - Wireless IP Camera 360 An issue was discovered on Wireless IP Camera 360 devices. | 10.0 | |
2018-02-26 | CVE-2017-11632 | Use of Hard-coded Credentials vulnerability in - Wireless IP Camera 360 An issue was discovered on Wireless IP Camera 360 devices. | 10.0 | |
2018-03-02 | CVE-2017-9285 | Netiq Microfocus | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
2018-03-02 | CVE-2017-9278 | Netiq | Information Exposure Through Log Files vulnerability in Netiq Identity Manager The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | 9.8 |
2018-03-02 | CVE-2017-7434 | Netiq | Information Exposure Through Log Files vulnerability in Netiq Identity Manager 4.5 In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. | 9.8 |
2018-03-01 | CVE-2017-9269 | Opensuse | Improper Input Validation vulnerability in Opensuse Libzypp In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. | 9.8 |
2018-02-27 | CVE-2017-15692 | Apache | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. | 9.8 |
2018-02-26 | CVE-2018-7489 | Fasterxml Debian Oracle Redhat | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. | 9.8 |
2018-02-26 | CVE-2018-7484 | Purevpn | Untrusted Search Path vulnerability in Purevpn 5.19.4.0 An issue was discovered in PureVPN through 5.19.4.0 on Windows. | 9.3 |
2018-03-01 | CVE-2017-9270 | Opensuse | Improper Input Validation vulnerability in Opensuse Cryptctl 2.0 In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. | 9.1 |
2018-03-01 | CVE-2017-7426 | Netiq | XXE vulnerability in Netiq Identity Manager 4.5/4.6 The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. | 9.1 |
2018-02-28 | CVE-2016-0291 | IBM | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 9.0 |
60 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-03-02 | CVE-2017-7429 | Netiq Microfocus | Improper Certificate Validation vulnerability in multiple products The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | 8.8 |
2018-03-02 | CVE-2018-1058 | Postgresql Canonical Redhat | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. | 8.8 |
2018-03-01 | CVE-2017-9286 | Opensuse | Unspecified vulnerability in Opensuse Leap 42.3 The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. | 8.8 |
2018-03-01 | CVE-2018-7550 | Qemu Debian Canonical Redhat | Out-of-bounds Write vulnerability in multiple products The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | 8.8 |
2018-02-27 | CVE-2017-5660 | Apache Debian | Improper Input Validation vulnerability in multiple products There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. | 8.6 |
2018-02-26 | CVE-2018-7448 | Cmsmadesimple | OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 8.5 |
2018-03-02 | CVE-2018-1170 | HTC Volkswagen | This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. | 8.3 |
2018-03-01 | CVE-2017-7436 | Opensuse | Improper Input Validation vulnerability in Opensuse Libzypp In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. | 8.1 |
2018-03-01 | CVE-2017-7435 | Opensuse | Improper Input Validation vulnerability in Opensuse Libzypp In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. | 8.1 |
2018-03-02 | CVE-2015-0796 | Opensuse | Link Following vulnerability in Opensuse Open Buildservice In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | 7.8 |
2018-03-01 | CVE-2017-9274 | Opensuse | OS Command Injection vulnerability in Opensuse Obs-Service-Source Validator A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | 7.8 |
2018-03-01 | CVE-2017-6150 | F5 | Improper Input Validation vulnerability in F5 products Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). | 7.8 |
2018-03-02 | CVE-2017-9280 | Netiq | Information Exposure vulnerability in Netiq Identity Manager 4.5 Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | 7.5 |
2018-03-02 | CVE-2017-9277 | Novell | Unspecified vulnerability in Novell Edirectory The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | 7.5 |
2018-03-02 | CVE-2017-9267 | Novell | Unspecified vulnerability in Novell Edirectory In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | 7.5 |
2018-03-02 | CVE-2017-5189 | Netiq | Improper Authentication vulnerability in Netiq Imanager NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance. | 7.5 |
2018-03-02 | CVE-2018-7648 | Uclouvain | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg 2.3.0 An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. | 7.5 |
2018-03-02 | CVE-2018-6490 | HP | Improper Input Validation vulnerability in HP Operations Orchestration 10.0 Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. | 7.5 |
2018-03-01 | CVE-2017-18212 | Jerryscript | Out-of-bounds Read vulnerability in Jerryscript 1.0 An issue was discovered in JerryScript 1.0. | 7.5 |
2018-03-01 | CVE-2018-7047 | Wowza | Use of Hard-coded Credentials vulnerability in Wowza Streaming Engine An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. | 7.5 |
2018-03-01 | CVE-2017-18211 | Imagemagick Canonical | NULL Pointer Dereference vulnerability in multiple products In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. | 7.5 |
2018-03-01 | CVE-2017-18210 | Imagemagick | NULL Pointer Dereference vulnerability in Imagemagick In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | 7.5 |
2018-03-01 | CVE-2017-5188 | Opensuse | Link Following vulnerability in Opensuse Open Build Service The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | 7.5 |
2018-03-01 | CVE-2018-7584 | PHP Canonical Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. | 7.5 |
2018-03-01 | CVE-2018-2368 | SAP | Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 7.5 |
2018-03-01 | CVE-2018-7561 | Tendacn Tenda | Out-of-bounds Write vulnerability in Tendacn AC9 Firmware 15.03.05.14En Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 7.5 |
2018-03-01 | CVE-2017-12627 | Apache | NULL Pointer Dereference vulnerability in Apache Xerces-C++ In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 7.5 |
2018-02-28 | CVE-2018-7264 | Activepdf | Out-of-bounds Write vulnerability in Activepdf Toolkit The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images. | 7.5 |
2018-02-28 | CVE-2018-7482 | Joomlaworks | Path Traversal vulnerability in Joomlaworks K2 2.8.0 The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. | 7.5 |
2018-02-28 | CVE-2018-7477 | School Management Script Project | SQL Injection vulnerability in School Management Script Project School Management Script 3.0.4 SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | 7.5 |
2018-02-28 | CVE-2018-7554 | Sam2P Project Debian | Use After Free vulnerability in multiple products There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. | 7.5 |
2018-02-28 | CVE-2018-7553 | Sam2P Project Debian | Out-of-bounds Write vulnerability in multiple products There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. | 7.5 |
2018-02-28 | CVE-2018-7552 | Sam2P Project Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. | 7.5 |
2018-02-28 | CVE-2018-7551 | Sam2P Project Debian | Use After Free vulnerability in multiple products There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. | 7.5 |
2018-02-28 | CVE-2018-6641 | Wiris | Use After Free vulnerability in Wiris Mathtype 6.9C An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. | 7.5 |
2018-02-28 | CVE-2018-6640 | Wiris | Out-of-bounds Write vulnerability in Wiris Mathtype 6.9C A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. | 7.5 |
2018-02-28 | CVE-2018-6639 | Wiris | Out-of-bounds Write vulnerability in Wiris Mathtype 6.9C An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. | 7.5 |
2018-02-28 | CVE-2018-6638 | Wiris | Out-of-bounds Write vulnerability in Wiris Mathtype 6.9C A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. | 7.5 |
2018-02-27 | CVE-2018-7548 | ZSH Canonical | NULL Pointer Dereference vulnerability in multiple products In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | 7.5 |
2018-02-27 | CVE-2017-18206 | ZSH Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | 7.5 |
2018-02-27 | CVE-2016-10714 | ZSH Canonical | Numeric Errors vulnerability in multiple products In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | 7.5 |
2018-02-27 | CVE-2014-10072 | ZSH Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ZSH Project ZSH In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. | 7.5 |
2018-02-27 | CVE-2014-10071 | ZSH Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | 7.5 |
2018-02-27 | CVE-2018-7467 | Axxonsoft | Path Traversal vulnerability in Axxonsoft Next AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | 7.5 |
2018-02-27 | CVE-2017-7671 | Apache Debian | Improper Input Validation vulnerability in multiple products There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. | 7.5 |
2018-02-27 | CVE-2018-6481 | Flexense | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Disksavvy Enterprise 10.4.18 A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124. | 7.5 |
2018-02-27 | CVE-2017-15693 | Apache | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. | 7.5 |
2018-02-26 | CVE-2018-7485 | Unixodbc | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unixodbc 2.3.5 The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 7.5 |
2018-02-26 | CVE-2017-18201 | GNU | Double Free vulnerability in GNU Libcdio An issue was discovered in GNU libcdio before 2.0.0. | 7.5 |
2018-02-26 | CVE-2018-7463 | Asanhamayesh | SQL Injection vulnerability in Asanhamayesh CMS 3.4.6 SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | 7.5 |
2018-02-26 | CVE-2017-9426 | Facetag Project | SQL Injection vulnerability in Facetag Project Facetag 0.0.3 ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. | 7.5 |
2018-02-26 | CVE-2017-15696 | Apache | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. | 7.5 |
2018-02-28 | CVE-2017-12191 | Redhat | Improper Access Control vulnerability in Redhat Cloudforms 4.5 A flaw was found in the CloudForms account configuration when using VMware. | 7.4 |
2018-03-04 | CVE-2018-7567 | Otrs | Unrestricted Upload of File with Dangerous Type vulnerability in Otrs In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. | 7.2 |
2018-03-02 | CVE-2017-9279 | Netiq | Improper Input Validation vulnerability in Netiq Identity Manager 4.5 NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. | 7.2 |
2018-02-28 | CVE-2018-6947 | Nomachine Microsoft | Improper Initialization vulnerability in multiple products An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. | 7.2 |
2018-02-27 | CVE-2018-6533 | Icinga | Unspecified vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 7.2 |
2018-03-02 | CVE-2018-1066 | Linux Debian Canonical | NULL Pointer Dereference vulnerability in Linux Kernel The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | 7.1 |
2018-03-01 | CVE-2017-14798 | Postgresql Suse | Race Condition vulnerability in multiple products A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | 7.0 |
2018-02-27 | CVE-2017-18202 | Linux | Use After Free vulnerability in Linux Kernel The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. | 7.0 |
154 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-02-26 | CVE-2018-7249 | Microsoft Tivo | Use After Free vulnerability in multiple products An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. | 6.9 |
2018-03-02 | CVE-2018-7643 | GNU Redhat | Integer Overflow or Wraparound vulnerability in multiple products The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. | 6.8 |
2018-03-02 | CVE-2018-7641 | Cimg | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-02 | CVE-2018-7640 | Cimg | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-02 | CVE-2018-7639 | Cimg | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-02 | CVE-2018-7638 | Cimg | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-02 | CVE-2018-7637 | Cimg | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-02 | CVE-2018-1169 | Amazon | Improper Input Validation vulnerability in Amazon Music 6.1.5.1213 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. | 6.8 |
2018-03-01 | CVE-2018-7634 | Enalean | Cross-Site Request Forgery (CSRF) vulnerability in Enalean Tuleap 9.17 An issue was discovered in Enalean Tuleap 9.17. | 6.8 |
2018-03-01 | CVE-2017-6930 | Drupal | Unspecified vulnerability in Drupal In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. | 6.8 |
2018-03-01 | CVE-2018-7590 | Hoosk | Cross-Site Request Forgery (CSRF) vulnerability in Hoosk 1.7.0 CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | 6.8 |
2018-03-01 | CVE-2018-7589 | Cimg | Double Free vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-01 | CVE-2018-7588 | Cimg | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-01 | CVE-2018-7587 | Cimg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 6.8 |
2018-03-01 | CVE-2017-18209 | Imagemagick Canonical | NULL Pointer Dereference vulnerability in multiple products In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. | 6.8 |
2018-02-28 | CVE-2016-0295 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
2018-02-27 | CVE-2017-18205 | ZSH Project | NULL Pointer Dereference vulnerability in ZSH Project ZSH In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. | 6.8 |
2018-02-27 | CVE-2018-4916 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4915 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4913 | Adobe | Use After Free vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4911 | Adobe | Use After Free vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4910 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4904 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4902 | Adobe | Use After Free vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4901 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4898 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4892 | Adobe | Use After Free vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4890 | Adobe | Out-of-bounds Write vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-27 | CVE-2018-4888 | Adobe | Use After Free vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 6.8 |
2018-02-26 | CVE-2018-7487 | Sam2P Project Debian | Out-of-bounds Write vulnerability in multiple products There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. | 6.8 |
2018-03-04 | CVE-2017-18213 | Exponentcms | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 6.5 |
2018-03-01 | CVE-2017-9268 | Opensuse | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | 6.5 |
2018-03-01 | CVE-2018-7579 | Yzmcms | SQL Injection vulnerability in Yzmcms 3.6 \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | 6.5 |
2018-03-01 | CVE-2018-2380 | SAP | Path Traversal vulnerability in SAP Customer Relationship Management SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.5 |
2018-03-01 | CVE-2018-2367 | SAP | Path Traversal vulnerability in SAP Business Application Software Integrated Solution ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.5 |
2018-03-01 | CVE-2017-18207 | Python | Divide By Zero vulnerability in Python The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. | 6.5 |
2018-02-28 | CVE-2015-4117 | Vestacp | OS Command Injection vulnerability in Vestacp Control Panel Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. | 6.5 |
2018-02-28 | CVE-2018-1286 | Apache | Improper Authentication vulnerability in Apache Openmeetings In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 6.5 |
2018-02-28 | CVE-2018-7557 | Ffmpeg Debian | Out-of-bounds Read vulnerability in multiple products The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | 6.5 |
2018-02-26 | CVE-2018-7486 | Blueriver | Path Traversal vulnerability in Blueriver Muracms Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. | 6.5 |
2018-02-28 | CVE-2018-7556 | Limesurvey Debian | Information Exposure vulnerability in multiple products LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. | 6.4 |
2018-02-27 | CVE-2018-0489 | Shibboleth Debian Arubanetworks | Improper Verification of Cryptographic Signature vulnerability in multiple products Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. | 6.4 |
2018-03-02 | CVE-2017-9276 | Netiq | Cross-site Scripting vulnerability in Netiq Access Manager Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. | 6.1 |
2018-03-02 | CVE-2017-7438 | Netiq | Cross-site Scripting vulnerability in Netiq Privileged Account Manager 3.1 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | 6.1 |
2018-03-02 | CVE-2017-7419 | Netiq | Cross-site Scripting vulnerability in Netiq Access Manager 4.2/4.3 A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider. | 6.1 |
2018-03-02 | CVE-2017-14802 | Netiq | Open Redirect vulnerability in Netiq Access Manager Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | 6.1 |
2018-03-02 | CVE-2017-14801 | Netiq | Cross-site Scripting vulnerability in Netiq Access Manager Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. | 6.1 |
2018-03-01 | CVE-2017-14800 | Netiq | Cross-site Scripting vulnerability in Netiq Access Manager A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. | 6.1 |
2018-03-01 | CVE-2017-14799 | Netiq | Cross-site Scripting vulnerability in Netiq Access Manager A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. | 6.1 |
2018-02-27 | CVE-2018-7541 | XEN Debian | An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. | 6.1 |
2018-02-28 | CVE-2018-1304 | Apache Redhat Debian Canonical Oracle | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. | 5.9 |
2018-03-01 | CVE-2017-6932 | Drupal Debian | Open Redirect vulnerability in multiple products Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. | 5.8 |
2018-02-28 | CVE-2015-3898 | Bonitasoft | Open Redirect vulnerability in Bonitasoft Bonita BPM Portal Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice. | 5.8 |
2018-03-02 | CVE-2018-7642 | GNU Redhat | NULL Pointer Dereference vulnerability in multiple products The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. | 5.5 |
2018-03-02 | CVE-2017-14461 | Dovecot Debian Ubuntu | Out-of-bounds Read vulnerability in multiple products A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. | 5.5 |
2018-03-01 | CVE-2017-6926 | Drupal | Information Exposure vulnerability in Drupal In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. | 5.5 |
2018-02-28 | CVE-2018-7570 | GNU | NULL Pointer Dereference vulnerability in GNU Binutils 2.30 The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. | 5.5 |
2018-02-27 | CVE-2018-7172 | Wondercms | Path Traversal vulnerability in Wondercms In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. | 5.5 |
2018-03-01 | CVE-2017-14804 | Suse Opensuse | Improper Input Validation vulnerability in multiple products The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | 5.3 |
2018-03-04 | CVE-2018-7662 | Couchcms | Information Exposure vulnerability in Couchcms Couch Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. | 5.0 |
2018-03-04 | CVE-2017-18214 | Momentjs Tenable | Resource Exhaustion vulnerability in multiple products The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 5.0 |
2018-03-04 | CVE-2018-7560 | AWS Lambda Multipart Parser Project | Improper Input Validation vulnerability in Aws-Lambda-Multipart-Parser Project Aws-Lambda-Multipart-Parser index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | 5.0 |
2018-03-04 | CVE-2018-7583 | Advantig | Improper Input Validation vulnerability in Advantig Dualdesk 20 Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | 5.0 |
2018-03-04 | CVE-2018-7449 | Segger Microsoft | Improper Input Validation vulnerability in Segger Embos/Ip FTP Server 3.22 SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | 5.0 |
2018-03-02 | CVE-2018-7433 | Ithemes | Information Exposure Through Log Files vulnerability in Ithemes Security The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | 5.0 |
2018-03-02 | CVE-2018-1373 | IBM | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.0 |
2018-03-01 | CVE-2018-7586 | Imagely | Path Traversal vulnerability in Imagely Nextgen Gallery In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 5.0 |
2018-03-01 | CVE-2017-15134 | Fedoraproject Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. | 5.0 |
2018-03-01 | CVE-2018-7048 | Wowza | Resource Exhaustion vulnerability in Wowza Streaming Engine An issue was discovered in Wowza Streaming Engine before 4.7.1. | 5.0 |
2018-03-01 | CVE-2018-5314 | Citrix | Improper Authentication vulnerability in Citrix products Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. | 5.0 |
2018-03-01 | CVE-2017-6154 | F5 | Improper Input Validation vulnerability in F5 Big-Ip Application Security Manager On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. | 5.0 |
2018-03-01 | CVE-2018-6653 | Comforte HP | Inadequate Encryption Strength vulnerability in Comforte Swap comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. | 5.0 |
2018-02-28 | CVE-2015-5079 | Blackcat CMS | Path Traversal vulnerability in Blackcat-Cms Blackcat CMS Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2018-02-28 | CVE-2016-0299 | IBM | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. | 5.0 |
2018-02-28 | CVE-2017-9447 | Parallels | Path Traversal vulnerability in Parallels Remote Application Server 15.5 In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. | 5.0 |
2018-02-27 | CVE-2018-7549 | ZSH Redhat Canonical | Improper Input Validation vulnerability in multiple products In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | 5.0 |
2018-02-27 | CVE-2018-6532 | Icinga | Resource Exhaustion vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 5.0 |
2018-02-27 | CVE-2018-1372 | IBM | Weak Password Requirements vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
2018-02-26 | CVE-2018-7490 | Unbit Debian | Path Traversal vulnerability in multiple products uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. | 5.0 |
2018-02-26 | CVE-2017-11635 | Information Exposure vulnerability in - Wireless IP Camera 360 An issue was discovered on Wireless IP Camera 360 devices. | 5.0 | |
2018-02-26 | CVE-2017-11633 | Unspecified vulnerability in - Wireless IP Camera 360 An issue was discovered on Wireless IP Camera 360 devices. | 5.0 | |
2018-02-26 | CVE-2018-7491 | Prestashop | Improper Restriction of Rendered UI Layers or Frames vulnerability in Prestashop In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. | 5.0 |
2018-02-26 | CVE-2017-18195 | Concretecms | Unspecified vulnerability in Concretecms Concrete CMS An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. | 5.0 |
2018-02-26 | CVE-2017-1774 | IBM | Information Exposure vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. | 5.0 |
2018-02-26 | CVE-2018-7479 | Yzmcms | Exposure of Resource to Wrong Sphere vulnerability in Yzmcms 3.6 YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. | 5.0 |
2018-03-01 | CVE-2017-18208 | Linux | Infinite Loop vulnerability in Linux Kernel The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. | 4.9 |
2018-02-27 | CVE-2018-7542 | XEN Debian | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. | 4.9 |
2018-02-27 | CVE-2018-7540 | XEN Debian | Resource Exhaustion vulnerability in multiple products An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. | 4.9 |
2018-02-26 | CVE-2018-7492 | Linux Debian Canonical | NULL Pointer Dereference vulnerability in Linux Kernel A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | 4.9 |
2018-02-26 | CVE-2017-18200 | Linux | Improper Input Validation vulnerability in Linux Kernel The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. | 4.9 |
2018-03-02 | CVE-2018-1065 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. | 4.7 |
2018-03-02 | CVE-2015-7967 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service for Citrix web Interface Agent SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-03-02 | CVE-2015-7966 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service Windows Logon Agent SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. | 4.6 |
2018-03-02 | CVE-2015-7965 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service Windows Logon Agent SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966. | 4.6 |
2018-03-02 | CVE-2015-7964 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service for NPS Agent SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-03-02 | CVE-2015-7963 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service for AD FS Agent SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-03-02 | CVE-2015-7962 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service for Outlook web APP Agent SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-03-02 | CVE-2015-7961 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service Remote web Workplace Agent SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-03-02 | CVE-2015-7598 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service Tokenvalidator Proxy Agent SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-03-02 | CVE-2015-7597 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service IIS Agent SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-03-02 | CVE-2015-7596 | Gemalto | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service END User Software Tools for Windows SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 4.6 |
2018-02-27 | CVE-2014-10070 | ZSH Project | Permissions, Privileges, and Access Controls vulnerability in ZSH Project ZSH zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). | 4.6 |
2018-03-02 | CVE-2018-1063 | Redhat Selinux Project | Link Following vulnerability in multiple products Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. | 4.4 |
2018-03-04 | CVE-2018-7653 | Yzmcms | Cross-site Scripting vulnerability in Yzmcms 3.6 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. | 4.3 |
2018-03-04 | CVE-2018-7652 | Zonemaster | Cross-site Scripting vulnerability in Zonemaster web GUI lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | 4.3 |
2018-03-04 | CVE-2018-7651 | Ssri Project | Resource Exhaustion vulnerability in Ssri Project Ssri index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. | 4.3 |
2018-03-02 | CVE-2017-15130 | Dovecot Debian Canonical | A denial of service flaw was found in dovecot before 2.2.34. | 4.3 |
2018-03-01 | CVE-2017-6929 | Drupal Debian | Cross-site Scripting vulnerability in multiple products A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. | 4.3 |
2018-03-01 | CVE-2017-6927 | Drupal Debian | Cross-site Scripting vulnerability in multiple products Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). | 4.3 |
2018-03-01 | CVE-2018-7049 | Wowza | Cross-site Scripting vulnerability in Wowza Streaming Engine An issue was discovered in Wowza Streaming Engine before 4.7.1. | 4.3 |
2018-03-01 | CVE-2018-2365 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Portal SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2018-03-01 | CVE-2018-5501 | F5 | Resource Exhaustion vulnerability in F5 products In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. | 4.3 |
2018-03-01 | CVE-2018-5500 | F5 | Resource Exhaustion vulnerability in F5 products On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. | 4.3 |
2018-02-28 | CVE-2018-7569 | GNU Redhat | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. | 4.3 |
2018-02-28 | CVE-2018-7568 | GNU Redhat | Integer Overflow or Wraparound vulnerability in multiple products The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. | 4.3 |
2018-02-27 | CVE-2018-6535 | Icinga | Unspecified vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 4.3 |
2018-02-27 | CVE-2018-6534 | Icinga | NULL Pointer Dereference vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 4.3 |
2018-02-27 | CVE-2012-3536 | Apache | Cross-site Scripting vulnerability in Apache Hupa Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. | 4.3 |
2018-02-27 | CVE-2018-1425 | IBM | Inadequate Encryption Strength vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.3 |
2018-02-27 | CVE-2018-1416 | IBM | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 4.3 |
2018-02-27 | CVE-2018-4914 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4912 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4909 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4908 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4907 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4906 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4905 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4903 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4900 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4899 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4897 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4896 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4894 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4893 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4891 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4889 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4887 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4886 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4885 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4884 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4883 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4882 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4881 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4880 | Adobe | Out-of-bounds Read vulnerability in Adobe products An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | 4.3 |
2018-02-27 | CVE-2018-4876 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager 6.1.0/6.2.0/6.3.0 Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. | 4.3 |
2018-02-27 | CVE-2018-4875 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager 6.0.0/6.1.0 Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM. | 4.3 |
2018-02-26 | CVE-2018-0908 | Microsoft | Cross-site Scripting vulnerability in Microsoft Identity Manager 2016 Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability." | 4.3 |
2018-02-26 | CVE-2017-16229 | OX Project | Out-of-bounds Read vulnerability in OX Project OX 2.8.1 In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. | 4.3 |
2018-02-26 | CVE-2018-5762 | Unisys | Unspecified vulnerability in Unisys Clearpath MCP 58.1/59.1 The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | 4.3 |
2018-02-26 | CVE-2017-9425 | Facetag Project | Cross-site Scripting vulnerability in Facetag Project Facetag 0.0.3 The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action. | 4.3 |
2018-03-04 | CVE-2018-7654 | 3CX | Path Traversal vulnerability in 3CX 15.5.6354.2 On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | 4.0 |
2018-03-01 | CVE-2017-6931 | Drupal | Unrestricted Upload of File with Dangerous Type vulnerability in Drupal In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. | 4.0 |
2018-02-27 | CVE-2017-15136 | Redhat | Unspecified vulnerability in Redhat Satellite 6.0 When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates. | 4.0 |
2018-02-27 | CVE-2017-16770 | Synology | Information Exposure vulnerability in Synology Surveillance Station File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | 4.0 |
16 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-03-01 | CVE-2017-6928 | Drupal Debian | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. | 3.5 |
2018-02-28 | CVE-2018-7469 | Entrepreneur JOB Portal Script Project | Cross-site Scripting vulnerability in Entrepreneur JOB Portal Script Project Entrepreneur JOB Portal Script 2.0.9 PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type). | 3.5 |
2018-02-27 | CVE-2018-7547 | Lingyun | Cross-site Scripting vulnerability in Lingyun Lyadmin lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI. | 3.5 |
2018-02-27 | CVE-2018-1399 | IBM | Cross-site Scripting vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. | 3.5 |
2018-02-27 | CVE-2017-17478 | Pega | Cross-site Scripting vulnerability in Pega Platform An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. | 3.5 |
2018-02-27 | CVE-2017-16767 | Synology | Cross-site Scripting vulnerability in Synology Surveillance Station Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | 3.5 |
2018-03-01 | CVE-2017-9271 | Opensuse Fedoraproject | Information Exposure Through Log Files vulnerability in multiple products The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | 3.3 |
2018-02-26 | CVE-2017-16814 | Foxitsoftware | Path Traversal vulnerability in Foxitsoftware Mobilepdf A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. | 3.3 |
2018-03-04 | CVE-2018-7661 | Babyphonemobile | Information Exposure vulnerability in Babyphonemobile Wifi Baby Monitor Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257. | 2.9 |
2018-02-26 | CVE-2017-16813 | Foxitsoftware | Improper Input Validation vulnerability in Foxitsoftware Mobilepdf A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. | 2.9 |
2018-03-02 | CVE-2017-1787 | IBM | Use of Hard-coded Credentials vulnerability in IBM Rational Publishing Engine 2.1.2/6.0.5 IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. | 2.1 |
2018-03-02 | CVE-2017-1654 | IBM | Information Exposure vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. | 2.1 |
2018-02-27 | CVE-2017-18204 | Linux | Unspecified vulnerability in Linux Kernel The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. | 2.1 |
2018-02-26 | CVE-2018-7250 | Microsoft Tivo | Information Exposure vulnerability in multiple products An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. | 2.1 |
2018-02-26 | CVE-2018-1377 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
2018-02-27 | CVE-2017-18203 | Linux | Race Condition vulnerability in Linux Kernel The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. | 1.9 |