SB18-099: Vulnerability Summary for the Week of April 2, 2018

Original release date: April 09, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
allen_bradley — micrologix_1400_series_b_firmware
 
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-12093
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 0037 Fault Type: Recoverable Description: The STI, EII, and HSC function files contain bits signifying whether or not a fault has occurred. Additionally there is a bit signaling the module to auto start. When these bits are set for any of the three modules and the device is moved into a run state, a fault is triggered. 2018-04-05 not yet calculated CVE-2017-14471
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix. 2018-04-05 not yet calculated CVE-2017-14470
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file. 2018-04-05 not yet calculated CVE-2017-14466
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware. 2018-04-05 not yet calculated CVE-2017-14468
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name. 2018-04-05 not yet calculated CVE-2017-14462
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed. 2018-04-05 not yet calculated CVE-2017-14464
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-12089
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values. 2018-04-05 not yet calculated CVE-2017-14463
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password. 2018-04-05 not yet calculated CVE-2017-14472
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix. 2018-04-05 not yet calculated CVE-2017-14469
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC. 2018-04-05 not yet calculated CVE-2017-14465
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used. 2018-04-05 not yet calculated CVE-2017-14467
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-12090
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX. 2018-04-05 not yet calculated CVE-2017-14473
MISC
allen_bradley — micrologix_1400_series_b_frn
 
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability 2018-04-05 not yet calculated CVE-2017-12088
MISC
apache — hive_jdbc_driver
 
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. 2018-04-05 not yet calculated CVE-2018-1282
MLIST
apache — hive
 
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false. 2018-04-05 not yet calculated CVE-2018-1284
MLIST
apache — hive
 
In Apache Hive 2.1.0 to 2.3.2, when ‘COPY FROM FTP’ statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently. 2018-04-05 not yet calculated CVE-2018-1315
MLIST
apache — ignite
 
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components – discovery SPI, Ignite persistence, Memcached endpoint, socket steamer. 2018-04-02 not yet calculated CVE-2018-1295
MLIST
apple — ios_and_macos_and_tvos
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the “Wi-Fi” component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11. 2018-04-03 not yet calculated CVE-2017-7065
BID
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the “CoreFoundation” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4158
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the “LinkPresentation” component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. 2018-04-03 not yet calculated CVE-2018-4100
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-7002
BID
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “Mail” component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface. 2018-04-03 not yet calculated CVE-2018-4174
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “PluginKit” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4156
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-7001
BID
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “Storage” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4154
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “WindowServer” component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states. 2018-04-03 not yet calculated CVE-2018-4131
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
MISC
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “Security” component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app. 2018-04-03 not yet calculated CVE-2017-7004
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “iCloud Drive” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4151
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-7000
BID
BID
REDHAT
GENTOO
CONFIRM
CONFIRM
DEBIAN
apple — ios_and_safari_and_tvos
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “JavaScriptCore” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. 2018-04-03 not yet calculated CVE-2017-2492
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_tvos
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the “JavaScriptCore” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-7005
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4109
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Core Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4095
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Core Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4087
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_tvos
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the “App Store” component. It allows man-in-the-middle attackers to spoof password prompts. 2018-04-03 not yet calculated CVE-2017-7164
CONFIRM
CONFIRM
apple — ios_and_tvos
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the “Wi-Fi” component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11. 2018-04-03 not yet calculated CVE-2017-7066
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Profiles” component. It does not enforce the configuration profile’s settings for whether pairings are allowed. 2018-04-03 not yet calculated CVE-2017-13806
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Telephony” component. A buffer overflow allows remote attackers to execute arbitrary code. 2018-04-03 not yet calculated CVE-2018-4148
BID
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the “Safari Login AutoFill” component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement. 2018-04-03 not yet calculated CVE-2018-4137
SECTRACK
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the user interface via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4134
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Web App” component. It allows remote attackers to bypass intended restrictions on cookie persistence. 2018-04-03 not yet calculated CVE-2018-4110
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Files Widget” component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device. 2018-04-03 not yet calculated CVE-2018-4168
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Find My iPhone” component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the “Find My iPhone” feature via vectors involving a backup restore. 2018-04-03 not yet calculated CVE-2018-4172
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Sandbox Profiles” component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app. 2018-04-03 not yet calculated CVE-2017-6976
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the “Clock” component. It allows physically proximate attackers to discover the iTunes e-mail address. 2018-04-03 not yet calculated CVE-2018-4123
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Telephony” component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message. 2018-04-03 not yet calculated CVE-2018-4140
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Sandbox Profiles” component. It allows attackers to determine whether arbitrary files exist via a crafted app. 2018-04-03 not yet calculated CVE-2017-13877
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Notes” component. It allows local users to obtain sensitive information by reading search results that contain locked-note content. 2018-04-03 not yet calculated CVE-2017-7075
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “APNs” component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates. 2018-04-03 not yet calculated CVE-2017-13863
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “SafariViewController” component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page. 2018-04-03 not yet calculated CVE-2018-4149
BID
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Spotlight” component. It allows local users to see results for other users’ files. 2018-04-03 not yet calculated CVE-2017-13839
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Admin Framework” component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. 2018-04-03 not yet calculated CVE-2018-4170
BID
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “kext tools” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading. 2018-04-03 not yet calculated CVE-2017-13827
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Touch Bar Support” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4083
CONFIRM
EXPLOIT-DB
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “DesktopServices” component. It allows local users to bypass intended access restrictions on home folder files. 2018-04-03 not yet calculated CVE-2017-13851
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the “CoreTypes” component. It allows remote attackers to trigger disk-image mounting via a crafted web site. 2018-04-03 not yet calculated CVE-2017-13890
BID
SECTRACK
CONFIRM
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid. 2018-04-03 not yet calculated CVE-2017-7070
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “PDFKit” component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document. 2018-04-03 not yet calculated CVE-2018-4107
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “NVIDIA Graphics Drivers” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2018-04-03 not yet calculated CVE-2018-4138
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Font Importer” component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font. 2018-04-03 not yet calculated CVE-2017-13850
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Sandbox” component. It allows bypass of a sandbox protection mechanism. 2018-04-03 not yet calculated CVE-2018-4091
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Disk Management” component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. 2018-04-03 not yet calculated CVE-2018-4108
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “kext tools” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4139
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Wi-Fi” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2018-04-03 not yet calculated CVE-2018-4084
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4160
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4132
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Notes” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4152
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “IOFireWireFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4135
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the “Terminal” component. It allows user-assisted attackers to inject arbitrary commands within pasted content. 2018-04-03 not yet calculated CVE-2018-4106
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “IOHIDFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4098
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “AppleGraphicsControl” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2017-13853
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “ATS” component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. 2018-04-03 not yet calculated CVE-2018-4112
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4136
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “APFS” component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. 2018-04-03 not yet calculated CVE-2018-4105
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2018-04-03 not yet calculated CVE-2017-7173
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Disk Images” component. It allows attackers to trigger an app launch upon mounting a crafted disk image. 2018-04-03 not yet calculated CVE-2018-4176
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Security” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2017-7170
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4097
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Installer” component. It does not properly restrict an app’s entitlements for accessing the FileVault unlock key. 2018-04-03 not yet calculated CVE-2017-13837
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Mail” component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. 2018-04-03 not yet calculated CVE-2018-4111
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “LaunchServices” component. It allows attackers to bypass the code-signing protection mechanism via a crafted app. 2018-04-03 not yet calculated CVE-2018-4175
BID
SECTRACK
CONFIRM
apple — mulitple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2018-04-03 not yet calculated CVE-2018-4090
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — multiple_products An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “File System Events” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4167
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4130
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4146
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4122
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4129
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “CoreAnimation” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2017-7171
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a crafted string containing a certain Telugu character. 2018-04-03 not yet calculated CVE-2018-4124
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4117
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4125
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Kernel” component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app. 2018-04-03 not yet calculated CVE-2017-13873
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. 2018-04-03 not yet calculated CVE-2018-4094
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (application crash) via a crafted file. 2018-04-03 not yet calculated CVE-2017-7003
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4114
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4162
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2018-04-03 not yet calculated CVE-2018-4093
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4128
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “CoreFoundation” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4155
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2018-04-03 not yet calculated CVE-2018-4104
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the “WebKit” component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. 2018-04-03 not yet calculated CVE-2018-4113
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4120
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. 2018-04-03 not yet calculated CVE-2017-7153
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4119
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4096
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “CFNetwork Session” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2017-7172
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4143
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4118
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4088
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (application crash) via a crafted string. 2018-04-03 not yet calculated CVE-2018-4142
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “NSURLSession” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4166
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4082
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4101
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Quick Look” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4157
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site. 2018-04-03 not yet calculated CVE-2017-2493
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Security” component. It allows remote attackers to spoof certificate validation via crafted name constraints. 2018-04-03 not yet calculated CVE-2018-4086
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app. 2018-04-03 not yet calculated CVE-2018-4092
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4163
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2018-4150
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4089
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-13884
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “QuartzCore” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4085
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2017-13854
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4165
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2018-04-03 not yet calculated CVE-2017-13904
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-13885
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4127
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4121
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4161
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-7165
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the “System Preferences” component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence. 2018-04-03 not yet calculated CVE-2018-4115
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Security” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. 2018-04-03 not yet calculated CVE-2018-4144
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2018-04-03 not yet calculated CVE-2017-7071
BID
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4102
BID
SECTRACK
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the “WebKit” component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2018-04-03 not yet calculated CVE-2018-4133
BID
SECTRACK
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. 2018-04-03 not yet calculated CVE-2017-7161
CONFIRM
UBUNTU
apple — safari
 
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted web site. 2018-04-03 not yet calculated CVE-2018-4116
SECTRACK
CONFIRM
apple — xcode
 
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the “LLVM” component. 2018-04-03 not yet calculated CVE-2018-4164
MISC
MISC
BID
SECTRACK
MISC
CONFIRM
apple — xcode
 
An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the “ld64” component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code. 2018-04-03 not yet calculated CVE-2017-7167
CONFIRM
asus — multiple_routers
 
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. 2018-04-04 not yet calculated CVE-2018-9285
MISC
MISC
atlassian — application_links
 
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location’s OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. 2018-04-04 not yet calculated CVE-2017-18096
CONFIRM
atlassian — jira
 
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. 2018-04-06 not yet calculated CVE-2017-18097
CONFIRM
atlassian — jira
 
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. 2018-04-06 not yet calculated CVE-2017-18098
CONFIRM
auth0 — auth0
 
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. 2018-04-04 not yet calculated CVE-2018-6873
MISC
avatar_uploader — avatar_uploader
 
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn’t verify users or sanitize the file path. 2018-04-04 not yet calculated CVE-2018-9205
MISC
MISC
MISC
axis — m1033-w_ip_camera_firmware
 
** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn’t verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with “<!–#exec cmd=” support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. 2018-04-01 not yet calculated CVE-2018-9157
MISC
axis — m1033-w_ip_camera_firmware
 
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don’t employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end. 2018-04-01 not yet calculated CVE-2018-9158
MISC
axis — p1354_ip_camera_firmware
 
** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn’t verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with “<!–#exec cmd=” support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. 2018-04-01 not yet calculated CVE-2018-9156
MISC
beep — beep
 
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. 2018-04-03 not yet calculated CVE-2018-0492
MLIST
CONFIRM
CONFIRM
DEBIAN
bitdefender_antivirus — bitdefender_antivirus
 
The Bitdefender Antivirus 6.2.19.890 component, as configured for AV Defender in SolarWinds N-Central and possibly other products, attempts to access hosts in the bitdefeder.net Potentially Unwanted Domain (a domain similar to “bitdefender.net” but with a missing ‘n’ character) in unspecified circumstances. The observed hostnames are of the form upgr-midgress-##.htz.bitdefeder.net; however, all hostnames ending in .bitdefeder.net apparently resolve to the same IP address. This product behavior may allow remote attackers to block antivirus updates or potentially provide crafted updates, either by controlling that IP address or by purchasing the bitdefeder.net domain name. 2018-04-05 not yet calculated CVE-2018-9329
MISC
MISC
botan — botan
 
Botan 2.2.0 – 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a ‘b’ character. 2018-04-02 not yet calculated CVE-2018-9127
MISC
brave_software — brave_browser
 
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. 2018-04-03 not yet calculated CVE-2016-10718
CONFIRM
CONFIRM
CONFIRM
brave_software — brave_browser
 
Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled. 2018-04-03 not yet calculated CVE-2017-18256
CONFIRM
brilliantts — fuze_card
 
An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool. 2018-04-04 not yet calculated CVE-2018-9119
MISC
MISC
MISC
circle_media — circle_with_disney
 
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed “de-auth” packets to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-12095
MISC
cisco — ios_xe_software
 
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. 2018-04-02 not yet calculated CVE-2018-0194
BID
CONFIRM
cmapcoverage.cpp — cmapcoverage.cpp
 
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908. 2018-04-04 not yet calculated CVE-2017-13275
CONFIRM
coremail — coremail
 
register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. 2018-04-07 not yet calculated CVE-2018-9330
MISC
csrf — csrf
 
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. 2018-04-04 not yet calculated CVE-2018-6874
MISC
d-link — dir-601_devices
 
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator’s panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. 2018-03-30 not yet calculated CVE-2018-5708
FULLDISC
EXPLOIT-DB
d-link — dir-868l_devices
 
authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. 2018-04-04 not yet calculated CVE-2018-9284
MISC
MISC
d-link — dsl-3782_devices
 
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the ‘set Diagnostics_Entry’ function in an HTTP request, related to /userfs/bin/tcapi. 2018-04-03 not yet calculated CVE-2018-8941
MISC
dedecms — dedecms
 
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php. 2018-04-01 not yet calculated CVE-2018-9175
MISC
dedecms — dedecms
 
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker’s control. 2018-04-01 not yet calculated CVE-2018-9174
MISC
dnnarticle — dnnarticle
 
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. 2018-04-04 not yet calculated CVE-2018-9126
MISC
EXPLOIT-DB
dsmall — dsmall
 
dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. 2018-04-04 not yet calculated CVE-2018-9307
MISC
duckduckgo — duckduckgo
 
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. 2018-04-01 not yet calculated CVE-2018-6849
MISC
MISC
MISC
MISC
EXPLOIT-DB
dvd_x_player — dvd_x_player_standard
 
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068. 2018-04-01 not yet calculated CVE-2018-9128
MISC
etcd — etcd
 
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). 2018-04-03 not yet calculated CVE-2018-1099
CONFIRM
CONFIRM
etcd — etcd
 
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can’t PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. 2018-04-03 not yet calculated CVE-2018-1098
CONFIRM
CONFIRM
etherpad — etherpad
 
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. 2018-04-07 not yet calculated CVE-2018-9325
CONFIRM
etherpad — etherpad
 
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code. 2018-04-07 not yet calculated CVE-2018-9326
CONFIRM
etherpad — etherpad
 
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB). 2018-04-07 not yet calculated CVE-2018-9327
CONFIRM
exiv2 — exiv2
 
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the “== 0x1c” case. 2018-04-04 not yet calculated CVE-2018-9305
MISC
MISC
exiv2 — exiv2
 
In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. 2018-04-04 not yet calculated CVE-2018-9304
MISC
MISC
exiv2 — exiv2
 
In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. 2018-04-04 not yet calculated CVE-2018-9303
MISC
exiv2 — exiv2
 
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the “!= 0x1c” case. 2018-04-04 not yet calculated CVE-2018-9306
MISC
MISC
f5 — big-ip_asm
 
F5 BIG-IP ASM version 12.1.0 – 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request. 2018-04-03 not yet calculated CVE-2016-7472
BID
BID
SECTRACK
CONFIRM
ffmpeg — ffmpeg
 
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. 2018-04-07 not yet calculated CVE-2018-9841
MISC
fiberhome — vdsl2_modem_hg_150-ub_devices
 
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location=’login.html’ JavaScript code in the response to an unauthenticated request. 2018-04-04 not yet calculated CVE-2018-9249
MISC
fiberhome — vdsl2_modem_hg
 
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a “Cookie: Name=0admin” header. 2018-04-04 not yet calculated CVE-2018-9248
MISC
EXPLOIT-DB
foreman — foreman
 
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database. 2018-04-05 not yet calculated CVE-2018-1096
CONFIRM
CONFIRM
foreman — foreman
 
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. 2018-04-04 not yet calculated CVE-2018-1097
CONFIRM
CONFIRM
CONFIRM
freebsd — freebsd
 
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash. 2018-04-04 not yet calculated CVE-2018-6918
BID
SECTRACK
FREEBSD
freebsd — freebsd
 
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data. 2018-04-04 not yet calculated CVE-2018-6919
CONFIRM
freebsd — freebsd
 
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data. 2018-04-04 not yet calculated CVE-2018-6917
BID
SECTRACK
FREEBSD
frog_cms — frog_cms
 
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application’s add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. 2018-03-31 not yet calculated CVE-2018-8908
MISC
EXPLOIT-DB
getsimple_cms — getsimple_cms
 
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. 2018-04-01 not yet calculated CVE-2018-9173
CONFIRM
EXPLOIT-DB
gitlab — community_and_enterprise_editions
 
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. 2018-04-05 not yet calculated CVE-2018-9243
MISC
gitlab — community_and_enterprise_editions
 
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. 2018-04-05 not yet calculated CVE-2018-9244
MISC
gleez_cms — gleez_cms
 
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action. 2018-04-05 not yet calculated CVE-2018-7035
MISC
gnu — gnu
 
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD’s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. 2018-04-06 not yet calculated CVE-2018-1000156
MISC
MISC
CONFIRM
MISC
gnupg — gnupg
 
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. 2018-04-03 not yet calculated CVE-2018-9234
MISC
google — android A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081. 2018-04-04 not yet calculated CVE-2017-13295
CONFIRM
google — android In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292. 2018-04-04 not yet calculated CVE-2017-13261
BID
CONFIRM
EXPLOIT-DB
EXPLOIT-DB
google — android
 
In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768. 2018-04-04 not yet calculated CVE-2017-13288
CONFIRM
google — android
 
In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702. 2018-04-04 not yet calculated CVE-2017-13251
BID
CONFIRM
google — android
 
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251. 2018-04-04 not yet calculated CVE-2017-13286
CONFIRM
google — android
 
In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464. 2018-04-04 not yet calculated CVE-2017-13287
CONFIRM
google — android
 
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046. 2018-04-05 not yet calculated CVE-2015-9016
CONFIRM
CONFIRM
google — android
 
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999. 2018-04-04 not yet calculated CVE-2017-13304
CONFIRM
google — android
 
In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612. 2018-04-04 not yet calculated CVE-2017-13248
BID
CONFIRM
google — android
 
In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137. 2018-04-04 not yet calculated CVE-2017-13272
BID
CONFIRM
google — android
 
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284. 2018-04-04 not yet calculated CVE-2017-13262
BID
CONFIRM
EXPLOIT-DB
EXPLOIT-DB
google — android
 
A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423. 2018-04-04 not yet calculated CVE-2017-13265
CONFIRM
google — android
 
In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692. 2018-04-04 not yet calculated CVE-2017-13257
BID
CONFIRM
google — android
 
In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599. 2018-04-04 not yet calculated CVE-2017-13276
CONFIRM
google — android
 
In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027. 2018-04-04 not yet calculated CVE-2017-13277
CONFIRM
google — android
 
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744. 2018-04-05 not yet calculated CVE-2017-0744
BID
CONFIRM
google — android
 
In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408. 2018-04-04 not yet calculated CVE-2017-13249
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454. 2018-04-04 not yet calculated CVE-2017-13296
CONFIRM
google — android
 
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251. 2018-04-04 not yet calculated CVE-2017-13260
BID
CONFIRM
EXPLOIT-DB
EXPLOIT-DB
google — android
 
A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507. 2018-04-04 not yet calculated CVE-2017-13254
CONFIRM
google — android
 
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034. 2018-04-04 not yet calculated CVE-2017-13269
CONFIRM
google — android
 
A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449. 2018-04-04 not yet calculated CVE-2017-13294
CONFIRM
google — android
 
In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126. 2018-04-04 not yet calculated CVE-2017-13285
CONFIRM
google — android
 
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394. 2018-04-04 not yet calculated CVE-2017-13299
CONFIRM
google — android
 
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501. 2018-04-04 not yet calculated CVE-2017-13303
CONFIRM
google — android
 
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553. 2018-04-04 not yet calculated CVE-2017-13291
CONFIRM
google — android
 
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941. 2018-04-04 not yet calculated CVE-2017-13266
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160. 2018-04-04 not yet calculated CVE-2017-13263
CONFIRM
google — android
 
In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966. 2018-04-04 not yet calculated CVE-2017-13256
BID
CONFIRM
google — android
 
In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439. 2018-04-04 not yet calculated CVE-2017-13279
CONFIRM
google — android
 
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482. 2018-04-05 not yet calculated CVE-2016-8482
CONFIRM
BID
CONFIRM
google — android
 
In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201. 2018-04-04 not yet calculated CVE-2017-13292
CONFIRM
google — android
 
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711. 2018-04-04 not yet calculated CVE-2017-13301
CONFIRM
google — android
 
In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702. 2018-04-04 not yet calculated CVE-2017-13252
BID
CONFIRM
google — android
 
In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410. 2018-04-04 not yet calculated CVE-2017-13283
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063. 2018-04-04 not yet calculated CVE-2017-13306
CONFIRM
google — android
 
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744. 2018-04-04 not yet calculated CVE-2017-13270
CONFIRM
google — android
 
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. 2018-04-04 not yet calculated CVE-2017-13305
CONFIRM
google — android
 
In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546. 2018-04-04 not yet calculated CVE-2017-13259
BID
CONFIRM
google — android
 
In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564. 2018-04-04 not yet calculated CVE-2017-13289
CONFIRM
google — android
 
In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273. 2018-04-04 not yet calculated CVE-2017-13284
CONFIRM
google — android
 
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009. 2018-04-04 not yet calculated CVE-2017-13267
CONFIRM
google — android
 
A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343. 2018-04-04 not yet calculated CVE-2017-13264
CONFIRM
google — android
 
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315. 2018-04-04 not yet calculated CVE-2017-13282
CONFIRM
google — android
 
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799. 2018-04-04 not yet calculated CVE-2017-13271
CONFIRM
google — android
 
In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536. 2018-04-04 not yet calculated CVE-2017-13250
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924. 2018-04-04 not yet calculated CVE-2017-13307
CONFIRM
google — android
 
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749. 2018-04-04 not yet calculated CVE-2017-13302
CONFIRM
google — android
 
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755. 2018-04-04 not yet calculated CVE-2017-13258
BID
CONFIRM
EXPLOIT-DB
EXPLOIT-DB
google — android
 
In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451. 2018-04-04 not yet calculated CVE-2017-13280
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721. 2018-04-04 not yet calculated CVE-2017-13297
CONFIRM
google — android
 
In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054. 2018-04-04 not yet calculated CVE-2017-13255
BID
CONFIRM
google — android
 
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378. 2018-04-04 not yet calculated CVE-2017-13253
BID
CONFIRM
EXPLOIT-DB
google — android
 
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394. 2018-04-04 not yet calculated CVE-2017-13300
CONFIRM
google — android
 
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262. 2018-04-04 not yet calculated CVE-2017-13281
CONFIRM
google — android
 
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064. 2018-04-04 not yet calculated CVE-2017-13268
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051. 2018-04-04 not yet calculated CVE-2017-13298
CONFIRM
google — android
 
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761. 2018-04-04 not yet calculated CVE-2017-13274
CONFIRM
google — android
 
In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581. 2018-04-04 not yet calculated CVE-2017-13278
CONFIRM
google — android
 
In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701. 2018-04-04 not yet calculated CVE-2017-13293
CONFIRM
google — android
 
In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124. 2018-04-04 not yet calculated CVE-2017-13290
CONFIRM
gxlcms_qy — gxlcms_qy
 
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. 2018-04-07 not yet calculated CVE-2018-9852
MISC
gxlcms_qy — gxlcms_qy
 
In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. 2018-04-07 not yet calculated CVE-2018-9847
MISC
gxlcms_qy — gxlcms_qy
 
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of ‘|’ instead of ‘/’ as a directory separator, in conjunction with a “..” sequence. 2018-04-07 not yet calculated CVE-2018-9851
MISC
gxlcms_qy — gxlcms_qy
 
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request. 2018-04-07 not yet calculated CVE-2018-9848
MISC
gxlcms_qy — gxlcms_qy
 
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename. 2018-04-03 not yet calculated CVE-2018-9247
MISC
gxlcms_qy — gxlcms_qy
 
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. 2018-04-07 not yet calculated CVE-2018-9850
MISC
ibm — business_process_manager
 
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605. 2018-04-04 not yet calculated CVE-2018-1469
CONFIRM
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152. 2018-03-30 not yet calculated CVE-2017-1767
CONFIRM
BID
SECTRACK
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. 2018-03-30 not yet calculated CVE-2018-1384
CONFIRM
BID
SECTRACK
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150. 2018-03-30 not yet calculated CVE-2017-1765
CONFIRM
BID
SECTRACK
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. 2018-03-30 not yet calculated CVE-2017-1756
CONFIRM
BID
MISC
ibm — financial_transaction_manager_for_check_services_for_multi-platform
 
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. 2018-03-30 not yet calculated CVE-2018-1390
CONFIRM
BID
MISC
ibm — gskit_and_spectrum_protect_snapshot
 
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972. 2018-04-04 not yet calculated CVE-2018-1447
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
ibm — qradar
 
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914. 2018-04-04 not yet calculated CVE-2017-1733
CONFIRM
MISC
ibm — qradar
 
IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122. 2018-04-04 not yet calculated CVE-2017-1624
CONFIRM
MISC
ibm — security_privileged_identity_manager
 
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427. 2018-03-30 not yet calculated CVE-2017-1705
CONFIRM
BID
MISC
ibm — tivoli_security_directory_server
 
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694. 2018-04-03 not yet calculated CVE-2015-1975
CONFIRM
XF
ibm — websphere_datapower_appliances
 
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023. 2018-04-04 not yet calculated CVE-2018-1421
CONFIRM
MISC
ibm — websphere_mq
 
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520. 2018-03-30 not yet calculated CVE-2017-1747
CONFIRM
BID
MISC
ibm — worklight
 
IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786. 2018-04-04 not yet calculated CVE-2017-1772
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network. 2018-04-05 not yet calculated CVE-2018-3624
CONFIRM
intel — remote_keyboard
 
Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session. 2018-04-03 not yet calculated CVE-2018-3645
CONFIRM
intel — remote_keyboard
 
Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user. 2018-04-03 not yet calculated CVE-2018-3638
CONFIRM
intel — remote_keyboard
 
Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user. 2018-04-03 not yet calculated CVE-2018-3641
CONFIRM
intel — software_guard_extensions_platform_software_component
 
AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. 2018-04-03 not yet calculated CVE-2018-3689
CONFIRM
intel — spi_flash
 
Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service. 2018-04-03 not yet calculated CVE-2017-5703
SECTRACK
CONFIRM
iscripts — easycreate
 
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the “Site Description” field. 2018-04-04 not yet calculated CVE-2018-9237
MISC
iscripts — easycreate
 
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the “Site title” field. 2018-04-04 not yet calculated CVE-2018-9236
MISC

iscripts — sonicbb

 

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. 2018-04-04 not yet calculated CVE-2018-9235
MISC
jasper — jasper
 
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. 2018-04-03 not yet calculated CVE-2018-9252
MISC
jenkins — jenkins
 
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them. 2018-04-05 not yet calculated CVE-2018-1000145
CONFIRM
jenkins — jenkins
 
An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (“test connection”). 2018-04-05 not yet calculated CVE-2018-1000152
CONFIRM
jenkins — jenkins
 
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. 2018-04-05 not yet calculated CVE-2018-1000143
CONFIRM
jenkins — jenkins
 
A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. 2018-04-05 not yet calculated CVE-2018-1000144
CONFIRM
jenkins — jenkins
 
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. 2018-04-05 not yet calculated CVE-2018-1000142
CONFIRM
jenkins — jenkins
 
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default. 2018-04-05 not yet calculated CVE-2018-1000151
CONFIRM
jenkins — jenkins
 
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users. 2018-04-05 not yet calculated CVE-2018-1000150
CONFIRM
jenkins — jenkins
 
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them 2018-04-05 not yet calculated CVE-2018-1000147
CONFIRM
jenkins — jenkins
 
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM. 2018-04-05 not yet calculated CVE-2018-1000146
CONFIRM
jenkins — jenkins
 
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (“test connection”). 2018-04-05 not yet calculated CVE-2018-1000153
CONFIRM
jenkins — jenkins
 
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system. 2018-04-05 not yet calculated CVE-2018-1000148
CONFIRM
jenkins — jenkins
 
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default. 2018-04-05 not yet calculated CVE-2018-1000149
CONFIRM
joomla! — joomla!
 
The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. 2018-04-02 not yet calculated CVE-2018-9183
MISC
EXPLOIT-DB
MISC
juniper_networks — junos_space
 
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. 2018-04-05 not yet calculated CVE-2014-3413
CONFIRM
MISC
koji — koji
 
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. 2018-04-04 not yet calculated CVE-2018-1002150
CONFIRM
CONFIRM
libming — libming
 
The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file. 2018-04-01 not yet calculated CVE-2018-9165
CONFIRM
libxml2 — libxml2
 
The xz_decomp function in xzlib.c in libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. 2018-04-03 not yet calculated CVE-2018-9251
MISC
linux — linux_kernel
 
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. 2018-04-01 not yet calculated CVE-2018-1092
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. 2018-04-01 not yet calculated CVE-2018-1094
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. 2018-04-01 not yet calculated CVE-2018-1093
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. 2018-04-01 not yet calculated CVE-2018-1095
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. 2018-04-04 not yet calculated CVE-2017-18257
MISC
MISC
mcafee — epolicy_orchestrator
 
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. 2018-04-02 not yet calculated CVE-2018-6660
BID
CONFIRM
mcafee — epolicy_orchestrator
 
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. 2018-04-02 not yet calculated CVE-2018-6659
BID
CONFIRM
mcafee — mulitple_products
 
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. 2018-04-03 not yet calculated CVE-2017-4028
BID
CONFIRM
mcafee — network_security_management
 
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user’s browser via reusing the exposed session token in the application URL. 2018-04-04 not yet calculated CVE-2017-3966
CONFIRM
mcafee — network_security_management
 
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. 2018-04-03 not yet calculated CVE-2017-3972
CONFIRM
mcafee — network_security_management
 
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. 2018-04-04 not yet calculated CVE-2017-3965
CONFIRM
mcafee — network_security_management
 
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter. 2018-04-04 not yet calculated CVE-2017-3964
CONFIRM
mcafee — network_security_management
 
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. 2018-04-04 not yet calculated CVE-2017-3971
CONFIRM
mcafee — network_security_management
 
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames. 2018-04-04 not yet calculated CVE-2017-3967
CONFIRM
mcafee — network_security_management
 
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. 2018-04-04 not yet calculated CVE-2017-3969
CONFIRM
mcafee — true_key
 
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. 2018-04-02 not yet calculated CVE-2018-6661
CONFIRM
microsoft — malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka “Microsoft Malware Protection Engine Remote Code Execution Vulnerability”. 2018-04-04 not yet calculated CVE-2018-0986
BID
SECTRACK
CONFIRM
EXPLOIT-DB
microsoft — windows_kernel
 
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka “Windows Kernel Elevation of Privilege Vulnerability.” 2018-04-02 not yet calculated CVE-2018-1038
BID
CONFIRM
moodle — moodle
 
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. 2018-04-04 not yet calculated CVE-2018-1081
CONFIRM
CONFIRM
moodle — moodle
 
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site. 2018-04-04 not yet calculated CVE-2018-1082
CONFIRM
CONFIRM
moxa — awk-3131a_wireless_access_point
 
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. 2018-04-02 not yet calculated CVE-2016-8717
MISC
moxa — mxview
 
The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information. 2018-04-06 not yet calculated CVE-2018-7506
MISC
natus — xltek_neuroworks_newproducerstream
 
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-2868
MISC
natus — xltek_neuroworks
 
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-2869
MISC
natus — xltek_neuroworks
 
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-2861
MISC
natus — xltek_neuroworks
 
An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-2867
MISC
natus — xltek_neuroworks
 
An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. 2018-04-05 not yet calculated CVE-2017-2853
MISC
ncmpc — ncmpc
 
ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. 2018-04-03 not yet calculated CVE-2018-9240
CONFIRM
nvidia — d3d10_driver
 
An exploitable heap memory corruption vulnerability exists in the NVIDIA D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause heap memory corruption, resulting in at least denial of service, and potential code execution. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, and the VMware host will be affected (potentially leading to VMware crash or guest-to-host escape). 2018-04-02 not yet calculated CVE-2018-6251
CONFIRM
MISC
nvidia — d3d10_driver
 
An exploitable denial-of-service vulnerability exists in the Nvidia D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause a stack overflow exception, resulting in at least denial of service. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, and will affect a VMware host (leading to the vmware-vmx.exe process to crash on the host). 2018-04-02 not yet calculated CVE-2018-6253
CONFIRM
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. 2018-04-02 not yet calculated CVE-2018-6249
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service. 2018-04-02 not yet calculated CVE-2018-6252
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. 2018-04-02 not yet calculated CVE-2018-6247
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges. 2018-04-02 not yet calculated CVE-2018-6250
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges. 2018-04-02 not yet calculated CVE-2018-6248
CONFIRM
ocaml — ocaml
 
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. 2018-04-06 not yet calculated CVE-2018-9838
MISC
oleumtech — wireless_sensor_network_devices
 
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data. 2018-04-06 not yet calculated CVE-2014-2359
XF
MISC
openresty — openresty
 
In OpenResty before 1.13.6.1, URI parameters were obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. 2018-04-02 not yet calculated CVE-2018-9230
MISC
MISC
osisoft — pi_system_software
 
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) 2018-04-03 not yet calculated CVE-2016-8365
BID
MISC
CONFIRM
phoenix_contact — inline_controller_plcs
 
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. 2018-04-05 not yet calculated CVE-2016-8380
BID
MISC
phoenix_contact — inline_controller_plcs
 
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. 2018-04-05 not yet calculated CVE-2016-8371
BID
MISC
phoenix_contact — inline_controller_plcs
 
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. 2018-04-05 not yet calculated CVE-2016-8366
BID
MISC
phpscriptsmall.com — redbus_clone_script
 
PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. 2018-04-05 not yet calculated CVE-2018-9328
MISC
pivotal — spring_framework
 
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. 2018-04-06 not yet calculated CVE-2018-1272
CONFIRM
pivotal — spring_framework
 
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. 2018-04-06 not yet calculated CVE-2018-1271
CONFIRM
pivotal — spring_framework
 
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. 2018-04-06 not yet calculated CVE-2018-1270
CONFIRM
python — cpython
 
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load. 2018-04-06 not yet calculated CVE-2014-3539
MLIST
CONFIRM
qualcomm — android An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842. 2018-04-04 not yet calculated CVE-2017-6426
BID
SECTRACK
CONFIRM
qualcomm — android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater than max bssid stored in wma handle and this would result in buffer overwrite while accessing wma_handle->interfaces[vdev_id]. 2018-04-03 not yet calculated CVE-2017-14894
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable “num_q6_rule” does not have a mutex lock and thus can be accessed and modified by multiple threads. 2018-04-03 not yet calculated CVE-2017-14880
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101. 2018-04-04 not yet calculated CVE-2015-9010
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. 2018-04-04 not yet calculated CVE-2014-9956
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882. 2018-04-04 not yet calculated CVE-2015-9011
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in ProcSetReqInternal() due to missing length check. 2018-04-03 not yet calculated CVE-2018-3566
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799. 2018-04-04 not yet calculated CVE-2016-10231
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575. 2018-04-04 not yet calculated CVE-2016-8484
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756. 2018-04-04 not yet calculated CVE-2016-8488
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252. 2018-04-04 not yet calculated CVE-2016-10298
BID
SECTRACK
CONFIRM
qualcomm — android
 
An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060. 2018-04-04 not yet calculated CVE-2016-10234
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244. 2018-04-04 not yet calculated CVE-2016-10299
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899. 2018-04-05 not yet calculated CVE-2017-0431
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access. 2018-04-03 not yet calculated CVE-2018-3598
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver. 2018-04-03 not yet calculated CVE-2018-5826
CONFIRM
qualcomm — android
 
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408. 2018-04-04 not yet calculated CVE-2016-10230
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. 2018-04-04 not yet calculated CVE-2014-9954
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750. 2018-04-04 not yet calculated CVE-2015-9014
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. This can potentially result in an integer overflow subsequently leading to a heap overwrite. 2018-04-03 not yet calculated CVE-2018-5820
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. 2018-04-04 not yet calculated CVE-2014-9957
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872. 2018-04-04 not yet calculated CVE-2016-10232
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow. 2018-04-03 not yet calculated CVE-2017-15836
CONFIRM
qualcomm — android
 
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798. 2018-04-05 not yet calculated CVE-2017-0748
BID
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648. 2018-04-04 not yet calculated CVE-2017-6424
BID
SECTRACK
CONFIRM
qualcomm — android
 
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689. 2018-04-04 not yet calculated CVE-2017-6425
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452. 2018-04-04 not yet calculated CVE-2016-10233
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686. 2018-04-04 not yet calculated CVE-2014-9955
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. 2018-04-04 not yet calculated CVE-2014-9958
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index to access wma->interfaces whose max index should be (max_bssid-1). If wake_info->vdev_id is greater than or equal to max_bssid, an out-of-bounds read occurs. 2018-04-03 not yet calculated CVE-2018-5821
CONFIRM
qualcomm — android
 
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409. 2018-04-04 not yet calculated CVE-2016-10235
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158. 2018-04-04 not yet calculated CVE-2017-6423
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur. 2018-04-03 not yet calculated CVE-2018-3599
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated. 2018-04-03 not yet calculated CVE-2017-18147
BID
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur. 2018-04-03 not yet calculated CVE-2018-5825
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur. 2018-04-03 not yet calculated CVE-2017-15822
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write(). 2018-04-03 not yet calculated CVE-2017-11075
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691. 2018-04-04 not yet calculated CVE-2015-9012
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in extscan hotlist event can lead to potential buffer overflow. 2018-04-03 not yet calculated CVE-2018-5823
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range. 2018-04-03 not yet calculated CVE-2018-5824
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600. 2018-04-04 not yet calculated CVE-2015-9009
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32(). 2018-04-03 not yet calculated CVE-2017-15837
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in apr_cb_func can lead to an arbitrary code execution. 2018-04-03 not yet calculated CVE-2018-3563
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll(). 2018-04-03 not yet calculated CVE-2017-14890
CONFIRM
qualcomm — android
 
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691. 2018-04-04 not yet calculated CVE-2016-8486
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724. 2018-04-04 not yet calculated CVE-2016-8487
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur. 2018-04-03 not yet calculated CVE-2017-17770
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite. 2018-04-03 not yet calculated CVE-2018-5828
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur. 2018-04-03 not yet calculated CVE-2017-15853
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689. 2018-04-04 not yet calculated CVE-2015-9008
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite. 2018-04-03 not yet calculated CVE-2018-5822
CONFIRM
qualcomm — android
 
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681. 2018-04-04 not yet calculated CVE-2016-8485
BID
SECTRACK
CONFIRM
qualcomm — android
 
An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418. 2018-04-04 not yet calculated CVE-2016-10236
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. 2018-04-04 not yet calculated CVE-2014-9959
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur in the function rmnet_usb_ctrl_init(). 2018-04-03 not yet calculated CVE-2018-3584
CONFIRM
qualcomm — android
 
libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the “filled length”, which is larger than the output buffer’s actual size, leading to an information disclosure problem in the context of mediaserver. 2018-03-30 not yet calculated CVE-2017-11087
BID
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251. 2018-04-04 not yet calculated CVE-2015-9013
BID
SECTRACK
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. 2018-04-04 not yet calculated CVE-2015-9015
BID
SECTRACK
CONFIRM
qualcomm — android
 
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed. 2018-04-03 not yet calculated CVE-2018-3596
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061. 2018-04-05 not yet calculated CVE-2017-0751
BID
CONFIRM
qualcomm — android
 
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. 2018-04-04 not yet calculated CVE-2014-9953
BID
SECTRACK
CONFIRM
remctl — remctl
 
remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. 2018-04-03 not yet calculated CVE-2018-0493
CONFIRM
DEBIAN
CONFIRM
roundcube — roundcube
 
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it’s possible to exploit the unsanitized, user-controlled “_uid” parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. 2018-04-07 not yet calculated CVE-2018-9846
MISC
MISC
MISC
ruby — ruby
 
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. 2018-04-03 not yet calculated CVE-2018-8780
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ruby — ruby
 
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. 2018-04-03 not yet calculated CVE-2018-8778
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ruby — ruby
 
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. 2018-04-03 not yet calculated CVE-2018-8779
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ruby — ruby
 
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. 2018-04-03 not yet calculated CVE-2017-17742
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ruby — ruby
 
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. 2018-04-03 not yet calculated CVE-2018-6914
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ruby — ruby
 
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). 2018-04-03 not yet calculated CVE-2018-8777
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
s3dvt — s3dvt
 
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed. 2018-04-06 not yet calculated CVE-2013-6876
MISC
MISC
FULLDISC
MLIST
BUGTRAQ
BUGTRAQ
BID
s3dvt — s3dvt
 
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876. 2018-04-06 not yet calculated CVE-2014-1226
MISC
FULLDISC
MLIST
BUGTRAQ
sophos — endpoint_protection
 
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. 2018-04-05 not yet calculated CVE-2018-4863
MISC
FULLDISC
EXPLOIT-DB
sophos — endpoint_protection
 
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. 2018-04-05 not yet calculated CVE-2018-9233
MISC
FULLDISC
EXPLOIT-DB
systematic — sitaware
 
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer. 2018-04-04 not yet calculated CVE-2018-9115
EXPLOIT-DB
unisys — stealth_solution
 
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. 2018-04-03 not yet calculated CVE-2018-8049
CONFIRM
wago — 750_series_firmware
 
Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. 2018-04-03 not yet calculated CVE-2018-8836
MISC
CONFIRM
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9266
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9271
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9273
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. 2018-04-04 not yet calculated CVE-2018-9257
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. 2018-04-04 not yet calculated CVE-2018-9256
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9265
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. 2018-04-04 not yet calculated CVE-2018-9264
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9269
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. 2018-04-04 not yet calculated CVE-2018-9261
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9272
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. 2018-04-04 not yet calculated CVE-2018-9262
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9274
MISC
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. 2018-04-04 not yet calculated CVE-2018-9259
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9270
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. 2018-04-04 not yet calculated CVE-2018-9263
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. 2018-04-04 not yet calculated CVE-2018-9260
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. 2018-04-04 not yet calculated CVE-2018-9258
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9268
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. 2018-04-04 not yet calculated CVE-2018-9267
MISC
MISC
MISC
wolfcms — wolfcms Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL. 2018-04-04 not yet calculated CVE-2018-8813
MISC
MISC
wolfcms — wolfcms
 
Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request. 2018-04-04 not yet calculated CVE-2018-8814
MISC
MISC
wordpress — wordpress CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. 2018-04-04 not yet calculated CVE-2018-9035
EXPLOIT-DB
wordpress — wordpress
 
Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. 2018-04-06 not yet calculated CVE-2014-5034
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information. 2018-04-04 not yet calculated CVE-2018-8719
EXPLOIT-DB
wordpress — wordpress
 
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. 2018-04-01 not yet calculated CVE-2018-9172
CONFIRM
CONFIRM
wordpress — wordpress
 
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. 2018-04-07 not yet calculated CVE-2018-9844
CONFIRM
CONFIRM
wordpress — wordpress
 
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2018-04-06 not yet calculated CVE-2014-5072
MISC
CONFIRM
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. 2018-04-04 not yet calculated CVE-2018-9034
EXPLOIT-DB
yahei — php_proberv
 
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. 2018-04-04 not yet calculated CVE-2018-9238
MISC
yubico — yubico
 
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). 2018-04-04 not yet calculated CVE-2018-9275
CONFIRM
CONFIRM
CONFIRM
zammad — zammad
 
Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3. 2018-04-05 not yet calculated CVE-2018-1000154
CONFIRM
CONFIRM
CONFIRM
zoho — manageengine_recovery_manager_plus
 
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus 5.3 (Build 5330) and earlier allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. 2018-04-02 not yet calculated CVE-2018-9163
MISC
zyxel — multy_x
 
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn’t use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device’s TELNET service as a backdoor. 2018-04-01 not yet calculated CVE-2018-9149
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request. 2018-04-04 not yet calculated CVE-2018-9309
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. 2018-04-06 not yet calculated CVE-2018-9331
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Prime Minister exhorts youth to seize opportunities in agricultural sector

GIS – 06 April, 2018: The Prime Minister, Minister of Home Affairs, External Communications and National Development Unit, Minister of Finance and Economic Development, Mr Pravind Kumar Jugnauth, exhorted youths to seize opportunities in agricultural sector which will undergo a major transformation in the coming years.
He was speaking yesterday during the inauguration of the Plaine Magnien Young Entrepreneurs Sheltered Farming Park, a Government-funded project to the tune of Rs 20 million to be implemented by the Food and Agricultural Research Extension Institute in collaboration with SME Mauritius Ltd and the Human Resource Development Council. Omnicane has allocated 2000 hectares for this project. Nine beneficiaries aged between 25 and 35, and possessing university degrees have been selected for the project after having undergone training in sheltered farming.
Prime Minister Jugnauth expressed the wish for a new generation of entrepreneurs in the agricultural sector with emphasis on sheltered farming He also evoked the difficulties faced by planters in both the sugar and non-sugar sectors, as well as the livestock sector and reiterated his full support to help them overcome the challenges which are mostly due to climate change. He observed that the number of planters has decreased with 15 000 planters as at date.
Moreover, he cautioned planters against the abusive use of pesticides and added that severe sanctions will be taken against those who are thinking only about profit making thus putting at risk the lives of others and making the lands infertile. Hence, he recommends a judicious use of pesticide for the well-being of one and all.
The Prime Minister recalled the various measures and projects put in place by Government for the development and sustainability of the agro-industry sector.
For his part, the Minister of Agro-Industry and Food Security, Mr Mahen Seeruttun, listed out the measures upon which his Ministry has embarked to provide the best facilities to planters. He said that Rs 14 million has been disbursed to help planters who have been severely affected by the effects of climate change and a sum of Rs 36 million has been disbursed by the Development Bank of Mauritius to help planters put their business back on track.

Government Information Service, Prime Minister’s Office, Level 6, New Government Centre, Port Louis, Mauritius. Email: gis@govmu.org  Website: http://gis.govmu.org