US-CERT - SB18-134: Vulnerability Summary for the Week of May 7, 2018
Original release date: May 14, 2018
Back to top
Back to top
Back to top
Back to top
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-134
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 389-ds-base -- 389-ds-base |
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | 2018-05-09 | not yet calculated | CVE-2018-1089 BID REDHAT CONFIRM |
| abcm2ps -- abcm2ps |
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-05-06 | not yet calculated | CVE-2018-10771 MISC MISC |
| absolute_software -- computrace_agent |
Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted. | 2018-05-11 | not yet calculated | CVE-2009-5150 MISC |
| absolute_software -- computrace_agent |
The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes. | 2018-05-11 | not yet calculated | CVE-2009-5151 MISC |
| absolute_software -- computrace_agent |
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file. | 2018-05-11 | not yet calculated | CVE-2009-5152 MISC |
| admin-cli -- admin-cli |
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. | 2018-05-11 | not yet calculated | CVE-2016-8627 REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM |
| advantech -- webaccess |
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. | 2018-05-09 | not yet calculated | CVE-2017-5175 BID MISC |
| alps -- pointing-device_driver |
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices. | 2018-05-09 | not yet calculated | CVE-2018-10828 MISC EXPLOIT-DB |
| apache -- derby |
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. | 2018-05-07 | not yet calculated | CVE-2018-1313 BID MLIST |
| bibutils -- bibutils |
NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml. | 2018-05-07 | not yet calculated | CVE-2018-10775 MISC |
| bibutils -- bibutils |
NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml. | 2018-05-07 | not yet calculated | CVE-2018-10773 MISC |
| bibutils -- bibutils |
Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml. | 2018-05-07 | not yet calculated | CVE-2018-10774 MISC |
| bitpie -- bitpie |
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS). | 2018-05-08 | not yet calculated | CVE-2018-10812 MISC |
| brave -- brave |
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element. | 2018-05-08 | not yet calculated | CVE-2018-10799 MISC |
| brave -- brave |
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second. | 2018-05-08 | not yet calculated | CVE-2018-10798 MISC |
| csp -- mysql_user_manager |
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. | 2018-05-05 | not yet calculated | CVE-2018-10757 MISC MISC EXPLOIT-DB |
| d-link -- dir-629-b1_devices |
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. | 2018-05-12 | not yet calculated | CVE-2018-10996 MISC |
| d-link -- dir-868l_devices |
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | 2018-05-09 | not yet calculated | CVE-2018-10957 MISC |
| dell_emc -- unity_operating_environment |
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. | 2018-05-08 | not yet calculated | CVE-2018-1239 FULLDISC BID |
| devicelock -- plug_and_play_auditor |
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH). | 2018-05-10 | not yet calculated | CVE-2018-10655 MISC MISC EXPLOIT-DB |
| easy_hosting_control_panel -- easy_hosting_control_panel |
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. | 2018-05-11 | not yet calculated | CVE-2018-6362 MISC MISC |
| easy_hosting_control_panel -- easy_hosting_control_panel |
Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt. | 2018-05-11 | not yet calculated | CVE-2018-6619 MISC MISC |
| easy_hosting_control_panel -- easy_hosting_control_panel |
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. | 2018-05-11 | not yet calculated | CVE-2018-6361 MISC MISC |
| easy_hosting_control_panel -- easy_hosting_control_panel |
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. | 2018-05-11 | not yet calculated | CVE-2018-6618 MISC MISC |
| easy_hosting_control_panel -- easy_hosting_control_panel |
Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | 2018-05-11 | not yet calculated | CVE-2018-6458 MISC MISC |
| easy_hosting_control_panel -- easy_hosting_control_panel |
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. | 2018-05-11 | not yet calculated | CVE-2018-6617 MISC MISC |
| ethereum -- aurora_dao_token |
The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack. | 2018-05-08 | not yet calculated | CVE-2018-10705 MISC |
| ethereum -- koreashow_token |
An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters. | 2018-05-10 | not yet calculated | CVE-2018-10973 MISC |
| ethereum -- social_chain_token | An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue. | 2018-05-10 | not yet calculated | CVE-2018-10706 MISC |
| exiv2 -- exiv2 |
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | 2018-05-12 | not yet calculated | CVE-2018-10998 MISC |
| exiv2 -- exiv2 |
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. | 2018-05-12 | not yet calculated | CVE-2018-10999 MISC |
| exiv2 -- exiv2 |
Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. | 2018-05-07 | not yet calculated | CVE-2018-10780 MISC |
| exiv2 -- exiv2 |
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | 2018-05-09 | not yet calculated | CVE-2018-10958 MISC |
| exiv2 -- exiv2 |
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | 2018-05-06 | not yet calculated | CVE-2018-10772 MISC |
| fastweb -- fastgate_0.00.47_devices |
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. | 2018-05-11 | not yet calculated | CVE-2018-6023 MISC EXPLOIT-DB |
| fortinet -- fortiwlc |
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | 2018-05-08 | not yet calculated | CVE-2017-17540 BID CONFIRM |
| fortinet -- fortiwlc |
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | 2018-05-08 | not yet calculated | CVE-2017-17539 BID CONFIRM |
| foxconn_electronics -- femto_ap-fc4064-t_ap_gt_b38_5.8.3lb15-w47_lte | Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser. | 2018-05-09 | not yet calculated | CVE-2018-9111 MISC |
| foxconn_electronics -- femto_ap-fc4064-t_ap_gt_b38_5.8.3lb15-w47_lte |
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies. | 2018-05-09 | not yet calculated | CVE-2018-9112 MISC |
| free_lossless_image_format -- free_lossless_image_format |
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | 2018-05-10 | not yet calculated | CVE-2018-10972 MISC |
| free_lossless_image_format -- free_lossless_image_format |
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file. | 2018-05-10 | not yet calculated | CVE-2018-10971 MISC |
| freebsd -- freebsd | In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | 2018-05-08 | not yet calculated | CVE-2018-6921 BID CONFIRM |
| freebsd -- freebsd |
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | 2018-05-08 | not yet calculated | CVE-2018-6920 BID CONFIRM |
| frog_cms -- frog_cms |
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. | 2018-05-08 | not yet calculated | CVE-2018-10806 MISC |
| gnu -- gnu_wget |
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | 2018-05-06 | not yet calculated | CVE-2018-0494 BID SECTRACK MISC MLIST MISC MISC MISC UBUNTU UBUNTU DEBIAN EXPLOIT-DB |
| google -- android |
In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289. | 2018-05-10 | not yet calculated | CVE-2017-6289 BID CONFIRM |
| google -- android |
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. | 2018-05-10 | not yet calculated | CVE-2018-6246 CONFIRM |
| google -- android |
In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-69377364. Reference: N-CVE-2017-6293. | 2018-05-10 | not yet calculated | CVE-2017-6293 BID CONFIRM |
| google -- android |
In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. | 2018-05-10 | not yet calculated | CVE-2018-6254 CONFIRM |
| haproxy -- haproxy |
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain. | 2018-05-09 | not yet calculated | CVE-2018-10184 CONFIRM CONFIRM |
| hawtio -- hawtio |
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. | 2018-05-08 | not yet calculated | CVE-2017-2594 BID CONFIRM CONFIRM |
| huawei -- hirouter-cd20_and_ws5200_home_gateway_products |
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation. | 2018-05-10 | not yet calculated | CVE-2018-7933 CONFIRM |
| huawei -- ibmc_products |
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. | 2018-05-10 | not yet calculated | CVE-2018-7941 CONFIRM |
| huawei -- mate_10_and_mate_10_pro_smart_phones |
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations. | 2018-05-10 | not yet calculated | CVE-2018-7940 CONFIRM |
| hwinfo -- amd64_kernel_driver |
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name. | 2018-05-09 | not yet calculated | CVE-2018-8060 MISC |
| hwinfo -- amd64_kernel_driver |
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write. | 2018-05-09 | not yet calculated | CVE-2018-8061 MISC |
| ibm -- cognos_analytics |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819. | 2018-05-07 | not yet calculated | CVE-2018-1413 CONFIRM BID SECTRACK XF |
| ibm -- websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. | 2018-05-04 | not yet calculated | CVE-2017-1743 CONFIRM BID SECTRACK XF |
| icewarp -- icewarp_mail_server |
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. | 2018-05-08 | not yet calculated | CVE-2015-1503 MISC EXPLOIT-DB MISC |
| imagemagick -- imagemagick |
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. | 2018-05-08 | not yet calculated | CVE-2018-10804 MISC |
| imagemagick -- imagemagick |
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | 2018-05-08 | not yet calculated | CVE-2018-10805 MISC |
| impinj -- speedway_connect_r420_rfid_reader |
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions. | 2018-05-11 | not yet calculated | CVE-2018-5304 MISC |
| impinj -- speedway_connect_r420_rfid_reader |
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user. | 2018-05-11 | not yet calculated | CVE-2018-5303 MISC |
| intel -- integrated_performance_primitives_cryptography_library |
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 do not properly ensure constant execution time. | 2018-05-10 | not yet calculated | CVE-2018-3617 CONFIRM |
| intel -- nuc_kits |
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). | 2018-05-10 | not yet calculated | CVE-2018-3612 CONFIRM |
| intel -- wireless-ac_products |
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution. | 2018-05-10 | not yet calculated | CVE-2018-3649 CONFIRM |
| jasper -- jasper |
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | 2018-05-04 | not yet calculated | CVE-2018-9154 MISC |
| jenkins -- jenkins | An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password. | 2018-05-08 | not yet calculated | CVE-2018-1000176 CONFIRM |
| jenkins -- jenkins |
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. | 2018-05-08 | not yet calculated | CVE-2018-1000174 CONFIRM |
| jenkins -- jenkins |
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | 2018-05-08 | not yet calculated | CVE-2018-1000177 CONFIRM |
| jenkins -- jenkins |
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 2018-05-08 | not yet calculated | CVE-2018-1000173 CONFIRM |
| jenkins -- jenkins |
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction. | 2018-05-08 | not yet calculated | CVE-2017-2606 BID CONFIRM CONFIRM CONFIRM |
| jenkins -- jenkins |
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. | 2018-05-08 | not yet calculated | CVE-2018-1000175 CONFIRM |
| jenkins -- jenkins |
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents. | 2018-05-08 | not yet calculated | CVE-2017-2611 BID CONFIRM CONFIRM CONFIRM |
| jenkins -- jenkins |
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. | 2018-05-10 | not yet calculated | CVE-2017-2601 BID CONFIRM CONFIRM CONFIRM |
| kde_project -- kwallet |
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | 2018-05-08 | not yet calculated | CVE-2018-10380 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| kongtop -- dvr_devices |
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. | 2018-05-08 | not yet calculated | CVE-2018-10734 MISC MISC MISC |
| lantech -- ids_2102 |
In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2018-05-04 | not yet calculated | CVE-2018-8869 BID MISC |
| lantech -- ids_2102 |
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2018-05-04 | not yet calculated | CVE-2018-8865 BID MISC |
| lenovo -- system_update |
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. | 2018-05-04 | not yet calculated | CVE-2018-9063 BID CONFIRM |
| libgxps -- libgxps |
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. | 2018-05-06 | not yet calculated | CVE-2018-10767 MISC |
| libnghttp2 -- libnghttp2 |
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. | 2018-05-08 | not yet calculated | CVE-2018-1000168 CONFIRM |
| libtiff -- libtiff |
TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. | 2018-05-08 | not yet calculated | CVE-2018-10801 MISC |
| libtiff -- libtiff |
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | 2018-05-07 | not yet calculated | CVE-2018-10779 MISC BID |
| libtiff -- libtiff |
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | 2018-05-09 | not yet calculated | CVE-2018-10963 MISC |
| liferay -- liferay |
Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. | 2018-05-07 | not yet calculated | CVE-2018-10795 MISC |
| lilypond -- lilypond |
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523. | 2018-05-11 | not yet calculated | CVE-2018-10992 MISC |
| linux -- linux_kernel |
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | 2018-05-10 | not yet calculated | CVE-2018-1130 CONFIRM CONFIRM MLIST MISC |
| linux -- linux_kernel |
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. | 2018-05-09 | not yet calculated | CVE-2018-10940 MISC MISC MISC |
| linux -- linux_kernel |
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | 2018-05-10 | not yet calculated | CVE-2018-1118 CONFIRM |
| litecart -- litecart |
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request. | 2018-05-09 | not yet calculated | CVE-2018-10827 MISC |
| microsoft -- .net_and_.net_core |
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. | 2018-05-09 | not yet calculated | CVE-2018-0765 BID SECTRACK CONFIRM |
| microsoft -- .net |
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | 2018-05-09 | not yet calculated | CVE-2018-1039 BID SECTRACK CONFIRM |
| microsoft -- azure |
A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK. | 2018-05-09 | not yet calculated | CVE-2018-8119 BID CONFIRM |
| microsoft -- chakracore_and_internet_explorer_and_edge |
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177. | 2018-05-09 | not yet calculated | CVE-2018-8145 BID SECTRACK CONFIRM |
| microsoft -- edge | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. | 2018-05-09 | not yet calculated | CVE-2018-8179 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-0945 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137. | 2018-05-09 | not yet calculated | CVE-2018-8139 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-8137 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177. | 2018-05-09 | not yet calculated | CVE-2018-0943 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177. | 2018-05-09 | not yet calculated | CVE-2018-8133 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-8128 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-0953 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177. | 2018-05-09 | not yet calculated | CVE-2018-8130 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145. | 2018-05-09 | not yet calculated | CVE-2018-8177 BID CONFIRM |
| microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-0946 BID SECTRACK CONFIRM |
| microsoft -- edge |
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | 2018-05-09 | not yet calculated | CVE-2018-8112 BID SECTRACK CONFIRM |
| microsoft -- edge |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021. | 2018-05-09 | not yet calculated | CVE-2018-8123 BID SECTRACK CONFIRM |
| microsoft -- edge |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123. | 2018-05-09 | not yet calculated | CVE-2018-1021 BID SECTRACK CONFIRM |
| microsoft -- edge |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-0951 BID SECTRACK CONFIRM |
| microsoft -- exchange_server | An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | 2018-05-09 | not yet calculated | CVE-2018-8152 BID SECTRACK CONFIRM |
| microsoft -- exchange_server |
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154. | 2018-05-09 | not yet calculated | CVE-2018-8151 BID SECTRACK CONFIRM |
| microsoft -- exchange_server |
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151. | 2018-05-09 | not yet calculated | CVE-2018-8154 BID SECTRACK CONFIRM |
| microsoft -- exchange_server |
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | 2018-05-09 | not yet calculated | CVE-2018-8159 BID SECTRACK CONFIRM |
| microsoft -- exchange_server |
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server. | 2018-05-09 | not yet calculated | CVE-2018-8153 BID SECTRACK CONFIRM |
| microsoft -- infopath |
A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath. | 2018-05-09 | not yet calculated | CVE-2018-8173 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer_and_chakracore_and_edge |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-0954 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer_and_edge | An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge. | 2018-05-09 | not yet calculated | CVE-2018-1025 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-8122 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-0955 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-8114 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer |
A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | 2018-05-09 | not yet calculated | CVE-2018-8126 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-0824 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. | 2018-05-09 | not yet calculated | CVE-2018-8178 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | 2018-05-09 | not yet calculated | CVE-2018-1022 BID SECTRACK CONFIRM |
| microsoft -- office_and_excel |
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel. | 2018-05-09 | not yet calculated | CVE-2018-8163 BID SECTRACK CONFIRM |
| microsoft -- office_and_excel |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162. | 2018-05-09 | not yet calculated | CVE-2018-8148 BID SECTRACK CONFIRM |
| microsoft -- office_and_excel |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162. | 2018-05-09 | not yet calculated | CVE-2018-8147 BID SECTRACK CONFIRM |
| microsoft -- office_and_excel |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148. | 2018-05-09 | not yet calculated | CVE-2018-8162 BID SECTRACK CONFIRM |
| microsoft -- office_and_word_and_sharepoint |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158. | 2018-05-09 | not yet calculated | CVE-2018-8161 BID SECTRACK CONFIRM |
| microsoft -- office_and_word |
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. | 2018-05-09 | not yet calculated | CVE-2018-8160 BID SECTRACK CONFIRM |
| microsoft -- office |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161. | 2018-05-09 | not yet calculated | CVE-2018-8157 BID SECTRACK CONFIRM |
| microsoft -- office |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161. | 2018-05-09 | not yet calculated | CVE-2018-8158 BID SECTRACK CONFIRM |
| microsoft -- office |
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office. | 2018-05-09 | not yet calculated | CVE-2018-8150 BID SECTRACK CONFIRM |
| microsoft -- sharepoint_and_project_server |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168. | 2018-05-09 | not yet calculated | CVE-2018-8156 BID SECTRACK CONFIRM |
| microsoft -- sharepoint_and_project_server |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156. | 2018-05-09 | not yet calculated | CVE-2018-8168 BID SECTRACK CONFIRM |
| microsoft -- sharepoint_server_and_sharepoint |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168. | 2018-05-09 | not yet calculated | CVE-2018-8149 BID SECTRACK CONFIRM |
| microsoft -- sharepoint |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168. | 2018-05-09 | not yet calculated | CVE-2018-8155 BID SECTRACK CONFIRM |
| microsoft -- windows | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141. | 2018-05-09 | not yet calculated | CVE-2018-8127 BID SECTRACK CONFIRM |
| microsoft -- windows | A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-8136 BID SECTRACK CONFIRM |
| microsoft -- windows | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166. | 2018-05-09 | not yet calculated | CVE-2018-8164 BID CONFIRM |
| microsoft -- windows | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166. | 2018-05-09 | not yet calculated | CVE-2018-8120 BID SECTRACK CONFIRM |
| microsoft -- windows | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-0959 BID SECTRACK CONFIRM |
| microsoft -- windows_scripting_host |
A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132. | 2018-05-09 | not yet calculated | CVE-2018-0854 BID SECTRACK CONFIRM |
| microsoft -- windows |
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132. | 2018-05-09 | not yet calculated | CVE-2018-0958 BID SECTRACK CONFIRM |
| microsoft -- windows |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-0961 BID SECTRACK CONFIRM |
| microsoft -- windows |
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-8134 BID SECTRACK CONFIRM |
| microsoft -- windows |
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129. | 2018-05-09 | not yet calculated | CVE-2018-8132 BID SECTRACK CONFIRM |
| microsoft -- windows |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-8174 CONFIRM |
| microsoft -- windows |
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164. | 2018-05-09 | not yet calculated | CVE-2018-8166 BID CONFIRM |
| microsoft -- windows |
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-8170 BID SECTRACK CONFIRM |
| microsoft -- windows |
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132. | 2018-05-09 | not yet calculated | CVE-2018-8129 BID SECTRACK CONFIRM |
| microsoft -- windows |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127. | 2018-05-09 | not yet calculated | CVE-2018-8141 BID SECTRACK CONFIRM |
| microsoft -- windows |
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166. | 2018-05-09 | not yet calculated | CVE-2018-8124 BID SECTRACK CONFIRM |
| microsoft -- windows |
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-8165 BID CONFIRM |
| microsoft -- windows |
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-05-09 | not yet calculated | CVE-2018-8167 BID CONFIRM |
| modbuspal -- modbuspal |
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker. | 2018-05-11 | not yet calculated | CVE-2018-10832 MISC EXPLOIT-DB |
| mp3gain -- mp3gain |
The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact. | 2018-05-07 | not yet calculated | CVE-2018-10776 MISC |
| mp3gain -- mp3gain |
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409. | 2018-05-07 | not yet calculated | CVE-2018-10778 MISC |
| mp3gain -- mp3gain |
Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-05-07 | not yet calculated | CVE-2018-10777 MISC |
| multiple_vendors -- os_kernels |
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. | 2018-05-08 | not yet calculated | CVE-2018-8897 MISC MISC MISC BID SECTRACK SECTRACK SECTRACK SECTRACK SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT MISC MISC MISC MISC MISC CONFIRM MISC UBUNTU DEBIAN MISC CONFIRM MISC MISC |
| mybb -- mybb |
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | 2018-05-11 | not yet calculated | CVE-2018-10580 MISC EXPLOIT-DB |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14474 MISC |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14479 MISC |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14478 MISC |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14477 MISC |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14475 MISC |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14480 MISC |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14476 MISC |
| mysql -- multi-master_replication_manager |
In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | 2018-05-09 | not yet calculated | CVE-2017-14481 MISC |
| opmantek -- open-audit_community |
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | 2018-05-09 | not yet calculated | CVE-2018-10314 MISC EXPLOIT-DB |
| philips -- brilliance_ct_kiosk_environment |
Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system. | 2018-05-04 | not yet calculated | CVE-2018-8861 BID MISC CONFIRM |
| philips -- brilliance_ct_scanners |
Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system. | 2018-05-04 | not yet calculated | CVE-2018-8853 BID MISC CONFIRM |
| philips -- brilliance_ct_software |
Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system. | 2018-05-04 | not yet calculated | CVE-2018-8857 BID MISC CONFIRM |
| pivotal -- application_service |
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org. | 2018-05-11 | not yet calculated | CVE-2018-1278 CONFIRM |
| pivotal -- greenplum_command_center |
Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents. | 2018-05-11 | not yet calculated | CVE-2018-1280 CONFIRM |
| pivotal -- spring-integration-zip |
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | 2018-05-11 | not yet calculated | CVE-2018-1261 CONFIRM |
| pivotal -- spring_cloud_sso_connector |
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan. | 2018-05-07 | not yet calculated | CVE-2018-1256 CONFIRM |
| pivotal -- spring_data_commons |
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system. | 2018-05-11 | not yet calculated | CVE-2018-1259 CONFIRM |
| pivotal -- spring_security_oauth |
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint. | 2018-05-11 | not yet calculated | CVE-2018-1260 CONFIRM |
| pivotal – spring_framework |
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. | 2018-05-11 | not yet calculated | CVE-2018-1257 CONFIRM |
| pivotal – spring_security_and_spring_framework |
Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. | 2018-05-11 | not yet calculated | CVE-2018-1258 CONFIRM |
| poppler -- poppler |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | 2018-05-10 | not yet calculated | CVE-2017-18267 CONFIRM |
| poppler -- poppler |
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. | 2018-05-06 | not yet calculated | CVE-2018-10768 MISC |
| postgresql -- postgresql |
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. | 2018-05-10 | not yet calculated | CVE-2018-1115 CONFIRM CONFIRM |
| prestashop -- prestashop |
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter. | 2018-05-09 | not yet calculated | CVE-2018-8824 MISC |
| prestashop -- prestashop |
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. | 2018-05-09 | not yet calculated | CVE-2018-10942 MISC |
| prosody -- prosody |
Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module. | 2018-05-09 | not yet calculated | CVE-2017-18265 MISC MISC MISC MISC DEBIAN |
| pulse_secure -- pulse_connect_secure | Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document. | 2018-05-10 | not yet calculated | CVE-2018-9849 CONFIRM |
| puppet -- puppet_enterprise_console |
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | 2018-05-08 | not yet calculated | CVE-2018-6510 CONFIRM |
| puppet -- puppet_enterprise_console |
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | 2018-05-08 | not yet calculated | CVE-2018-6511 CONFIRM |
| python-oslo-middleware -- python-oslo-middleware |
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens). | 2018-05-08 | not yet calculated | CVE-2017-2592 CONFIRM REDHAT REDHAT BID CONFIRM CONFIRM MISC CONFIRM MISC MISC MISC |
| quassel -- quassel |
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. | 2018-05-08 | not yet calculated | CVE-2018-1000178 CONFIRM MISC MLIST DEBIAN |
| quassel -- quassel |
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. | 2018-05-08 | not yet calculated | CVE-2018-1000179 CONFIRM DEBIAN |
| red_lion -- controls_sixnet-managed_industrial_switches_and_automationdirect_stride-managed_ethernet_switches |
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174. | 2018-05-09 | not yet calculated | CVE-2016-9335 MISC |
| rockwell_automation -- factorytalk_activation_products |
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later. | 2018-05-11 | not yet calculated | CVE-2017-6015 BID MISC MISC |
| rsa -- authentication_manager |
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application. | 2018-05-08 | not yet calculated | CVE-2018-1247 FULLDISC BID SECTRACK |
| rsa -- authentication_manager |
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains. | 2018-05-08 | not yet calculated | CVE-2018-1248 FULLDISC BID SECTRACK |
| ruibaby/halo -- ruibaby/halo |
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. | 2018-05-12 | not yet calculated | CVE-2018-11012 MISC |
| ruibaby/halo -- ruibaby/halo |
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | 2018-05-12 | not yet calculated | CVE-2018-11011 MISC |
| sap -- enterprise_financial_services |
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2018-05-09 | not yet calculated | CVE-2018-2419 BID CONFIRM MISC |
| sap -- identity_management |
SAP Identity Management 8.0 does not sufficiently validate an XML document accepted from an untrusted source. | 2018-05-09 | not yet calculated | CVE-2018-2416 BID CONFIRM MISC |
| sap -- identity_management |
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | 2018-05-09 | not yet calculated | CVE-2018-2417 BID CONFIRM MISC |
| sap -- internet_graphics_server_and_rfc_listener |
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 2018-05-09 | not yet calculated | CVE-2018-2423 BID CONFIRM MISC |
| sap -- internet_graphics_server_portwatcher |
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 2018-05-09 | not yet calculated | CVE-2018-2422 BID CONFIRM MISC |
| sap -- internet_graphics_server_portwatcher |
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 2018-05-09 | not yet calculated | CVE-2018-2421 BID CONFIRM MISC |
| sap -- internet_graphics_server |
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | 2018-05-09 | not yet calculated | CVE-2018-2420 BID CONFIRM MISC |
| sap -- maxdb_odbc_driver |
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | 2018-05-09 | not yet calculated | CVE-2018-2418 BID CONFIRM MISC |
| sap -- netweaver_application_server_java_web_container_and_http_service |
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | 2018-05-09 | not yet calculated | CVE-2018-2415 BID CONFIRM MISC |
| sdcms -- sdcms |
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. | 2018-05-12 | not yet calculated | CVE-2018-11004 MISC |
| severalnines -- clustercontrol |
Severalnines ClusterControl before 1.6.0-4699 allows XSS. | 2018-05-08 | not yet calculated | CVE-2018-10817 MISC |
| shanghai -- 2345_security_guard | In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014. | 2018-05-08 | not yet calculated | CVE-2018-10796 MISC |
| shanghai -- 2345_security_guard | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550. | 2018-05-09 | not yet calculated | CVE-2018-10954 MISC |
| shanghai -- 2345_security_guard | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104. | 2018-05-10 | not yet calculated | CVE-2018-10975 MISC |
| shanghai -- 2345_security_guard | In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873. | 2018-05-08 | not yet calculated | CVE-2018-10809 MISC MISC EXPLOIT-DB |
| shanghai -- 2345_security_guard | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548. | 2018-05-09 | not yet calculated | CVE-2018-10955 MISC |
| shanghai -- 2345_security_guard |
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050. | 2018-05-10 | not yet calculated | CVE-2018-10976 MISC |
| shanghai -- 2345_security_guard |
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100. | 2018-05-10 | not yet calculated | CVE-2018-10974 MISC |
| shanghai -- 2345_security_guard |
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4. | 2018-05-10 | not yet calculated | CVE-2018-10977 MISC |
| shanghai -- 2345_security_guard |
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0. | 2018-05-09 | not yet calculated | CVE-2018-10830 MISC |
| shanghai -- 2345_security_guard |
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered. | 2018-05-09 | not yet calculated | CVE-2018-10962 MISC |
| shanghai -- 2345_security_guard |
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088. | 2018-05-09 | not yet calculated | CVE-2018-10952 MISC |
| shanghai -- 2345_security_guard |
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C. | 2018-05-09 | not yet calculated | CVE-2018-10953 MISC |
| shenzhen_anni -- 5_in_1_xvr_devices |
download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password. | 2018-05-09 | not yet calculated | CVE-2018-10770 MISC MISC |
| silex_technology_and_ge_healthcare -- silex_technology_sd-320an_and_ge_healthcare_mobilelink_geh_320an |
Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. | 2018-05-09 | not yet calculated | CVE-2018-6021 MISC |
| silex_technology_and_ge_healthcare -- silex_technology_sx-500_and_ge_healthcare_mobilelink_geh_500 |
In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. | 2018-05-09 | not yet calculated | CVE-2018-6020 MISC |
| synology -- calendar |
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | 2018-05-10 | not yet calculated | CVE-2018-8915 CONFIRM |
| synology -- drive |
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 2018-05-10 | not yet calculated | CVE-2018-8910 CONFIRM |
| synology -- media_server |
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. | 2018-05-10 | not yet calculated | CVE-2018-8914 CONFIRM |
| synology -- note_station |
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 2018-05-09 | not yet calculated | CVE-2018-8911 CONFIRM |
| synology -- note_station |
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. | 2018-05-09 | not yet calculated | CVE-2018-8912 CONFIRM |
| vecna -- vgo_robot |
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. | 2018-05-09 | not yet calculated | CVE-2018-8860 BID MISC |
| vecna -- vgo_robot |
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection. | 2018-05-09 | not yet calculated | CVE-2018-8866 BID MISC |
| vesta -- control_panel |
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | 2018-05-06 | not yet calculated | CVE-2018-10686 MISC MISC |
| wildfly -- wildfly |
An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. | 2018-05-09 | not yet calculated | CVE-2018-10682 MISC |
| xdg-utils -- xdg-utils |
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | 2018-05-10 | not yet calculated | CVE-2017-18266 MISC MISC MISC MISC |
| xen -- xen |
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. | 2018-05-10 | not yet calculated | CVE-2018-10982 CONFIRM CONFIRM |
| xen -- xen |
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | 2018-05-10 | not yet calculated | CVE-2018-10981 CONFIRM CONFIRM |
| yxcms -- yxcms |
An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. | 2018-05-12 | not yet calculated | CVE-2018-11003 MISC |
| z-nomp -- z-nomp |
Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies. | 2018-05-09 | not yet calculated | CVE-2018-10831 MISC MISC |
| zimbra -- collaboration_suite |
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump. | 2018-05-09 | not yet calculated | CVE-2018-10950 MISC |
| zimbra -- collaboration_suite |
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | 2018-05-09 | not yet calculated | CVE-2018-10951 MISC |
| zimbra -- collaboration_suite |
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors. | 2018-05-09 | not yet calculated | CVE-2018-10949 MISC |
| zoho_manageengine -- netflow_analyzer |
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. | 2018-05-10 | not yet calculated | CVE-2018-10803 CONFIRM |
| zoho_manageengine -- servicedesk_plus |
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not. | 2018-05-11 | not yet calculated | CVE-2018-7248 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-134
Comments
Post a Comment