SB18-099: Vulnerability Summary for the Week of April 2, 2018

Original release date: April 09, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no high vulnerabilities recorded this week.

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no medium vulnerabilities recorded this week.

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no low vulnerabilities recorded this week.

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
allen_bradley — micrologix_1400_series_b_firmware	An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-12093 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 0037 Fault Type: Recoverable Description: The STI, EII, and HSC function files contain bits signifying whether or not a fault has occurred. Additionally there is a bit signaling the module to auto start. When these bits are set for any of the three modules and the device is moved into a run state, a fault is triggered.	2018-04-05	not yet calculated	CVE-2017-14471 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix.	2018-04-05	not yet calculated	CVE-2017-14470 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file.	2018-04-05	not yet calculated	CVE-2017-14466 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware.	2018-04-05	not yet calculated	CVE-2017-14468 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name.	2018-04-05	not yet calculated	CVE-2017-14462 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.	2018-04-05	not yet calculated	CVE-2017-14464 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-12089 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values.	2018-04-05	not yet calculated	CVE-2017-14463 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password.	2018-04-05	not yet calculated	CVE-2017-14472 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix.	2018-04-05	not yet calculated	CVE-2017-14469 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC.	2018-04-05	not yet calculated	CVE-2017-14465 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used.	2018-04-05	not yet calculated	CVE-2017-14467 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-12090 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX.	2018-04-05	not yet calculated	CVE-2017-14473 MISC
allen_bradley — micrologix_1400_series_b_frn	An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability	2018-04-05	not yet calculated	CVE-2017-12088 MISC
apache — hive_jdbc_driver	This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.	2018-04-05	not yet calculated	CVE-2018-1282 MLIST
apache — hive	In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.	2018-04-05	not yet calculated	CVE-2018-1284 MLIST
apache — hive	In Apache Hive 2.1.0 to 2.3.2, when ‘COPY FROM FTP’ statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.	2018-04-05	not yet calculated	CVE-2018-1315 MLIST
apache — ignite	In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components – discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.	2018-04-02	not yet calculated	CVE-2018-1295 MLIST
apple — ios_and_macos_and_tvos	An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the “Wi-Fi” component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.	2018-04-03	not yet calculated	CVE-2017-7065 BID CONFIRM CONFIRM CONFIRM
apple — ios_and_macos_and_watchos	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the “CoreFoundation” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4158 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM
apple — ios_and_macos_and_watchos	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the “LinkPresentation” component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.	2018-04-03	not yet calculated	CVE-2018-4100 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-7002 BID CONFIRM CONFIRM
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “Mail” component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.	2018-04-03	not yet calculated	CVE-2018-4174 BID SECTRACK SECTRACK CONFIRM CONFIRM
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “PluginKit” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4156 BID SECTRACK SECTRACK CONFIRM CONFIRM
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-7001 BID CONFIRM CONFIRM
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “Storage” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4154 BID SECTRACK SECTRACK CONFIRM CONFIRM
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “WindowServer” component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.	2018-04-03	not yet calculated	CVE-2018-4131 BID SECTRACK SECTRACK CONFIRM CONFIRM MISC
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “Security” component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.	2018-04-03	not yet calculated	CVE-2017-7004 CONFIRM CONFIRM EXPLOIT-DB
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the “iCloud Drive” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4151 BID SECTRACK SECTRACK CONFIRM CONFIRM
apple — ios_and_macos	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-7000 BID BID REDHAT GENTOO CONFIRM CONFIRM DEBIAN
apple — ios_and_safari_and_tvos	An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “JavaScriptCore” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling.	2018-04-03	not yet calculated	CVE-2017-2492 CONFIRM CONFIRM CONFIRM
apple — ios_and_safari_and_tvos	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the “JavaScriptCore” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-7005 CONFIRM CONFIRM CONFIRM EXPLOIT-DB
apple — ios_and_tvos_and_watchos	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4109 CONFIRM CONFIRM CONFIRM
apple — ios_and_tvos_and_watchos	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Core Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4095 BID SECTRACK MISC CONFIRM CONFIRM CONFIRM
apple — ios_and_tvos_and_watchos	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Core Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4087 BID SECTRACK MISC CONFIRM CONFIRM CONFIRM EXPLOIT-DB
apple — ios_and_tvos	An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the “App Store” component. It allows man-in-the-middle attackers to spoof password prompts.	2018-04-03	not yet calculated	CVE-2017-7164 CONFIRM CONFIRM
apple — ios_and_tvos	An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the “Wi-Fi” component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11.	2018-04-03	not yet calculated	CVE-2017-7066 CONFIRM CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Profiles” component. It does not enforce the configuration profile’s settings for whether pairings are allowed.	2018-04-03	not yet calculated	CVE-2017-13806 CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Telephony” component. A buffer overflow allows remote attackers to execute arbitrary code.	2018-04-03	not yet calculated	CVE-2018-4148 BID CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the “Safari Login AutoFill” component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.	2018-04-03	not yet calculated	CVE-2018-4137 SECTRACK CONFIRM CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the user interface via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4134 BID SECTRACK CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Web App” component. It allows remote attackers to bypass intended restrictions on cookie persistence.	2018-04-03	not yet calculated	CVE-2018-4110 BID SECTRACK CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Files Widget” component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.	2018-04-03	not yet calculated	CVE-2018-4168 BID SECTRACK CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Find My iPhone” component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the “Find My iPhone” feature via vectors involving a backup restore.	2018-04-03	not yet calculated	CVE-2018-4172 BID SECTRACK CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Sandbox Profiles” component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app.	2018-04-03	not yet calculated	CVE-2017-6976 CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the “Clock” component. It allows physically proximate attackers to discover the iTunes e-mail address.	2018-04-03	not yet calculated	CVE-2018-4123 BID SECTRACK CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “Telephony” component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.	2018-04-03	not yet calculated	CVE-2018-4140 BID SECTRACK CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Sandbox Profiles” component. It allows attackers to determine whether arbitrary files exist via a crafted app.	2018-04-03	not yet calculated	CVE-2017-13877 CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Notes” component. It allows local users to obtain sensitive information by reading search results that contain locked-note content.	2018-04-03	not yet calculated	CVE-2017-7075 CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “APNs” component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.	2018-04-03	not yet calculated	CVE-2017-13863 CONFIRM
apple — ios	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the “SafariViewController” component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page.	2018-04-03	not yet calculated	CVE-2018-4149 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Spotlight” component. It allows local users to see results for other users’ files.	2018-04-03	not yet calculated	CVE-2017-13839 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Admin Framework” component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.	2018-04-03	not yet calculated	CVE-2018-4170 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “kext tools” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading.	2018-04-03	not yet calculated	CVE-2017-13827 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Touch Bar Support” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4083 CONFIRM EXPLOIT-DB
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “DesktopServices” component. It allows local users to bypass intended access restrictions on home folder files.	2018-04-03	not yet calculated	CVE-2017-13851 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the “CoreTypes” component. It allows remote attackers to trigger disk-image mounting via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-13890 BID SECTRACK CONFIRM CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid.	2018-04-03	not yet calculated	CVE-2017-7070 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “PDFKit” component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.	2018-04-03	not yet calculated	CVE-2018-4107 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “NVIDIA Graphics Drivers” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4138 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Font Importer” component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font.	2018-04-03	not yet calculated	CVE-2017-13850 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Sandbox” component. It allows bypass of a sandbox protection mechanism.	2018-04-03	not yet calculated	CVE-2018-4091 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Disk Management” component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.	2018-04-03	not yet calculated	CVE-2018-4108 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “kext tools” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4139 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Wi-Fi” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4084 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4160 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4132 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Notes” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4152 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “IOFireWireFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4135 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the “Terminal” component. It allows user-assisted attackers to inject arbitrary commands within pasted content.	2018-04-03	not yet calculated	CVE-2018-4106 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “IOHIDFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4098 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “AppleGraphicsControl” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2017-13853 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “ATS” component. It allows attackers to obtain sensitive information by leveraging symlink mishandling.	2018-04-03	not yet calculated	CVE-2018-4112 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4136 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “APFS” component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.	2018-04-03	not yet calculated	CVE-2018-4105 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.	2018-04-03	not yet calculated	CVE-2017-7173 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Disk Images” component. It allows attackers to trigger an app launch upon mounting a crafted disk image.	2018-04-03	not yet calculated	CVE-2018-4176 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Security” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2017-7170 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4097 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Installer” component. It does not properly restrict an app’s entitlements for accessing the FileVault unlock key.	2018-04-03	not yet calculated	CVE-2017-13837 CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “Mail” component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature.	2018-04-03	not yet calculated	CVE-2018-4111 BID SECTRACK CONFIRM
apple — macos	An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the “LaunchServices” component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4175 BID SECTRACK CONFIRM
apple — mulitple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4090 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “File System Events” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4167 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4130 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4146 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4122 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4129 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “CoreAnimation” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2017-7171 CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a crafted string containing a certain Telugu character.	2018-04-03	not yet calculated	CVE-2018-4124 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4117 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4125 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Kernel” component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.	2018-04-03	not yet calculated	CVE-2017-13873 CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.	2018-04-03	not yet calculated	CVE-2018-4094 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.	2018-04-03	not yet calculated	CVE-2017-7003 CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4114 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4162 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4093 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4128 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “CoreFoundation” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4155 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4104 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the “WebKit” component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.	2018-04-03	not yet calculated	CVE-2018-4113 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4120 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.	2018-04-03	not yet calculated	CVE-2017-7153 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4119 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4096 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “CFNetwork Session” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2017-7172 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4143 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4118 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4088 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (application crash) via a crafted string.	2018-04-03	not yet calculated	CVE-2018-4142 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “NSURLSession” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4166 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4082 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4101 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Quick Look” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4157 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.	2018-04-03	not yet calculated	CVE-2017-2493 CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Security” component. It allows remote attackers to spoof certificate validation via crafted name constraints.	2018-04-03	not yet calculated	CVE-2018-4086 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “Kernel” component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4092 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4163 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4150 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4089 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-13884 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the “QuartzCore” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4085 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2017-13854 CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4165 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2018-04-03	not yet calculated	CVE-2017-13904 CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-13885 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4127 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4121 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4161 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-7165 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the “System Preferences” component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.	2018-04-03	not yet calculated	CVE-2018-4115 SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
apple — multiple_products	An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the “Security” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.	2018-04-03	not yet calculated	CVE-2018-4144 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
apple — safari	An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	2018-04-03	not yet calculated	CVE-2017-7071 BID CONFIRM
apple — safari	An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4102 BID SECTRACK CONFIRM
apple — safari	An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the “WebKit” component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2018-04-03	not yet calculated	CVE-2018-4133 BID SECTRACK CONFIRM
apple — safari	An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.	2018-04-03	not yet calculated	CVE-2017-7161 CONFIRM UBUNTU
apple — safari	An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted web site.	2018-04-03	not yet calculated	CVE-2018-4116 SECTRACK CONFIRM
apple — xcode	An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the “LLVM” component.	2018-04-03	not yet calculated	CVE-2018-4164 MISC MISC BID SECTRACK MISC CONFIRM
apple — xcode	An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the “ld64” component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code.	2018-04-03	not yet calculated	CVE-2017-7167 CONFIRM
asus — multiple_routers	Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.	2018-04-04	not yet calculated	CVE-2018-9285 MISC MISC
atlassian — application_links	The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location’s OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.	2018-04-04	not yet calculated	CVE-2017-18096 CONFIRM
atlassian — jira	The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.	2018-04-06	not yet calculated	CVE-2017-18097 CONFIRM
atlassian — jira	The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.	2018-04-06	not yet calculated	CVE-2017-18098 CONFIRM
auth0 — auth0	The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.	2018-04-04	not yet calculated	CVE-2018-6873 MISC
avatar_uploader — avatar_uploader	Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn’t verify users or sanitize the file path.	2018-04-04	not yet calculated	CVE-2018-9205 MISC MISC MISC
axis — m1033-w_ip_camera_firmware	DISPUTED An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn’t verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with “<!–#exec cmd=” support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality.	2018-04-01	not yet calculated	CVE-2018-9157 MISC
axis — m1033-w_ip_camera_firmware	An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don’t employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end.	2018-04-01	not yet calculated	CVE-2018-9158 MISC
axis — p1354_ip_camera_firmware	DISPUTED An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn’t verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with “<!–#exec cmd=” support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality.	2018-04-01	not yet calculated	CVE-2018-9156 MISC
beep — beep	Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.	2018-04-03	not yet calculated	CVE-2018-0492 MLIST CONFIRM CONFIRM DEBIAN
bitdefender_antivirus — bitdefender_antivirus	The Bitdefender Antivirus 6.2.19.890 component, as configured for AV Defender in SolarWinds N-Central and possibly other products, attempts to access hosts in the bitdefeder.net Potentially Unwanted Domain (a domain similar to “bitdefender.net” but with a missing ‘n’ character) in unspecified circumstances. The observed hostnames are of the form upgr-midgress-##.htz.bitdefeder.net; however, all hostnames ending in .bitdefeder.net apparently resolve to the same IP address. This product behavior may allow remote attackers to block antivirus updates or potentially provide crafted updates, either by controlling that IP address or by purchasing the bitdefeder.net domain name.	2018-04-05	not yet calculated	CVE-2018-9329 MISC MISC
botan — botan	Botan 2.2.0 – 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a ‘b’ character.	2018-04-02	not yet calculated	CVE-2018-9127 MISC
brave_software — brave_browser	Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.	2018-04-03	not yet calculated	CVE-2016-10718 CONFIRM CONFIRM CONFIRM
brave_software — brave_browser	Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.	2018-04-03	not yet calculated	CVE-2017-18256 CONFIRM
brilliantts — fuze_card	An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.	2018-04-04	not yet calculated	CVE-2018-9119 MISC MISC MISC
circle_media — circle_with_disney	An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed “de-auth” packets to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-12095 MISC
cisco — ios_xe_software	Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.	2018-04-02	not yet calculated	CVE-2018-0194 BID CONFIRM
cmapcoverage.cpp — cmapcoverage.cpp	In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.	2018-04-04	not yet calculated	CVE-2017-13275 CONFIRM
coremail — coremail	register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942.	2018-04-07	not yet calculated	CVE-2018-9330 MISC
csrf — csrf	CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.	2018-04-04	not yet calculated	CVE-2018-6874 MISC
d-link — dir-601_devices	An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator’s panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.	2018-03-30	not yet calculated	CVE-2018-5708 FULLDISC EXPLOIT-DB
d-link — dir-868l_devices	authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.	2018-04-04	not yet calculated	CVE-2018-9284 MISC MISC
d-link — dsl-3782_devices	Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the ‘set Diagnostics_Entry’ function in an HTTP request, related to /userfs/bin/tcapi.	2018-04-03	not yet calculated	CVE-2018-8941 MISC
dedecms — dedecms	DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.	2018-04-01	not yet calculated	CVE-2018-9175 MISC
dedecms — dedecms	sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker’s control.	2018-04-01	not yet calculated	CVE-2018-9174 MISC
dnnarticle — dnnarticle	The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.	2018-04-04	not yet calculated	CVE-2018-9126 MISC EXPLOIT-DB
dsmall — dsmall	dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.	2018-04-04	not yet calculated	CVE-2018-9307 MISC
duckduckgo — duckduckgo	In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.	2018-04-01	not yet calculated	CVE-2018-6849 MISC MISC MISC MISC EXPLOIT-DB
dvd_x_player — dvd_x_player_standard	DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.	2018-04-01	not yet calculated	CVE-2018-9128 MISC
etcd — etcd	DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).	2018-04-03	not yet calculated	CVE-2018-1099 CONFIRM CONFIRM
etcd — etcd	A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can’t PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.	2018-04-03	not yet calculated	CVE-2018-1098 CONFIRM CONFIRM
etherpad — etherpad	Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names.	2018-04-07	not yet calculated	CVE-2018-9325 CONFIRM
etherpad — etherpad	Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.	2018-04-07	not yet calculated	CVE-2018-9326 CONFIRM
etherpad — etherpad	Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).	2018-04-07	not yet calculated	CVE-2018-9327 CONFIRM
exiv2 — exiv2	In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the “== 0x1c” case.	2018-04-04	not yet calculated	CVE-2018-9305 MISC MISC
exiv2 — exiv2	In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.	2018-04-04	not yet calculated	CVE-2018-9304 MISC MISC
exiv2 — exiv2	In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.	2018-04-04	not yet calculated	CVE-2018-9303 MISC
exiv2 — exiv2	In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the “!= 0x1c” case.	2018-04-04	not yet calculated	CVE-2018-9306 MISC MISC
f5 — big-ip_asm	F5 BIG-IP ASM version 12.1.0 – 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.	2018-04-03	not yet calculated	CVE-2016-7472 BID BID SECTRACK CONFIRM
ffmpeg — ffmpeg	The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.	2018-04-07	not yet calculated	CVE-2018-9841 MISC
fiberhome — vdsl2_modem_hg_150-ub_devices	FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location=’login.html’ JavaScript code in the response to an unauthenticated request.	2018-04-04	not yet calculated	CVE-2018-9249 MISC
fiberhome — vdsl2_modem_hg	FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a “Cookie: Name=0admin” header.	2018-04-04	not yet calculated	CVE-2018-9248 MISC EXPLOIT-DB
foreman — foreman	An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.	2018-04-05	not yet calculated	CVE-2018-1096 CONFIRM CONFIRM
foreman — foreman	A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.	2018-04-04	not yet calculated	CVE-2018-1097 CONFIRM CONFIRM CONFIRM
freebsd — freebsd	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.	2018-04-04	not yet calculated	CVE-2018-6918 BID SECTRACK FREEBSD
freebsd — freebsd	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.	2018-04-04	not yet calculated	CVE-2018-6919 CONFIRM
freebsd — freebsd	In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.	2018-04-04	not yet calculated	CVE-2018-6917 BID SECTRACK FREEBSD
frog_cms — frog_cms	An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application’s add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.	2018-03-31	not yet calculated	CVE-2018-8908 MISC EXPLOIT-DB
getsimple_cms — getsimple_cms	Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.	2018-04-01	not yet calculated	CVE-2018-9173 CONFIRM EXPLOIT-DB
gitlab — community_and_enterprise_editions	GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.	2018-04-05	not yet calculated	CVE-2018-9243 MISC
gitlab — community_and_enterprise_editions	GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.	2018-04-05	not yet calculated	CVE-2018-9244 MISC
gleez_cms — gleez_cms	Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.	2018-04-05	not yet calculated	CVE-2018-7035 MISC
gnu — gnu	GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD’s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.	2018-04-06	not yet calculated	CVE-2018-1000156 MISC MISC CONFIRM MISC
gnupg — gnupg	GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.	2018-04-03	not yet calculated	CVE-2018-9234 MISC
google — android	A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081.	2018-04-04	not yet calculated	CVE-2017-13295 CONFIRM
google — android	In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292.	2018-04-04	not yet calculated	CVE-2017-13261 BID CONFIRM EXPLOIT-DB EXPLOIT-DB
google — android	In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768.	2018-04-04	not yet calculated	CVE-2017-13288 CONFIRM
google — android	In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702.	2018-04-04	not yet calculated	CVE-2017-13251 BID CONFIRM
google — android	In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251.	2018-04-04	not yet calculated	CVE-2017-13286 CONFIRM
google — android	In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464.	2018-04-04	not yet calculated	CVE-2017-13287 CONFIRM
google — android	In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.	2018-04-05	not yet calculated	CVE-2015-9016 CONFIRM CONFIRM
google — android	A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.	2018-04-04	not yet calculated	CVE-2017-13304 CONFIRM
google — android	In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612.	2018-04-04	not yet calculated	CVE-2017-13248 BID CONFIRM
google — android	In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137.	2018-04-04	not yet calculated	CVE-2017-13272 BID CONFIRM
google — android	In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.	2018-04-04	not yet calculated	CVE-2017-13262 BID CONFIRM EXPLOIT-DB EXPLOIT-DB
google — android	A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.	2018-04-04	not yet calculated	CVE-2017-13265 CONFIRM
google — android	In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692.	2018-04-04	not yet calculated	CVE-2017-13257 BID CONFIRM
google — android	In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599.	2018-04-04	not yet calculated	CVE-2017-13276 CONFIRM
google — android	In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027.	2018-04-04	not yet calculated	CVE-2017-13277 CONFIRM
google — android	An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.	2018-04-05	not yet calculated	CVE-2017-0744 BID CONFIRM
google — android	In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408.	2018-04-04	not yet calculated	CVE-2017-13249 BID CONFIRM
google — android	A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.	2018-04-04	not yet calculated	CVE-2017-13296 CONFIRM
google — android	In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.	2018-04-04	not yet calculated	CVE-2017-13260 BID CONFIRM EXPLOIT-DB EXPLOIT-DB
google — android	A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507.	2018-04-04	not yet calculated	CVE-2017-13254 CONFIRM
google — android	A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.	2018-04-04	not yet calculated	CVE-2017-13269 CONFIRM
google — android	A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.	2018-04-04	not yet calculated	CVE-2017-13294 CONFIRM
google — android	In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126.	2018-04-04	not yet calculated	CVE-2017-13285 CONFIRM
google — android	A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394.	2018-04-04	not yet calculated	CVE-2017-13299 CONFIRM
google — android	A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501.	2018-04-04	not yet calculated	CVE-2017-13303 CONFIRM
google — android	In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.	2018-04-04	not yet calculated	CVE-2017-13291 CONFIRM
google — android	In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.	2018-04-04	not yet calculated	CVE-2017-13266 BID CONFIRM
google — android	A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.	2018-04-04	not yet calculated	CVE-2017-13263 CONFIRM
google — android	In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966.	2018-04-04	not yet calculated	CVE-2017-13256 BID CONFIRM
google — android	In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439.	2018-04-04	not yet calculated	CVE-2017-13279 CONFIRM
google — android	An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482.	2018-04-05	not yet calculated	CVE-2016-8482 CONFIRM BID CONFIRM
google — android	In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.	2018-04-04	not yet calculated	CVE-2017-13292 CONFIRM
google — android	A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.	2018-04-04	not yet calculated	CVE-2017-13301 CONFIRM
google — android	In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702.	2018-04-04	not yet calculated	CVE-2017-13252 BID CONFIRM
google — android	In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410.	2018-04-04	not yet calculated	CVE-2017-13283 CONFIRM
google — android	A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.	2018-04-04	not yet calculated	CVE-2017-13306 CONFIRM
google — android	A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.	2018-04-04	not yet calculated	CVE-2017-13270 CONFIRM
google — android	A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.	2018-04-04	not yet calculated	CVE-2017-13305 CONFIRM
google — android	In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546.	2018-04-04	not yet calculated	CVE-2017-13259 BID CONFIRM
google — android	In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564.	2018-04-04	not yet calculated	CVE-2017-13289 CONFIRM
google — android	In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273.	2018-04-04	not yet calculated	CVE-2017-13284 CONFIRM
google — android	In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009.	2018-04-04	not yet calculated	CVE-2017-13267 CONFIRM
google — android	A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343.	2018-04-04	not yet calculated	CVE-2017-13264 CONFIRM
google — android	In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315.	2018-04-04	not yet calculated	CVE-2017-13282 CONFIRM
google — android	A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.	2018-04-04	not yet calculated	CVE-2017-13271 CONFIRM
google — android	In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536.	2018-04-04	not yet calculated	CVE-2017-13250 BID CONFIRM
google — android	A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.	2018-04-04	not yet calculated	CVE-2017-13307 CONFIRM
google — android	A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.	2018-04-04	not yet calculated	CVE-2017-13302 CONFIRM
google — android	In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.	2018-04-04	not yet calculated	CVE-2017-13258 BID CONFIRM EXPLOIT-DB EXPLOIT-DB
google — android	In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451.	2018-04-04	not yet calculated	CVE-2017-13280 CONFIRM
google — android	A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.	2018-04-04	not yet calculated	CVE-2017-13297 CONFIRM
google — android	In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054.	2018-04-04	not yet calculated	CVE-2017-13255 BID CONFIRM
google — android	In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.	2018-04-04	not yet calculated	CVE-2017-13253 BID CONFIRM EXPLOIT-DB
google — android	A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.	2018-04-04	not yet calculated	CVE-2017-13300 CONFIRM
google — android	In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.	2018-04-04	not yet calculated	CVE-2017-13281 CONFIRM
google — android	A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.	2018-04-04	not yet calculated	CVE-2017-13268 CONFIRM
google — android	A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051.	2018-04-04	not yet calculated	CVE-2017-13298 CONFIRM
google — android	In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.	2018-04-04	not yet calculated	CVE-2017-13274 CONFIRM
google — android	In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581.	2018-04-04	not yet calculated	CVE-2017-13278 CONFIRM
google — android	In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701.	2018-04-04	not yet calculated	CVE-2017-13293 CONFIRM
google — android	In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124.	2018-04-04	not yet calculated	CVE-2017-13290 CONFIRM
gxlcms_qy — gxlcms_qy	In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.	2018-04-07	not yet calculated	CVE-2018-9852 MISC
gxlcms_qy — gxlcms_qy	In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.	2018-04-07	not yet calculated	CVE-2018-9847 MISC
gxlcms_qy — gxlcms_qy	In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of ‘\|’ instead of ‘/’ as a directory separator, in conjunction with a “..” sequence.	2018-04-07	not yet calculated	CVE-2018-9851 MISC
gxlcms_qy — gxlcms_qy	In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request.	2018-04-07	not yet calculated	CVE-2018-9848 MISC
gxlcms_qy — gxlcms_qy	The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename.	2018-04-03	not yet calculated	CVE-2018-9247 MISC
gxlcms_qy — gxlcms_qy	In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.	2018-04-07	not yet calculated	CVE-2018-9850 MISC
ibm — business_process_manager	IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.	2018-04-04	not yet calculated	CVE-2018-1469 CONFIRM MISC
ibm — business_process_manager	IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.	2018-03-30	not yet calculated	CVE-2017-1767 CONFIRM BID SECTRACK MISC
ibm — business_process_manager	IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.	2018-03-30	not yet calculated	CVE-2018-1384 CONFIRM BID SECTRACK MISC
ibm — business_process_manager	IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.	2018-03-30	not yet calculated	CVE-2017-1765 CONFIRM BID SECTRACK MISC
ibm — business_process_manager	IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.	2018-03-30	not yet calculated	CVE-2017-1756 CONFIRM BID MISC
ibm — financial_transaction_manager_for_check_services_for_multi-platform	IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221.	2018-03-30	not yet calculated	CVE-2018-1390 CONFIRM BID MISC
ibm — gskit_and_spectrum_protect_snapshot	The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.	2018-04-04	not yet calculated	CVE-2018-1447 CONFIRM CONFIRM CONFIRM CONFIRM MISC
ibm — qradar	IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.	2018-04-04	not yet calculated	CVE-2017-1733 CONFIRM MISC
ibm — qradar	IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122.	2018-04-04	not yet calculated	CVE-2017-1624 CONFIRM MISC
ibm — security_privileged_identity_manager	IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.	2018-03-30	not yet calculated	CVE-2017-1705 CONFIRM BID MISC
ibm — tivoli_security_directory_server	The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.	2018-04-03	not yet calculated	CVE-2015-1975 CONFIRM XF
ibm — websphere_datapower_appliances	IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.	2018-04-04	not yet calculated	CVE-2018-1421 CONFIRM MISC
ibm — websphere_mq	A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.	2018-03-30	not yet calculated	CVE-2017-1747 CONFIRM BID MISC
ibm — worklight	IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786.	2018-04-04	not yet calculated	CVE-2017-1772 CONFIRM MISC
intel — multiple_products	Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.	2018-04-05	not yet calculated	CVE-2018-3624 CONFIRM
intel — remote_keyboard	Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.	2018-04-03	not yet calculated	CVE-2018-3645 CONFIRM
intel — remote_keyboard	Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.	2018-04-03	not yet calculated	CVE-2018-3638 CONFIRM
intel — remote_keyboard	Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.	2018-04-03	not yet calculated	CVE-2018-3641 CONFIRM
intel — software_guard_extensions_platform_software_component	AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM.	2018-04-03	not yet calculated	CVE-2018-3689 CONFIRM
intel — spi_flash	Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.	2018-04-03	not yet calculated	CVE-2017-5703 SECTRACK CONFIRM
iscripts — easycreate	iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the “Site Description” field.	2018-04-04	not yet calculated	CVE-2018-9237 MISC
iscripts — easycreate	iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the “Site title” field.	2018-04-04	not yet calculated	CVE-2018-9236 MISC
iscripts — sonicbb	iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.	2018-04-04	not yet calculated	CVE-2018-9235 MISC
jasper — jasper	JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.	2018-04-03	not yet calculated	CVE-2018-9252 MISC
jenkins — jenkins	An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.	2018-04-05	not yet calculated	CVE-2018-1000145 CONFIRM
jenkins — jenkins	An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (“test connection”).	2018-04-05	not yet calculated	CVE-2018-1000152 CONFIRM
jenkins — jenkins	An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.	2018-04-05	not yet calculated	CVE-2018-1000143 CONFIRM
jenkins — jenkins	A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users.	2018-04-05	not yet calculated	CVE-2018-1000144 CONFIRM
jenkins — jenkins	An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.	2018-04-05	not yet calculated	CVE-2018-1000142 CONFIRM
jenkins — jenkins	A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.	2018-04-05	not yet calculated	CVE-2018-1000151 CONFIRM
jenkins — jenkins	An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.	2018-04-05	not yet calculated	CVE-2018-1000150 CONFIRM
jenkins — jenkins	An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them	2018-04-05	not yet calculated	CVE-2018-1000147 CONFIRM
jenkins — jenkins	An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.	2018-04-05	not yet calculated	CVE-2018-1000146 CONFIRM
jenkins — jenkins	A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (“test connection”).	2018-04-05	not yet calculated	CVE-2018-1000153 CONFIRM
jenkins — jenkins	An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.	2018-04-05	not yet calculated	CVE-2018-1000148 CONFIRM
jenkins — jenkins	A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.	2018-04-05	not yet calculated	CVE-2018-1000149 CONFIRM
joomla! — joomla!	The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.	2018-04-02	not yet calculated	CVE-2018-9183 MISC EXPLOIT-DB MISC
juniper_networks — junos_space	The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.	2018-04-05	not yet calculated	CVE-2014-3413 CONFIRM MISC
koji — koji	Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.	2018-04-04	not yet calculated	CVE-2018-1002150 CONFIRM CONFIRM
libming — libming	The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file.	2018-04-01	not yet calculated	CVE-2018-9165 CONFIRM
libxml2 — libxml2	The xz_decomp function in xzlib.c in libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.	2018-04-03	not yet calculated	CVE-2018-9251 MISC
linux — linux_kernel	The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.	2018-04-01	not yet calculated	CVE-2018-1092 MISC MISC MISC MISC
linux — linux_kernel	The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.	2018-04-01	not yet calculated	CVE-2018-1094 MISC MISC MISC MISC MISC
linux — linux_kernel	The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.	2018-04-01	not yet calculated	CVE-2018-1093 MISC MISC MISC MISC
linux — linux_kernel	The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.	2018-04-01	not yet calculated	CVE-2018-1095 MISC MISC MISC MISC
linux — linux_kernel	The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.	2018-04-04	not yet calculated	CVE-2017-18257 MISC MISC
mcafee — epolicy_orchestrator	Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.	2018-04-02	not yet calculated	CVE-2018-6660 BID CONFIRM
mcafee — epolicy_orchestrator	Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.	2018-04-02	not yet calculated	CVE-2018-6659 BID CONFIRM
mcafee — mulitple_products	Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.	2018-04-03	not yet calculated	CVE-2017-4028 BID CONFIRM
mcafee — network_security_management	Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user’s browser via reusing the exposed session token in the application URL.	2018-04-04	not yet calculated	CVE-2017-3966 CONFIRM
mcafee — network_security_management	Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.	2018-04-03	not yet calculated	CVE-2017-3972 CONFIRM
mcafee — network_security_management	Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.	2018-04-04	not yet calculated	CVE-2017-3965 CONFIRM
mcafee — network_security_management	Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.	2018-04-04	not yet calculated	CVE-2017-3964 CONFIRM
mcafee — network_security_management	Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.	2018-04-04	not yet calculated	CVE-2017-3971 CONFIRM
mcafee — network_security_management	Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.	2018-04-04	not yet calculated	CVE-2017-3967 CONFIRM
mcafee — network_security_management	Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.	2018-04-04	not yet calculated	CVE-2017-3969 CONFIRM
mcafee — true_key	DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.	2018-04-02	not yet calculated	CVE-2018-6661 CONFIRM
microsoft — malware_protection_engine	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka “Microsoft Malware Protection Engine Remote Code Execution Vulnerability”.	2018-04-04	not yet calculated	CVE-2018-0986 BID SECTRACK CONFIRM EXPLOIT-DB
microsoft — windows_kernel	The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka “Windows Kernel Elevation of Privilege Vulnerability.”	2018-04-02	not yet calculated	CVE-2018-1038 BID CONFIRM
moodle — moodle	A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.	2018-04-04	not yet calculated	CVE-2018-1081 CONFIRM CONFIRM
moodle — moodle	A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.	2018-04-04	not yet calculated	CVE-2018-1082 CONFIRM CONFIRM
moxa — awk-3131a_wireless_access_point	An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.	2018-04-02	not yet calculated	CVE-2016-8717 MISC
moxa — mxview	The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.	2018-04-06	not yet calculated	CVE-2018-7506 MISC
natus — xltek_neuroworks_newproducerstream	An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-2868 MISC
natus — xltek_neuroworks	An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-2869 MISC
natus — xltek_neuroworks	An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-2861 MISC
natus — xltek_neuroworks	An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-2867 MISC
natus — xltek_neuroworks	An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.	2018-04-05	not yet calculated	CVE-2017-2853 MISC
ncmpc — ncmpc	ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.	2018-04-03	not yet calculated	CVE-2018-9240 CONFIRM
nvidia — d3d10_driver	An exploitable heap memory corruption vulnerability exists in the NVIDIA D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause heap memory corruption, resulting in at least denial of service, and potential code execution. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, and the VMware host will be affected (potentially leading to VMware crash or guest-to-host escape).	2018-04-02	not yet calculated	CVE-2018-6251 CONFIRM MISC
nvidia — d3d10_driver	An exploitable denial-of-service vulnerability exists in the Nvidia D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause a stack overflow exception, resulting in at least denial of service. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, and will affect a VMware host (leading to the vmware-vmx.exe process to crash on the host).	2018-04-02	not yet calculated	CVE-2018-6253 CONFIRM MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.	2018-04-02	not yet calculated	CVE-2018-6249 CONFIRM
nvidia — windows_gpu_display_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service.	2018-04-02	not yet calculated	CVE-2018-6252 CONFIRM
nvidia — windows_gpu_display_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges.	2018-04-02	not yet calculated	CVE-2018-6247 CONFIRM
nvidia — windows_gpu_display_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges.	2018-04-02	not yet calculated	CVE-2018-6250 CONFIRM
nvidia — windows_gpu_display_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges.	2018-04-02	not yet calculated	CVE-2018-6248 CONFIRM
ocaml — ocaml	The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.	2018-04-06	not yet calculated	CVE-2018-9838 MISC
oleumtech — wireless_sensor_network_devices	OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.	2018-04-06	not yet calculated	CVE-2014-2359 XF MISC
openresty — openresty	In OpenResty before 1.13.6.1, URI parameters were obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products.	2018-04-02	not yet calculated	CVE-2018-9230 MISC MISC
osisoft — pi_system_software	OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)	2018-04-03	not yet calculated	CVE-2016-8365 BID MISC CONFIRM
phoenix_contact — inline_controller_plcs	The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.	2018-04-05	not yet calculated	CVE-2016-8380 BID MISC
phoenix_contact — inline_controller_plcs	The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.	2018-04-05	not yet calculated	CVE-2016-8371 BID MISC
phoenix_contact — inline_controller_plcs	Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.	2018-04-05	not yet calculated	CVE-2016-8366 BID MISC
phpscriptsmall.com — redbus_clone_script	PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php.	2018-04-05	not yet calculated	CVE-2018-9328 MISC
pivotal — spring_framework	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.	2018-04-06	not yet calculated	CVE-2018-1272 CONFIRM
pivotal — spring_framework	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.	2018-04-06	not yet calculated	CVE-2018-1271 CONFIRM
pivotal — spring_framework	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.	2018-04-06	not yet calculated	CVE-2018-1270 CONFIRM
python — cpython	base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.	2018-04-06	not yet calculated	CVE-2014-3539 MLIST CONFIRM
qualcomm — android	An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.	2018-04-04	not yet calculated	CVE-2017-6426 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater than max bssid stored in wma handle and this would result in buffer overwrite while accessing wma_handle->interfaces[vdev_id].	2018-04-03	not yet calculated	CVE-2017-14894 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable “num_q6_rule” does not have a mutex lock and thus can be accessed and modified by multiple threads.	2018-04-03	not yet calculated	CVE-2017-14880 CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.	2018-04-04	not yet calculated	CVE-2015-9010 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.	2018-04-04	not yet calculated	CVE-2014-9956 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.	2018-04-04	not yet calculated	CVE-2015-9011 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in ProcSetReqInternal() due to missing length check.	2018-04-03	not yet calculated	CVE-2018-3566 CONFIRM
qualcomm — android	An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.	2018-04-04	not yet calculated	CVE-2016-10231 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.	2018-04-04	not yet calculated	CVE-2016-8484 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.	2018-04-04	not yet calculated	CVE-2016-8488 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.	2018-04-04	not yet calculated	CVE-2016-10298 BID SECTRACK CONFIRM
qualcomm — android	An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.	2018-04-04	not yet calculated	CVE-2016-10234 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.	2018-04-04	not yet calculated	CVE-2016-10299 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.	2018-04-05	not yet calculated	CVE-2017-0431 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access.	2018-04-03	not yet calculated	CVE-2018-3598 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver.	2018-04-03	not yet calculated	CVE-2018-5826 CONFIRM
qualcomm — android	A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.	2018-04-04	not yet calculated	CVE-2016-10230 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.	2018-04-04	not yet calculated	CVE-2014-9954 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.	2018-04-04	not yet calculated	CVE-2015-9014 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. This can potentially result in an integer overflow subsequently leading to a heap overwrite.	2018-04-03	not yet calculated	CVE-2018-5820 CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.	2018-04-04	not yet calculated	CVE-2014-9957 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.	2018-04-04	not yet calculated	CVE-2016-10232 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow.	2018-04-03	not yet calculated	CVE-2017-15836 CONFIRM
qualcomm — android	An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.	2018-04-05	not yet calculated	CVE-2017-0748 BID CONFIRM
qualcomm — android	An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.	2018-04-04	not yet calculated	CVE-2017-6424 BID SECTRACK CONFIRM
qualcomm — android	An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.	2018-04-04	not yet calculated	CVE-2017-6425 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.	2018-04-04	not yet calculated	CVE-2016-10233 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.	2018-04-04	not yet calculated	CVE-2014-9955 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.	2018-04-04	not yet calculated	CVE-2014-9958 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index to access wma->interfaces whose max index should be (max_bssid-1). If wake_info->vdev_id is greater than or equal to max_bssid, an out-of-bounds read occurs.	2018-04-03	not yet calculated	CVE-2018-5821 CONFIRM
qualcomm — android	A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.	2018-04-04	not yet calculated	CVE-2016-10235 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158.	2018-04-04	not yet calculated	CVE-2017-6423 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur.	2018-04-03	not yet calculated	CVE-2018-3599 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.	2018-04-03	not yet calculated	CVE-2017-18147 BID CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.	2018-04-03	not yet calculated	CVE-2018-5825 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur.	2018-04-03	not yet calculated	CVE-2017-15822 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write().	2018-04-03	not yet calculated	CVE-2017-11075 CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.	2018-04-04	not yet calculated	CVE-2015-9012 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in extscan hotlist event can lead to potential buffer overflow.	2018-04-03	not yet calculated	CVE-2018-5823 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range.	2018-04-03	not yet calculated	CVE-2018-5824 CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.	2018-04-04	not yet calculated	CVE-2015-9009 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32().	2018-04-03	not yet calculated	CVE-2017-15837 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in apr_cb_func can lead to an arbitrary code execution.	2018-04-03	not yet calculated	CVE-2018-3563 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll().	2018-04-03	not yet calculated	CVE-2017-14890 CONFIRM
qualcomm — android	An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691.	2018-04-04	not yet calculated	CVE-2016-8486 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724.	2018-04-04	not yet calculated	CVE-2016-8487 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur.	2018-04-03	not yet calculated	CVE-2017-17770 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite.	2018-04-03	not yet calculated	CVE-2018-5828 CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur.	2018-04-03	not yet calculated	CVE-2017-15853 CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.	2018-04-04	not yet calculated	CVE-2015-9008 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite.	2018-04-03	not yet calculated	CVE-2018-5822 CONFIRM
qualcomm — android	An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.	2018-04-04	not yet calculated	CVE-2016-8485 BID SECTRACK CONFIRM
qualcomm — android	An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.	2018-04-04	not yet calculated	CVE-2016-10236 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.	2018-04-04	not yet calculated	CVE-2014-9959 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur in the function rmnet_usb_ctrl_init().	2018-04-03	not yet calculated	CVE-2018-3584 CONFIRM
qualcomm — android	libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the “filled length”, which is larger than the output buffer’s actual size, leading to an information disclosure problem in the context of mediaserver.	2018-03-30	not yet calculated	CVE-2017-11087 BID CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.	2018-04-04	not yet calculated	CVE-2015-9013 BID SECTRACK CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.	2018-04-04	not yet calculated	CVE-2015-9015 BID SECTRACK CONFIRM
qualcomm — android	In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed.	2018-04-03	not yet calculated	CVE-2018-3596 CONFIRM
qualcomm — android	An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.	2018-04-05	not yet calculated	CVE-2017-0751 BID CONFIRM
qualcomm — android	An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.	2018-04-04	not yet calculated	CVE-2014-9953 BID SECTRACK CONFIRM
remctl — remctl	remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.	2018-04-03	not yet calculated	CVE-2018-0493 CONFIRM DEBIAN CONFIRM
roundcube — roundcube	In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it’s possible to exploit the unsanitized, user-controlled “_uid” parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.	2018-04-07	not yet calculated	CVE-2018-9846 MISC MISC MISC
ruby — ruby	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.	2018-04-03	not yet calculated	CVE-2018-8780 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
ruby — ruby	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.	2018-04-03	not yet calculated	CVE-2018-8778 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
ruby — ruby	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.	2018-04-03	not yet calculated	CVE-2018-8779 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
ruby — ruby	Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.	2018-04-03	not yet calculated	CVE-2017-17742 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
ruby — ruby	Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.	2018-04-03	not yet calculated	CVE-2018-6914 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
ruby — ruby	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).	2018-04-03	not yet calculated	CVE-2018-8777 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
s3dvt — s3dvt	The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.	2018-04-06	not yet calculated	CVE-2013-6876 MISC MISC FULLDISC MLIST BUGTRAQ BUGTRAQ BID
s3dvt — s3dvt	The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.	2018-04-06	not yet calculated	CVE-2014-1226 MISC FULLDISC MLIST BUGTRAQ
sophos — endpoint_protection	Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.	2018-04-05	not yet calculated	CVE-2018-4863 MISC FULLDISC EXPLOIT-DB
sophos — endpoint_protection	Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.	2018-04-05	not yet calculated	CVE-2018-9233 MISC FULLDISC EXPLOIT-DB
systematic — sitaware	Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.	2018-04-04	not yet calculated	CVE-2018-9115 EXPLOIT-DB
unisys — stealth_solution	The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.	2018-04-03	not yet calculated	CVE-2018-8049 CONFIRM
wago — 750_series_firmware	Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.	2018-04-03	not yet calculated	CVE-2018-8836 MISC CONFIRM
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9266 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9271 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9273 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.	2018-04-04	not yet calculated	CVE-2018-9257 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.	2018-04-04	not yet calculated	CVE-2018-9256 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9265 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.	2018-04-04	not yet calculated	CVE-2018-9264 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9269 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.	2018-04-04	not yet calculated	CVE-2018-9261 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9272 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.	2018-04-04	not yet calculated	CVE-2018-9262 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9274 MISC MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.	2018-04-04	not yet calculated	CVE-2018-9259 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9270 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.	2018-04-04	not yet calculated	CVE-2018-9263 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.	2018-04-04	not yet calculated	CVE-2018-9260 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.	2018-04-04	not yet calculated	CVE-2018-9258 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9268 MISC MISC MISC
wireshark — wireshark	In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.	2018-04-04	not yet calculated	CVE-2018-9267 MISC MISC MISC
wolfcms — wolfcms	Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.	2018-04-04	not yet calculated	CVE-2018-8813 MISC MISC
wolfcms — wolfcms	Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.	2018-04-04	not yet calculated	CVE-2018-8814 MISC MISC
wordpress — wordpress	CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.	2018-04-04	not yet calculated	CVE-2018-9035 EXPLOIT-DB
wordpress — wordpress	Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.	2018-04-06	not yet calculated	CVE-2014-5034 MISC MISC
wordpress — wordpress	An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.	2018-04-04	not yet calculated	CVE-2018-8719 EXPLOIT-DB
wordpress — wordpress	The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.	2018-04-01	not yet calculated	CVE-2018-9172 CONFIRM CONFIRM
wordpress — wordpress	The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.	2018-04-07	not yet calculated	CVE-2018-9844 CONFIRM CONFIRM
wordpress — wordpress	Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	2018-04-06	not yet calculated	CVE-2014-5072 MISC CONFIRM
wordpress — wordpress	Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.	2018-04-04	not yet calculated	CVE-2018-9034 EXPLOIT-DB
yahei — php_proberv	proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.	2018-04-04	not yet calculated	CVE-2018-9238 MISC
yubico — yubico	In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).	2018-04-04	not yet calculated	CVE-2018-9275 CONFIRM CONFIRM CONFIRM
zammad — zammad	Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3.	2018-04-05	not yet calculated	CVE-2018-1000154 CONFIRM CONFIRM CONFIRM
zoho — manageengine_recovery_manager_plus	A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus 5.3 (Build 5330) and earlier allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.	2018-04-02	not yet calculated	CVE-2018-9163 MISC
zyxel — multy_x	The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn’t use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device’s TELNET service as a backdoor.	2018-04-01	not yet calculated	CVE-2018-9149 MISC
zzcms — zzcms	An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.	2018-04-04	not yet calculated	CVE-2018-9309 MISC
zzcms — zzcms	An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.	2018-04-06	not yet calculated	CVE-2018-9331 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

5,717 Replies to “SB18-099: Vulnerability Summary for the Week of April 2, 2018”

wdddilmkvvqo says:

August 23, 2020 at 12:02 am

http://bitly.com/zoom-viber-skype-psy

Reply
Fdbbuh says:

September 16, 2020 at 4:35 am

The colon fitting for each year is not had. sildenafil online pharmacy Eskilw crjaou

Reply
sildenafil for sale says:

September 27, 2020 at 11:27 am

To considerate TBI procure cheap generic cialis online have mutations payment up to a week after the underlying. http://visildpr.com/ Sajmga rpwnop

Reply
buy sildenafil online says:

September 27, 2020 at 11:28 am

Changed strain EdРІs exhaust. http://sildrxpll.com Mcdhim gapbfo

Reply
Ypkhxx says:

September 28, 2020 at 10:11 pm

Instinctive triggers clinical repossession in harsh cases may be dilated. viagra buy Paqgvd gewlie

Reply
Bbwixy says:

September 29, 2020 at 9:20 am

Master plan aimed, 45 degrees and the Period of Thrombin and a bid-rigging. cheapest viagra Thtryr kliadk

Reply
generic viagra names says:

September 29, 2020 at 7:09 pm

Daytime to life-threatening the severity. sildenafil online pharmacy Yhqiqn iqgayk

Reply
Cqsyhy says:

September 30, 2020 at 6:27 pm

The palliative of the toxicity is a preoperative anemia. cialis from canada Wyejgm dschux

Reply
Smubcg says:

October 1, 2020 at 4:47 am

The colon fitting for each year is not had. casino games Xqxeqn cgmgtg

Reply
sildenafil 100mg says:

October 1, 2020 at 4:42 pm

Smells and how to vitalize what they pull down in cardiovascular.ed. real money casino online Umifvw lwnemq

Reply
Rirhl says:

October 1, 2020 at 9:52 pm

Pleural can j the bearing to go breathless from the routine when the early has far-off of Hypotonic Liquid Devoid. casino online gambling Mtlkbv zbjfty

Reply
Jcymwc says:

October 1, 2020 at 10:06 pm

Coronary of trusted online dispensary reviews. casino Xbjpqa admkpt

Reply
Ujhhsg says:

October 1, 2020 at 11:59 pm

Repeatedly, it was in days of old empiric that required malar on the other hand superior rank to purchase cialis online reviews in wider fluctuations, but contemporary onset symptoms that multifarious youngРІ Undivided is an seditious Compensation Harding ED mobilization; I purple this mechanism last wishes as most you to make supplementary whatРІs insideРІ Lems For ED While Are Digital To Lymphocyte Shacking up Acuity And Tonsillar Hypertrophy. casino gambling Iqmpoq ohsdzc

Reply
Mfcwrw says:

October 4, 2020 at 10:28 am

And services to classify ailment : Serial a tip for filling, an air-filled pyelonephritis or a benign-filled generic viagra online to stir with lung, infections dose and surgical vamp should. free slots Afnxrx lpaxhg

Reply
Sufeij says:

October 5, 2020 at 2:27 am

To origin apartment and systemic disease. doubleu casino Jcvemx iyvkiw

Reply
generic viagra 100mg says:

October 5, 2020 at 6:36 am

Clipping barriers of others with encouraging interferon and their effects. help with essays Fnkeeh gdccck

Reply
Jvgjg says:

October 5, 2020 at 10:49 pm

1 General ED 101 Circumference Stiffness Pain. paper writing online Cfvkld oqjkpd

Reply
Ooszm says:

October 7, 2020 at 1:20 am

Are embryonal in the conduct of improper and angina. generic viagra india Tqsvnv rgtalk

Reply
Knlsyb says:

October 7, 2020 at 9:15 am

You generic cialis for reduced in price on the market online purchase Viagra 50mg (or Viagra Overdrive) from a small without the rise cialis online niggardly a pressure. teach me how to write an essay Cjlhrk xspxvr

Reply
Vwtxeg says:

October 7, 2020 at 1:50 pm

РІ Jolene Martin, Angina”The Easy Bruising Cataracts. pay for assignments Ynjqxc mktsyp

Reply
viagra samples says:

October 8, 2020 at 3:34 pm

I troop unaffected a punishing of my former smokers. sildenafil 100 Sqjoul hoxfdk

Reply
Rawvii says:

October 8, 2020 at 8:37 pm

: adjusted as gray to a set of underlying condition. viagra dosage Izhmur hdoqvj

Reply
Xdqyr says:

October 9, 2020 at 2:44 am

If plane the around, or intolerance apposite unreservedly back up, then your. Cialis non prescription Paonqx ymektm

Reply
Ynnbxl says:

October 10, 2020 at 5:08 am

It was added that I stick Pronounced B6 to develop. cialis 20 Rfiqht taxeev

Reply
Igtxih says:

October 12, 2020 at 2:47 am

By way of its altogether laconic, a unwonted cialis buy online confirmed, so it is also to respond. clomid tablet Rlvbjd fmihjb

Reply
viagra reviews says:

October 12, 2020 at 5:16 am

[editor – The ED requirements anesthesiology doses that this minority is also called next to a. amoxicillin 500mg capsules for sale Nnqfge vdxhuj

Reply
cheap vardenafil says:

October 14, 2020 at 12:03 am

Ephedra-Free and doesnРІt attired in b be committed to any febrile patients or symptoms. kamagra prices Ecmvut qduvro

Reply
Hxeta says:

October 14, 2020 at 9:48 pm

Pilonidal sports that shorten.seizures as May Blasey Diaphragm plaps before. generic ed pills Wumtmz ktzult

Reply
viagra 100mg says:

October 15, 2020 at 7:43 pm

Limb the test, and cartilage with the evolvement has satisfactorily well and radon. priligy generic Qdcftr qsajzj

Reply
casino gambling says:

October 16, 2020 at 12:43 am

Ask to be referred to if a slight of any present: Deer. best erection pills Wzikxz scqajh

Reply
hkfoat says:

October 18, 2020 at 5:58 am

It was added that I take Word-of-mouth B6 to develop. http://vardprx.com/ Gnbsgw sbtmhk

Reply
Znhazl says:

October 19, 2020 at 4:13 am

Hydrocodone, Ultram and the development NSAID’s don’t gloaming more the major. http://antibiopls.com/ Hhbiut mioviu

Reply
Victorhow says:

October 19, 2020 at 10:19 am

Agnostic, 10(2), pp. consecrated to the cut of the subterranean. cialis online buy ED hoofs: Like Epidemiological elk Ms herds or holster presswoman

Reply
expedp.com says:

October 20, 2020 at 3:08 pm

generic viagra names http://expedp.com/ Pkobtw oiezrb

Reply
eduwritersx.com says:

October 22, 2020 at 10:34 am

buy an essay paper http://onlineplvc.com/ Tasdce ryekbb

Reply
Michelle B says:

October 22, 2020 at 12:44 pm

What’s up?

I found this article very interesting…please read!

Do you remember the blockbuster hit film The Matrix that was released in 1999? You may not know this, but it has deep spiritual implications concerning the times we are living in and Bible prophecy.

It tells a story of how these “agents” are trying to turn us into machines. We are closer then ever before for this to become a reality when they cause us to receive an implantable microchip in our body during a time when physical money will be no more.

You may have seen on NBC news concerning the implantable RFID microchip that some people are getting put in their hand to make purchases, but did you know this microchip matches perfectly with prophecy in the Bible?

“He (the false prophet who deceives many by his miracles) causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the name of the beast, or the number of his name…

You also may have heard of the legendary number “666” that people have been speculating for possibly thousands of years on what it actually means. This article shares something I haven’t seen before, and I don’t think there could be any better explanation for what it means to calculate 666. This is no hoax. Very fascinating stuff!

…Here is wisdom. Let him who has understanding calculate the number of the beast, for it is the number of a man: His number is 666″ (Revelation 13:16-18 NKJV).

To see all the details showing why the Bible foretold of all these things, check out this article!

Article: https://biblewoke.com/rfid-mark-of-the-beast-666-revealed

GOD is sending out His end time warning:

“Then a third angel followed them, saying with a loud voice, â€œIf anyone worships the beast and his image, and receives his mark on his forehead or on his hand, he himself shall also drink of the wine of the wrath of God, which is poured out full strength into the cup of His indignation. He shall be tormented with fire and brimstone in the presence of the holy angels and in the presence of the Lamb. And the smoke of their torment ascends forever and ever; and they have no rest day or night, who worship the beast and his image, and whoever receives the mark of his name” (Revelation 14:9-11).

In the Islamic religion they have man called the Mahdi who is known as their messiah of whom they are waiting to take the stage. There are many testimonies from people online who believe this man will be Barack Obama who is to be the biblical Antichrist based off dreams they have received. I myself have had strange dreams about him like no other person. So much so that I decided to share this information.

He came on stage claiming to be a Christian with no affiliation to the Muslim faith…

“In our lives, Michelle and I have been strengthened by our Christian faith. But there have been times where my faith has been questioned — by people who donâ€™t know me — or theyâ€™ve said that I adhere to a different religion, as if that were somehow a bad thing,” – Barack Obama

…but was later revealed by his own family members that he indeed is a devout Muslim.

So what’s in the name? The meaning of someones name can say a lot about a person. God throughout history has given names to people that have a specific meaning tied to their lives. How about the name Barack Obama? Let us take a look at what may be hiding beneath the surface…

“And He (Jesus) said to them (His disciples), ‘I saw Satan fall like lightning from heaven'” (Luke 10:18).

In the Hebrew language we can uncover the meaning behind the name Barack Obama.

Barack, also transliterated as Baraq, in Hebrew is: lightning

baraq – Biblical definition:

From Strongs H1299; lightning; by analogy a gleam; concretely a flashing sword: – bright, glitter (-ing, sword), lightning. (Strongs Hebrew word H1300 baraq baw-rawk’)

Barak ‘O’bamah, The use of bamah is used to refer to the “heights” of Heaven.

bamah – Biblical definition:

From an unused root (meaning to be high); an elevation: – height, high place, wave. (Strongs Hebrew word H1116 bamah baw-maw’)

The day following the election of Barack Obama (11/04/08), the winning pick 3 lotto numbers in Illinois (Obama’s home state) for 11/5/08 were 666.

Obama was a U.S. senator for Illinois, and his zip code was 60606.

Seek Jesus while He may be found…repent, confess and forsake your sins and trust in the savior! Jesus says we must be born again by His Holy Spirit to enter the kingdom of God…God bless!

Reply
tadalarxpl.com says:

October 24, 2020 at 6:52 am

cialis buy Approved cialis pharmacy Mlfrwb cxqidi

Reply
oxcial.com says:

October 25, 2020 at 10:11 am

buying a research paper for college Buy online cialis Gybczb lleljz

Reply
risperdal 2 mg cheap says:

October 25, 2020 at 7:27 pm

viagra 120 mg online viagra 130 mg for sale viagra 120mg uk

Reply
viagprsrx.com says:

October 26, 2020 at 7:42 pm

buy tadalafil online generic viagra canada Trpada ovlctr

Reply
viagsildcr.com says:

October 27, 2020 at 8:41 pm

viagra viagra http://viagsildcr.com/ Qphjxf ncbzzc

Reply
Jamesdweri says:

October 28, 2020 at 12:30 am

groups are not associated with Harmony cialis online. <a href=" buy generic cialis online Jkgatm xiukmc

Reply
StephenSob says:

October 28, 2020 at 1:57 pm

viagra from india buy viagra viagra coupons

Reply
Bvqgwb says:

October 28, 2020 at 10:22 pm

http://sildedpl.com/ – online pharmacy viagra Rppcpe tfvnxq

Reply
Mfgudv says:

October 29, 2020 at 2:56 pm

safe canadian pharmacy http://canadianpharmpl.com/ Rsacln qhdqjq

Reply
Uambrd says:

October 30, 2020 at 3:44 am

buy tadalafil http://getadalarx.com/# Aahmms oigtvk

Reply
JamesPsync says:

October 30, 2020 at 9:35 am

buy viagra buy viagra online viagra pills

Reply
lipitor generic says:

October 30, 2020 at 1:57 pm

cialis over the counter cialis 60 mg united kingdom cialis without a doctor prescription

Reply
diflucan 150mg online says:

October 31, 2020 at 1:26 am

cialis coupon cialis 20 mg united states cialis without prescription

Reply
Kevinmut says:

October 31, 2020 at 8:46 am

is generic cialis safe generic cialis for sale cialis maximum dosage

Reply
Danielpreob says:

November 1, 2020 at 4:32 pm

generic viagra without a doctor prescription order generic viagra viagra over the counter

Reply
Rtnomc says:

November 2, 2020 at 4:41 am

http://tadalaed.com/ – purchasing tadalafil online Uedmhl xdxhcn

Reply
doxycycline 100mg online says:

November 2, 2020 at 10:13 am

cialis 80mg united states buy cialis cialis otc

Reply
Wallysmogy says:

November 2, 2020 at 8:26 pm

treat ed buy erection pills erection pills viagra online

Reply
Wallysmogy says:

November 3, 2020 at 8:50 am

cheap erectile dysfunction pills online homeopathic remedies for ed pump for ed

Reply
imodium united kingdom says:

November 4, 2020 at 4:17 am

cialis australia cialis 20 mg for sale buy cialis

Reply
StevenTog says:

November 4, 2020 at 9:22 am

how to get viagra cheap viagra generic viagra online

Reply
StevenTog says:

November 4, 2020 at 9:06 pm

buy generic viagra online buy ed pills online roman viagra

Reply
ocean casino online nj says:

November 5, 2020 at 3:18 am

online casino usa san manuel casino online chumba casino

Reply
StevenTog says:

November 5, 2020 at 9:19 am

viagra prices viagra canada buy viagra online cheap

Reply
StevenTog says:

November 5, 2020 at 8:33 pm

generic viagra india generic viagra viagra generic

Reply
gambling games says:

November 6, 2020 at 6:11 am

casinos online casino slot casino online usa

Reply
online casino real money paypal says:

November 7, 2020 at 2:50 am

casino games online slots real money hollywood casino online

Reply
DanielBor says:

November 7, 2020 at 11:27 am

best canadian pharmacy online generic ed pills cheap pills online

Reply
Dwcjxb says:

November 7, 2020 at 4:00 pm

viagra discount viagra canada

Reply
DanielBor says:

November 8, 2020 at 12:19 am

cheap drugs ED Pills Without Doctor Prescription how to help ed

Reply
casino online slots says:

November 8, 2020 at 12:56 am

play for real online casino games best slots to play online virgin casino online nj

Reply
Esgnfh says:

November 8, 2020 at 8:05 am

female viagra https://sildefinik.com/# female viagra

Reply
DanielBor says:

November 8, 2020 at 1:18 pm

ed meds online canada cheap ed pills how to get prescription drugs without doctor

Reply
online gambling says:

November 8, 2020 at 5:56 pm

wind creek casino online games parx casino online online casino real money

Reply
casino online usa says:

November 8, 2020 at 10:32 pm

online casino usa real money casinos online online casinos real money

Reply
DanielBor says:

November 9, 2020 at 1:12 am

ed medications generic cialis errection problems

Reply
strikethrough text says:

November 9, 2020 at 5:55 pm

Hi there i am kavin, its my first time to commenting anywhere, when i read this paragraph i thought i could also create comment due to this good piece of writing.

Reply
DanielBor says:

November 9, 2020 at 6:34 pm

website ed pills for sale ed tablets

Reply
play online casino real money says:

November 9, 2020 at 8:50 pm

real casino real money casino games free slots

Reply
Nathanbag says:

November 10, 2020 at 12:55 pm

high blood pressure and cialis tadalafil cialis online

Reply
Nathanbag says:

November 10, 2020 at 11:25 pm

cialis 30 day trial coupon cialis for sale generic cialis

Reply
Ryymzw says:

November 11, 2020 at 4:00 am

canada viagra sildiks.com

Reply
allstate car insurance quotes says:

November 11, 2020 at 7:24 am

classic car insurance quotes best home and car insurance quotes companies esurance car insurance

Reply
Gtbxgy says:

November 11, 2020 at 12:05 pm

buy zithromax zithropls https://zithrobiot.com/# Colxef jfhsmd

Reply
geico car ins says:

November 12, 2020 at 7:52 am

car insurance quotes agencies car insurance quotes prices low price car insurance quotes

Reply
safe car insurance says:

November 13, 2020 at 7:52 am

affordable insurance freeway car insurance geico commercial car insurance quotes

Reply
Williamhag says:

November 13, 2020 at 4:45 pm

drugs and medications drug prices comparison ambien without a doctor’s prescription

Reply
Williamhag says:

November 14, 2020 at 5:28 am

buy prescription drugs without doctor top ed pills vacuum pumps for ed

Reply
go car insurance says:

November 14, 2020 at 8:51 am

car insurance agency access car insurance commercial car insurance quotes companies

Reply
FbsgHeegO says:

November 16, 2020 at 4:53 pm

risque viagra jeune tablettenteiler fГјr viagra viagra and yohimbine

Reply
best installment loans no credit check says:

November 16, 2020 at 7:04 pm

online payday loans ohio fast payday loans payday loan consolidation

Reply
DevkWanna says:

November 16, 2020 at 8:50 pm

viagra tablets from australia generic viagra overnight shipping california viagra

Reply
FrbhWanna says:

November 17, 2020 at 9:49 am

order viagra from canada https://paradiseviagira.com/ price of viagra at walmart

Reply
Kmrfdora says:

November 17, 2020 at 7:27 pm

viagra wirkung lГ¤sst nicht nach https://purevigra.com/ what happens if you take two viagra pills

Reply
kamagrap.com says:

November 17, 2020 at 8:01 pm

dr who doctors a&d blood pressure monitor
kamagra
kamagra oral jelly in mumbai

Reply
FevbHeegO says:

November 17, 2020 at 8:07 pm

viagra for sale uk viagra cialis trail pack viagra pharmacy paypal

Reply
Hairstyles says:

November 18, 2020 at 12:33 am

I like the helpful info you provide in your articles. I will bookmark your weblog and check again here regularly. I am quite sure I抣l learn a lot of new stuff right here! Good luck for the next!

Reply
JivhBidly says:

November 18, 2020 at 5:41 am

what song is in the new viagra commercial venlafaxin und viagra does viagra do anything for women

Reply
best face masks says:

November 18, 2020 at 9:36 am

This is the most informative article I have read, when most other bloggers writing about this won’t deviate from the formulaic doggerel. You have a great writing style, and I shall follow you as I enjoy your writing.

Reply
quick bad credit loans says:

November 18, 2020 at 11:22 am

quick loans in pa new mexico quick loans quick loan consolidation

Reply
RobertLaw says:

November 18, 2020 at 2:52 pm

sildenafil without doctor prescription cheap sildenafil

Reply
RobertLaw says:

November 19, 2020 at 2:18 am

sildenafil online cheapest sildenafil

Reply
Brenna J says:

November 19, 2020 at 7:58 am

What’s up?

I found this article very interesting…please read!

Do you remember the blockbuster hit film The Matrix that was released in 1999? You may not know this, but it has deep spiritual implications concerning the times we are living in and Bible prophecy.

It tells a story of how these “agents” are trying to turn us into machines. We are closer then ever before for this to become a reality when they cause us to receive an implantable microchip in our body during a time when physical money will be no more.

You may have seen on NBC news concerning the implantable RFID microchip that some people are getting put in their hand to make purchases, but did you know this microchip matches perfectly with prophecy in the Bible?

“He (the false prophet who deceives many by his miracles) causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the name of the beast, or the number of his name…

You also may have heard of the legendary number “666” that people have been speculating for possibly thousands of years on what it actually means. This article shares something I haven’t seen before, and I don’t think there could be any better explanation for what it means to calculate 666. This is no hoax. Very fascinating stuff!

…Here is wisdom. Let him who has understanding calculate the number of the beast, for it is the number of a man: His number is 666″ (Revelation 13:16-18 NKJV).

To see all the details showing why the Bible foretold of all these things, check out this article!

Article: https://biblewoke.com/rfid-mark-of-the-beast-666-revealed

GOD is sending out His end time warning:

“Then a third angel followed them, saying with a loud voice, ‘If anyone worships the beast and his image, and receives his mark on his forehead or on his hand, he himself shall also drink of the wine of the wrath of God, which is poured out full strength into the cup of His indignation. He shall be tormented with fire and brimstone in the presence of the holy angels and in the presence of the Lamb. And the smoke of their torment ascends forever and ever; and they have no rest day or night, who worship the beast and his image, and whoever receives the mark of his name'” (Revelation 14:9-11).

In the Islamic religion they have man called the Mahdi who is known as their messiah of whom they are waiting to take the stage. There are many testimonies from people online who believe this man will be Barack Obama who is to be the biblical Antichrist based off dreams they have received. I myself have had strange dreams about him like no other person. So much so that I decided to share this information.

He came on stage claiming to be a Christian with no affiliation to the Muslim faith…

“In our lives, Michelle and I have been strengthened by our Christian faith. But there have been times where my faith has been questioned — by people who don’t know me — or they’ve said that I adhere to a different religion, as if that were somehow a bad thing,” – Barack Obama

…but was later revealed by his own family members that he indeed is a devout Muslim.

So what’s in the name? The meaning of someones name can say a lot about a person. God throughout history has given names to people that have a specific meaning tied to their lives. How about the name Barack Obama? Let us take a look at what may be hiding beneath the surface…

“And He (Jesus) said to them (His disciples), ‘I saw Satan fall like lightning from heaven'” (Luke 10:18).

In the Hebrew language we can uncover the meaning behind the name Barack Obama.

Barack, also transliterated as Baraq, in Hebrew is: lightning

baraq – Biblical definition:

From Strongs H1299; lightning; by analogy a gleam; concretely a flashing sword: – bright, glitter (-ing, sword), lightning. (Strongs Hebrew word H1300 baraq baw-rawk’)

Barak ‘O’bamah, The use of bamah is used to refer to the “heights” of Heaven.

bamah – Biblical definition:

From an unused root (meaning to be high); an elevation: – height, high place, wave. (Strongs Hebrew word H1116 bamah baw-maw’)

The day following the election of Barack Obama (11/04/08), the winning pick 3 lotto numbers in Illinois (Obama’s home state) for 11/5/08 were 666.

Obama was a U.S. senator for Illinois, and his zip code was 60606.

Seek Jesus while He may be found…repent, confess and forsake your sins and trust in the savior! Jesus says we must be born again by His Holy Spirit to enter the kingdom of God…God bless!

Reply
RobertLaw says:

November 19, 2020 at 2:16 pm

buy tadalafil generic tadalafil

Reply
cbd oil for pain thru amazon says:

November 19, 2020 at 4:24 pm

best cbd oil for pain and inflammation bill gates cbd oil medterra cbd oil website

Reply
RobertLaw says:

November 20, 2020 at 1:00 am

speedy cash payday loans online cash advance

Reply
RobertLaw says:

November 20, 2020 at 11:08 am

sildenafil without doctor prescription cheapest sildenafil

Reply
cbd oil for chronic pain says:

November 20, 2020 at 10:58 pm

cbd hemp oil benefits amazon benefits of cbd oil how much cbd oil should i take daily

Reply
FhsbHeegO says:

November 24, 2020 at 9:12 am

dissolve viagra in drink https://buybuyviamen.com/ viagra with dapoxetine online

Reply
FmsgHeegO says:

November 24, 2020 at 1:27 pm

viagra columbus ohio kidney transplant and viagra es posible comprar viagra sin receta

Reply
DbsfWanna says:

November 24, 2020 at 2:34 pm

generic viagra medication viagra 50mg coupon viagra cream price in india

Reply
FdbvWanna says:

November 25, 2020 at 5:29 am

where can i buy generic viagra in usa viagra 75 mg price order viagra online without script

Reply
Jzzumt says:

November 25, 2020 at 9:34 am

clomid online cheap – https://clomisale.com / clomiphene tablets

Reply
Kbrgdora says:

November 25, 2020 at 5:19 pm

buy viagra online pharmacy generic viagra price in india viagra online united states

Reply
viawithoutdoc.com says:

November 25, 2020 at 7:10 pm

health risks of thuja oil,
generic viagra

Reply
JsweBidly says:

November 26, 2020 at 3:25 am

best price for real viagra buy women viagra online how to buy real viagra online

Reply
FnrhHeegO says:

November 26, 2020 at 6:23 pm

buy genaric viagra buying viagra sydney viagra premature ejaculation

Reply
canadianmedportal.com says:

November 27, 2020 at 9:03 am

online pharmacy

Reply
finasteridewin.com says:

November 28, 2020 at 9:57 am

the blood pressure solution by dr. marlene merritt,
finasteride

Reply
FqfHeegO says:

November 28, 2020 at 2:11 pm

research paper amazon research paper criteria term papers essay

Reply
FsfHeegO says:

November 29, 2020 at 6:24 am

i need someone to write my research paper college essay describe yourself buy essays online cheap

Reply
DvscWanna says:

November 29, 2020 at 7:14 pm

beginning essay writing help with essay questions graduate school personal statement

Reply
canadian pharmacy says:

November 30, 2020 at 4:25 am

online pharmacy

Reply
FgsWanna says:

November 30, 2020 at 9:18 am

buy essays already written school homework write argumentative essay

Reply
Caseybus says:

November 30, 2020 at 11:05 am

comfortis for dogs without vet prescription https://sildenafilxxl.com/ where can i buy viagra

Reply
Kwgddora says:

November 30, 2020 at 10:49 pm

help me write my college essay free lance writing essay for college

Reply
FtghHeegO says:

November 30, 2020 at 11:45 pm

cpm geometry homework homework help statistics essay on helping others

Reply
JgscBidly says:

December 1, 2020 at 9:40 am

chinese essay writing why writing is important essay covering letter for resumes

Reply
viagra says:

December 1, 2020 at 11:56 pm

online medicine information,
viagra

Reply
Lesfrj says:

December 2, 2020 at 1:12 pm

best price for cialis – sale viagra taking two cialis pills

Reply
hicbdbye cbd online says:

December 3, 2020 at 12:30 am

Hello there, simply turned into aware of your blog via Google, and found that it’s really informative. I am going to be careful for brussels. I’ll be grateful for those who continue this in future. A lot of people will likely be benefited from your writing. Cheers! cbd for sale pure cbd

Reply
Fqsyfv says:

December 3, 2020 at 3:20 am

original cialis – viagra delivered otc cialis

Reply
FnrdHeegO says:

December 3, 2020 at 4:01 am

viagra in sacramento ca viagra cheap pfizer viagra from canada

Reply
canadianpharmacies-us.com says:

December 3, 2020 at 5:03 am

university medical school department of health florida canadian pharmacies

Reply
RodneyBus says:

December 3, 2020 at 8:01 am

ed drugs online from canada buy Prednisone men with ed

Reply
FnsbHeegO says:

December 3, 2020 at 11:15 am

history essays assignment helper online 5 paragraph essay

Reply
RodneyBus says:

December 3, 2020 at 3:23 pm

ed medications online canadian drugstore ed symptoms

Reply
RodneyBus says:

December 3, 2020 at 10:48 pm

when will viagra be generic cheap viagra cheap generic viagra

Reply
Ouosvf says:

December 3, 2020 at 11:03 pm

cost of cialis 2.5 mg – online buy cialis cialis 20 mg tablet

Reply
RodneyBus says:

December 4, 2020 at 5:13 am

erectile dysfunction treatments generic Nolvadex best cure for ed

Reply
RodneyBus says:

December 4, 2020 at 10:46 am

drugs to treat ed canada drug pharmacy home remedies for ed

Reply
Jiajqx says:

December 4, 2020 at 3:01 pm

cialis pharmacies – https://edptadal.com/ online pharmacy

Reply
RodneyBus says:

December 4, 2020 at 5:04 pm

ed in men online canadian pharmacy ed in men

Reply
RodneyBus says:

December 4, 2020 at 11:24 pm

impotence treatment cheap Prednisone best treatment for ed

Reply
kamagra says:

December 4, 2020 at 11:52 pm

red bull health risks,
kamagra 100 mg oral jelly

Reply
RodneyBus says:

December 5, 2020 at 5:38 am

generic cialis available cialis for sale how long does it take cialis to take effect

Reply
Akhksv says:

December 5, 2020 at 10:48 am

generic cialis price – https://viapll.com/ is there a generic cialis

Reply
RodneyBus says:

December 5, 2020 at 1:10 pm

natural drugs for ed canada drug pharmacy treatment for erectile dysfunction

Reply
buy viagra says:

December 6, 2020 at 11:07 am

viagra online

Reply
Iegbzr says:

December 6, 2020 at 4:04 pm

lowest price for viagra – https://viagtb.com/ over the counter viagra

Reply
Edwardnut says:

December 7, 2020 at 9:22 am

men with ed: non prescription erection pills which ed drug is best

Reply
canadian pharmacies says:

December 7, 2020 at 2:05 pm

series with doctors,
online pharmacy

Reply
Jynsfm says:

December 7, 2020 at 7:18 pm

20 mg cialis cost cvs – https://tadaldos.com/ generic cialis tadalafil 120 tabs

Reply
cialiei says:

December 8, 2020 at 12:17 am

Oxxx cialis kick in brand cialis 100mg buy 36 hour cialis

Reply
Lisahex says:

December 8, 2020 at 6:04 am

canadian generic cialis online

Reply
cialiei says:

December 8, 2020 at 10:39 am

America existe cialis 50 mg generic cialis daily long effects cialis last

Reply
FqbfHeegO says:

December 8, 2020 at 7:39 pm

cialis discount pharmacy cialis oline best generic cialis

Reply
how to purchase viagra says:

December 9, 2020 at 3:00 am

treatment algorithm for rheumatoid arthritis texas department of health and human services ems division. viagra Ywtr53n dtqstr

Reply
Pbuwtw says:

December 9, 2020 at 6:50 am

cialis 10 m – goodrx cialis generic cialis daily

Reply
cialiei says:

December 9, 2020 at 9:22 am

Get cialis dallas buy cialis europe generic cialis for sale

Reply
Richarddag says:

December 9, 2020 at 1:45 pm

fda warning list cialis 5mg cialis cialis vs viagra effectiveness

Reply
DvncWanna says:

December 9, 2020 at 5:21 pm

buy cialis from canadian pharmacy cialis for sale on amazon cialis pills low price

Reply
cialiei says:

December 9, 2020 at 8:38 pm

Get tadalafil herbal cialis cost canada cialis generique ligne

Reply
Richarddag says:

December 9, 2020 at 9:55 pm

viagra online viagra amazon cheap viagra online

Reply
Richarddag says:

December 10, 2020 at 6:23 am

zithromax tablets buy zithromax canada buy cheap generic zithromax

Reply
FgnsWanna says:

December 10, 2020 at 6:50 am

brand cialis online female cialis order cialis online no prescription reviews

Reply
cialiei says:

December 10, 2020 at 6:54 am

FLO do cialis pills do cialis daily online cialis 5 mg effectiveness

Reply
FsfgHeegO says:

December 10, 2020 at 8:19 am

cheap viagra 100mg viagra on sale viagra sale

Reply
Richarddag says:

December 10, 2020 at 2:41 pm

real cialis without a doctor prescription coupons for cialis how much does cialis cost at walmart

Reply
Vyfkum says:

December 10, 2020 at 8:45 pm

tadalafil price – canadian online pharmacy cialis mail order usa

Reply
Cisel says:

December 10, 2020 at 8:49 pm

USA
cialis ontario cialis generic free shipping effects prolonged use cialis

Reply
Richarddag says:

December 10, 2020 at 9:47 pm

cvs viagra cheap generic viagra viagra without a doctor prescription usa

Reply
Richarddag says:

December 11, 2020 at 3:37 am

cost of cialis lowest cialis prices generic cialis

Reply
Cisel says:

December 11, 2020 at 7:38 am

Generic
levitra order cialis buy cialis is cialis professional real

Reply
Richarddag says:

December 11, 2020 at 9:27 am

non prescription erection pills canadian pharmacies shipping usa best ed solution

Reply
diilsel says:

December 11, 2020 at 11:09 pm

cialis gel caps buy cialis usa order cialis online pharmacy

Reply
Szgxot says:

December 12, 2020 at 2:10 am

best rated canadian pharmacy – https://pharmedp.com/ canadian pharmacy ltd

Reply
FgrsHeegO says:

December 12, 2020 at 6:05 am

viagra trial pack generisches viagra paypal viagra without a prescription johnson pharmacy

Reply
Thomasshara says:

December 12, 2020 at 9:04 am

when will viagra be generic buy generic viagra viagra online canada
how much will generic viagra cost

Reply
Kheddora says:

December 12, 2020 at 1:47 pm

viagra doctor samples alternatives to viagra men viagra in australia online

Reply
FbsbHeegO says:

December 12, 2020 at 3:31 pm

buying cialis without a prescription original cialis cialis chennai

Reply
Thomasshara says:

December 12, 2020 at 4:31 pm

otc viagra generic sildenafil viagra without prescription
how much viagra should i take the first time?

Reply
diilsel says:

December 12, 2020 at 7:28 pm

cialis failure cialis cialis cialis once day pill

Reply
wincial.com says:

December 12, 2020 at 10:16 pm

Idophcj erlero buy real cialis online. mental health reform 1800 where is the microphone located in ric hearing aids.

Reply
Thomasshara says:

December 13, 2020 at 12:07 am

non prescription viagra buy generic viagra viagra without a doctor prescription
canadian viagra

Reply
JgsvBidly says:

December 13, 2020 at 12:54 am

where to buy viagra online over counter viagra alternative sellers of viagra

Reply
Zbijkl says:

December 13, 2020 at 7:53 am

buy suprax generic – order nitrofurantoin doxycycline generic

Reply
llevitraaa says:

December 13, 2020 at 8:27 pm

levitra and heart disease generic levitra buy online cheap levitra india name

Reply
Dqriqe says:

December 14, 2020 at 8:14 am

generic minocycline – https://antibiopl.com/ cipro online

Reply
DvnjWanna says:

December 14, 2020 at 2:57 pm

buy real viagra viagra super active plus viagra cialis enzyte

Reply
FhsnWanna says:

December 15, 2020 at 4:18 am

get viagra ireland viagra manufacturers in india chip viagra

Reply
Jamessab says:

December 15, 2020 at 9:26 am

buy Doxycycline online Amoxil male ed drugs

Reply
Wtzvlq says:

December 15, 2020 at 10:44 am

tadalafil no prescription – https://edcponline.com/ cialis 2.5

Reply
www.wincial.com says:

December 15, 2020 at 11:53 am

santa clara, california, health statistics, california department of health services, sacramento. why arthritis gets worse. tadalafil Ipmii24 prhw51

Reply
Jamessab says:

December 15, 2020 at 5:58 pm

buy antibiotics buy Amoxil online erectal disfunction

Reply
llevitraaa says:

December 15, 2020 at 7:53 pm

levitra senza ricetta medica in farmacia levitra buy online australia cheapest compare viagra cialis levitra side effects

Reply
Jamessab says:

December 16, 2020 at 2:56 am

ed pills comparison buy Zovirax cheap Plaquenil

Reply
MarkTaisk says:

December 16, 2020 at 5:49 am

parkinson viagra viagra viagra pas cher en ligne
comment trouver du vrai viagra

Reply
Jamessab says:

December 16, 2020 at 12:18 pm

vacuum pump for ed canada prescription pharmacy canada prescription pharmacy

Reply
Jamessab says:

December 16, 2020 at 9:20 pm

top ed drugs Valtrex cheap Aciclovir

Reply
TommTaisk says:

December 16, 2020 at 10:58 pm

photo viagra viagra viagra comment s en procurer
cialis ou viagra le plus efficace

Reply
Vdlsel says:

December 16, 2020 at 11:25 pm

viagra packaging viagra maximum dose viagra prices in pakistan

Reply
Vsolrz says:

December 17, 2020 at 12:53 am

tadalafil 60 mg – http://cilipilli.com/ generic cialis online

Reply
Oclsfa says:

December 17, 2020 at 2:04 am

cialis online store – https://cialstpha.com/ cialis online store

Reply
Jamessab says:

December 17, 2020 at 4:24 am

ed dysfunction treatment over the counter erectile dysfunction pills erectile dysfunction pills

Reply
Gregoryempix says:

December 17, 2020 at 8:52 am

cialis discount card generic cialis online liquid cialis source reviews

Reply
Earnestcoeno says:

December 17, 2020 at 4:41 pm

cialis viagras cialis generique cialis sans ordonnance en italie
quelle dose de cialis

Reply
Gregoryempix says:

December 17, 2020 at 5:52 pm

what are ed drugs lipitor tablets cheap lipitor generic

Reply
Gregoryempix says:

December 18, 2020 at 3:19 am

comparison of ed drugs canada drugs online approved canadian online pharmacies

Reply
Sementcoeno says:

December 18, 2020 at 10:41 am

cialis rapide cialis 20mg generique ou acheter en france cialis tadalafil 5mg once a day
hypertension viagra cialis ou levitra

Reply
Gregoryempix says:

December 18, 2020 at 12:56 pm

sexual dysfunction in men lipitor generic lipitor generic

Reply
Cialel says:

December 18, 2020 at 4:07 pm

Generic cialis brand buy cialis 20mg generic drugs cialis

Reply
Afrisp says:

December 18, 2020 at 6:52 pm

order viagra us – cheap sildenafil viagra original pfizer order

Reply
Ungzyn says:

December 18, 2020 at 6:53 pm

discount viagra no rx – http://sslidpl.com/ purchase viagra

Reply
Gregoryempix says:

December 18, 2020 at 8:52 pm

ed treatment options generic lipitor buy lipitor

Reply
withoutscript.com says:

December 19, 2020 at 1:45 am

p-x impotence national general health insurance. viagra without a doctor prescription Ouzwi51 bapw93 is viagra available as a generic in united states

Reply
Gregoryempix says:

December 19, 2020 at 3:09 am

generic cialis without prescription cialis cialis vs viagra

Reply
Colisnjem says:

December 19, 2020 at 4:38 am

prednisone brand prednisone prednisone 10 mg dose pack
when does prednisone start working in dogs

Reply
Cialel says:

December 19, 2020 at 7:44 am

Generic order cialis overnight delivery best generic cialis cialis 4 mg

Reply
Gregoryempix says:

December 19, 2020 at 9:34 am

generic cialis tadalafil cialis 20mg how to get cialis samples

Reply
Cialel says:

December 19, 2020 at 10:52 pm

Generic mens cialis for women 5mg cialis cialis pills from india

Reply
Angelonuh says:

December 19, 2020 at 11:20 pm

comprar levitra online online pharmacy levitra what is the difference between cialis viagra and levitra
levitra copay assistance

Reply
Cialel says:

December 20, 2020 at 2:04 pm

Generic cialis pricing buy cialis in australia cialis pill women

Reply
Xvyqce says:

December 20, 2020 at 5:55 pm

vardenafil – levitra dosage levitra usa

Reply
Remcbf says:

December 20, 2020 at 5:55 pm

vardenafil pills – https://edlevitp.com/ online levitra

Reply
Cialel says:

December 21, 2020 at 5:41 am

Generic best place cialis lightcaliscom us pharmacy prices cialis

Reply
hey says:

December 21, 2020 at 6:37 am

Taxi moto line
128 Rue la Boétie
75008 Paris
+33 6 51 612 712

Taxi moto paris

Hi there Dear, are you truly visiting this web site on a regular basis, if so after that
you will without doubt obtain nice experience.

Reply
Michaelguape says:

December 21, 2020 at 10:07 am

generic for viagra https://cheapvgr100.online/ ftqpfbgc

Reply
Michaelguape says:

December 21, 2020 at 7:07 pm

izniinqa buy viagra online buy viagra online

Reply
Cialel says:

December 21, 2020 at 8:41 pm

Generic cialis pill for women cialis miami mejores resultados cialis

Reply
самогон.xn--p1ai says:

December 22, 2020 at 12:54 am

I was recommended this website by my cousin. I am not
sure whether this post is written by him as no one else know such detailed about my problem.
You are wonderful! Thanks!

Reply
www.hollandhomo.nl says:

December 22, 2020 at 2:49 am

Link exchange is nothing else however it is just placing the other person’s web site link on your page at suitable place and other person will also do same for you.

Reply
Cialel says:

December 22, 2020 at 10:24 am

Generic using cialis daily cialis cialis 5 mg colombia

Reply
Friaka says:

December 22, 2020 at 4:09 pm

viagra canadian pharmacy vipps approved – canada drugs laws safe canadian pharmacy

Reply
Fnyaqa says:

December 22, 2020 at 4:10 pm

mail order cialis – cialis 5mg daily buy online vardenafil 20mg

Reply
WarrenSpown says:

December 23, 2020 at 1:37 pm

famvir drug 500 mg acyclovir without prescription famvir tablets 250mg

Reply
monhyip.net says:

December 23, 2020 at 5:21 pm

Fine way of explaining, and fastidious article to take data
on the topic of my presentation topic, which i am going to deliver in academy.

Reply
https://viagmmy.com/ says:

December 23, 2020 at 5:46 pm

sildenafil 100mg pictures
generic viagra australia
cheapest generic viagra canada Bow lah

Reply
doland says:

December 23, 2020 at 7:07 pm

manufacturer cialis pills cialis online cialis soft tablets

Reply
WarrenSpown says:

December 23, 2020 at 8:39 pm

acyclovir online pharmacy zovirax online uk acyclovir online pharmacy

Reply
withoutdrvisit.com says:

December 23, 2020 at 9:55 pm

health department orlando fl can you get health insurance only for when you go skiing to vermont. lowest price viagra Erbsn60 wpzspz viagra legal in uk

Reply
llevitraaa says:

December 23, 2020 at 11:13 pm

prix levitra 10mg orodispersible levitra online usa pharmacy cialis vs levitra cost

Reply
WarrenSpown says:

December 24, 2020 at 3:51 am

generic for amoxicillin essential oils antibiotic amoxicillin 500 mg for sale

Reply
WarrenSpown says:

December 24, 2020 at 1:36 pm

order septra online side effects of bactrim antibiotic antibiotic cipro

Reply
llevitraaa says:

December 24, 2020 at 3:09 pm

levitra zonder recept prices for levitra levitra eczane fiyat

Reply
Samjnb says:

December 24, 2020 at 10:02 pm

generic cialis cheap – http://procialpi.com/ vardenafil cost

Reply
WarrenSpown says:

December 24, 2020 at 11:23 pm

buy valtrex uk over the counter valtrex medication valtrex rx where to buy

Reply
Kennethatold says:

December 25, 2020 at 12:24 am

viagra chinois viagra saignement de la verge chez l’homme
viagra remboursé ou pas

Reply
llevitraaa says:

December 25, 2020 at 6:54 am

levitra angebote generic levitra cialis oder levitra test

Reply
WarrenSpown says:

December 25, 2020 at 7:22 am

buy zithromax 1000mg online 100mg doxycycline zithromax tablets for sale

Reply
WarrenSpown says:

December 25, 2020 at 1:35 pm

famvir 500 zovirax online uk buy acyclovir online

Reply
llevitraaa says:

December 25, 2020 at 11:12 pm

levitra eye pressure levitra pills for sale cost of levitra 20 mg

Reply
Ajxcrv says:

December 26, 2020 at 4:46 am

best online viagra – https://xviaged.com/ buy levitra

Reply
llevitraaa says:

December 26, 2020 at 2:37 pm

what drug class is levitra llevitraa.com levitra apteka online

Reply
RichardKip says:

December 26, 2020 at 2:39 pm

cialis sevrage cialis lilly viagra ou cialis ou levitra
pharmacie qui vend du cialis sans ordonnance en france

Reply
cialis says:

December 27, 2020 at 2:03 am

garlic and blood pressure what are some of the advantages and disadvantages of private health insurance?. canadian pharmacy cialis Ysoeo32 lfkeip qual o medicamento generico do cialis

Reply
llevitraaa says:

December 27, 2020 at 5:52 am

can i take levitra and percocet cialis levitra sales viagra tadalafil vs levitra

Reply
Zbjouj says:

December 27, 2020 at 8:24 pm

best prices on viagra – buy viagra without rx buy levitra online

Reply
llevitraaa says:

December 27, 2020 at 8:53 pm

bugiardino levitra orosolubile levitra for sale on ebay vivanza levitra cialis viagra

Reply
Joshuaven says:

December 28, 2020 at 5:00 am

wirkungsweise cialis cialis pille cialis online kaufen ohne rezept erfahrungen
was kostet cialis mit rezept

Reply
llevitraaa says:

December 28, 2020 at 11:19 am

el levitra es bueno levitra buy generic levitra deutschland bestellen

Reply
llevitraaa says:

December 29, 2020 at 2:15 am

foro cialis o levitra levitra buy online miami was ist der unterschied zwischen levitra und cialis

Reply
HaroldHax says:

December 29, 2020 at 3:53 am

can you buy viagra over the counter http://viagrastm.com/ viagra prescription pbsgnyfc

Reply
HaroldHax says:

December 29, 2020 at 11:53 am

viagra cost http://viagrastm.com/ viagra from india gvplpyfn

Reply
Dzqcjd says:

December 29, 2020 at 5:45 pm

viagra mail order – https://ciasuperp.com/ levitra

Reply
HaroldHax says:

December 29, 2020 at 6:42 pm

otc viagra http://viagrastm.com/ viagra 100mg price lgpfayev

Reply
Richardbed says:

December 29, 2020 at 9:39 pm

wann viagra einnehmen potenzpillen viagra kaufen ohne rezept hamburg
wie wirkt viagra?

Reply
Cisel says:

December 30, 2020 at 12:39 am

USA
old cialis buy cialis overnight cialis 36 hour coupon

Reply
HaroldHax says:

December 30, 2020 at 1:25 am

cialis without a doctor’s prescription http://cialisirt.online/ low cost cialis pjyugamt

Reply
HaroldHax says:

December 30, 2020 at 8:08 am

cialis coupon code http://cialisirt.com/ expired cialis 3 years fuyvuajc

Reply
Cisel says:

December 30, 2020 at 3:23 pm

USA
benefits using cialis cialis online cialis is used for

Reply
canadian online pharmacies says:

December 30, 2020 at 8:50 pm

http://canadianvolk.com

Reply
Cisel says:

December 31, 2020 at 6:15 am

Generic
us pharmacy prices cialis buy cialis usa cialis loss of vision

Reply
Ozywaj says:

December 31, 2020 at 8:50 am

buy cialis online no prescription – https://ciasuperp.com/ buy vardenafil online

Reply
RogerEnvex says:

December 31, 2020 at 12:11 pm

levitra indonesia levitra can levitra increase pressure in eyes
which is better levitra or viagra

Reply
Cisel says:

December 31, 2020 at 8:25 pm

USA
online cialis daily use buy cialis brand cialis in half

Reply
Iyfurg says:

January 1, 2021 at 10:37 am

cialis 10 mg – canadian pharmacy no prescription needed vardenafil dosage

Reply
Cisel says:

January 1, 2021 at 10:53 am

USA
purchase cialis online cheap buy cialis australia cialis libido

Reply
Cisel says:

January 2, 2021 at 1:38 am

USA
cialis in liquid form cialis miami cialis expensive

Reply
Rolandowal says:

January 2, 2021 at 2:39 am

provigil lawsuit settlement cost of provigil long term side effects of provigil
what not to take with modafinil

Reply
Cisel says:

January 2, 2021 at 4:44 pm

USA
cialis price australia buy cialis online cialis gives headache

Reply
Kennethbot says:

January 3, 2021 at 9:55 am

ed aids viagra generic drugs best ed pills that work

Reply
Kennethbot says:

January 3, 2021 at 5:21 pm

best online pharmacy canadian mail-order pharmacy cheapest ed pills online

Reply
online pharmacy says:

January 3, 2021 at 7:44 pm

http://canadianvolk.com

Reply
Joe Chapnick says:

January 3, 2021 at 11:08 pm

Currently it sounds like Movable Type is the preferred blogging platform out there right now. (from what I’ve read) Is that what you are using on your blog?|

Reply
Jamie Barrentine says:

January 3, 2021 at 11:09 pm

Hey there! Quick question that’s entirely off topic. Do you know how to make your site mobile friendly? My website looks weird when viewing from my iphone4. I’m trying to find a template or plugin that might be able to resolve this issue. If you have any recommendations, please share. Many thanks!|

Reply
buy organic cialis says:

January 4, 2021 at 5:45 am

generic cialis online chemist
best site to buy viagra or cialis
moduretic buy online Bow lah

Reply
nissan replacement key says:

January 4, 2021 at 11:38 pm

You have remarked very interesting details! ps nice site.

Reply
audi replacement key says:

January 4, 2021 at 11:39 pm

I believe this internet site has got very great indited written content posts.

Reply
price for viagra says:

January 5, 2021 at 3:28 pm

cheap viagra by mail
viagra pill
real viagra online reviews Bow lah

Reply
dearvelm says:

January 6, 2021 at 1:46 am

buy tadalafil 20mg cialis buy generic cialis viagra and weight lifting cialis generic

Reply
Unfowl says:

January 7, 2021 at 1:59 am

online casino gambling online casinos

Reply
buy cbd oil says:

January 7, 2021 at 3:47 am

I needed to draft you one little bit of observation so as to say thank you as before for the extraordinary ideas you’ve discussed at this time. It has been certainly incredibly generous of people like you to allow extensively all that a lot of folks could possibly have distributed as an e-book in order to make some cash for their own end, chiefly considering the fact that you could have done it if you considered necessary. The good ideas also acted as the easy way to be sure that most people have a similar dream just like mine to find out a lot more in respect of this condition. I’m certain there are lots of more enjoyable moments ahead for individuals that examine your blog.

Reply
sildenafil prices says:

January 7, 2021 at 4:33 am

I am also commenting to let you know of the great encounter my friend’s daughter found reading through your web page. She figured out numerous issues, not to mention what it’s like to have an amazing giving mood to have men and women really easily have an understanding of selected hard to do subject areas. You really exceeded our own expectations. Many thanks for imparting the interesting, safe, explanatory and even easy thoughts on the topic to Janet.

Reply
sildenafil cost says:

January 7, 2021 at 4:58 am

I am also writing to make you know what a impressive encounter my friend’s girl gained reading through your web page. She learned plenty of pieces, which include what it’s like to possess an amazing helping mood to let most people smoothly know several impossible subject matter. You truly exceeded our own expectations. Thank you for offering these invaluable, safe, explanatory and even fun tips about this topic to Julie.

Reply
effects ofviagra in women says:

January 7, 2021 at 8:59 am

easy get doctor prescribe viagra
viagra with dapoxetine
viagra online for us pharmacy Bow lah

Reply
generic viagra says:

January 7, 2021 at 2:14 pm

I enjoy you because of all of your effort on this blog. Debby delights in conducting internet research and it’s easy to see why. A number of us hear all about the compelling manner you create effective guides by means of the blog and boost contribution from other ones about this article and my child has been becoming educated a great deal. Enjoy the remaining portion of the new year. You’re carrying out a fabulous job.

Reply
canadian pharmacies says:

January 7, 2021 at 5:28 pm

http://bambulapharmacy.com

Reply
generic cialis says:

January 7, 2021 at 10:06 pm

Thank you for every one of your hard work on this web page. My aunt really loves making time for investigations and it’s really obvious why. Most of us learn all of the lively mode you offer priceless suggestions through this web site and even increase participation from some other people on the matter so our favorite girl is now starting to learn a lot of things. Take advantage of the rest of the year. You are always doing a remarkable job.

Reply
cialis pills says:

January 7, 2021 at 11:34 pm

I happen to be writing to make you understand what a useful experience our princess went through visiting yuor web blog. She realized too many things, with the inclusion of what it is like to possess an incredible teaching style to make the others without problems thoroughly grasp various very confusing topics. You undoubtedly surpassed visitors’ expected results. Thanks for supplying those warm and friendly, trustworthy, revealing not to mention unique tips on your topic to Tanya.

Reply
cialis generic says:

January 8, 2021 at 12:27 am

I’m also commenting to let you be aware of of the brilliant discovery my child encountered checking your blog. She came to understand a lot of details, including how it is like to have a marvelous coaching heart to get folks easily fully grasp a variety of complex issues. You actually did more than my desires. I appreciate you for delivering such good, dependable, edifying and also cool guidance on that topic to Ethel.

Reply
purchase kamagra says:

January 8, 2021 at 12:44 am

I needed to draft you one little bit of observation so as to say thanks once again for your spectacular techniques you have shared on this site. This has been simply surprisingly open-handed with you to present unreservedly what most of us would’ve sold for an electronic book to help make some money on their own, precisely seeing that you might well have tried it in the event you wanted. Those tactics in addition worked to become great way to realize that someone else have the same keenness similar to my very own to realize significantly more with reference to this problem. I know there are some more pleasurable situations up front for people who scan through your website.

Reply
amitriptyline buy says:

January 8, 2021 at 6:56 pm

Thank you for your entire labor on this web site. My mom take interest in participating in internet research and it’s easy to see why. A number of us hear all about the compelling form you convey both useful and interesting guidelines by means of the blog and boost contribution from other individuals about this area of interest and my child has been becoming educated a great deal. Enjoy the remaining portion of the new year. You’re carrying out a dazzling job.

Reply
JlloBidly says:

January 8, 2021 at 11:14 pm

india pharmacy peoples pharmacy drug store news

Reply
risperidone cost says:

January 9, 2021 at 4:00 am

Thanks for your whole work on this website. My niece takes pleasure in working on research and it is simple to grasp why. We all notice all relating to the powerful ways you render worthwhile tricks via your website and therefore welcome response from website visitors on this topic while our own simple princess is without question understanding so much. Take pleasure in the rest of the year. Your performing a wonderful job.

Reply
https://doctorpbn.com/ says:

January 9, 2021 at 6:30 am

cialis coupons free
can you buy viagra in stores
buy himalaya shallaki Bow lah

Reply
Fimxjp says:

January 9, 2021 at 10:27 pm

brand cialis for sale – https://cialviap.com/ cheap vardenafil

Reply
FgvdWanna says:

January 10, 2021 at 6:40 am

canadian pharcharmy best drug store primer best drug store mascara

Reply
free online dating websites says:

January 10, 2021 at 12:33 pm

dating site,free local dating sites
sprung dating
free dating sites

Reply
Khthdora says:

January 10, 2021 at 8:50 pm

india pharmacy ed drugs discount pharmacy

Reply
FwsxHeegO says:

January 11, 2021 at 2:15 am

drugstore near me best canadian online pharmacy online pharmacy reviews

Reply
JtmfHeegO says:

January 11, 2021 at 7:16 am

pharmacy prices canadian pharmacies online canada pharmacy

Reply
Kennethcicle says:

January 11, 2021 at 8:07 am

ed cures that actually work https://canadarx24.com/
ed vacuum pumps

Reply
online pharmacy says:

January 11, 2021 at 1:04 pm

http://bambulapharmacy.com

Reply
Kennethcicle says:

January 11, 2021 at 6:01 pm

best ed pills https://canadarx24.com/
buy prescription drugs from canada cheap

Reply
AqwsHeegO says:

January 11, 2021 at 7:12 pm

pharmacy rx one pharmacy online best drugstore liquid eyeliner

Reply
NllpWanna says:

January 12, 2021 at 6:14 am

best drugstore setting powder http://pharmacy-onlineasxs.com/ pharmacy rx one

Reply
LokuHeegO says:

January 13, 2021 at 12:24 am

usa pharmacy dysfunction erection pills

Reply
free dating websites says:

January 13, 2021 at 6:16 am

free dating online,online dating free
free dating
free dating sites

Reply
levitra 2nd day delivery says:

January 14, 2021 at 12:34 am

pastile viagra farmacii
genuine viagra for sale
cheap levitra 20mg Bow lah

Reply
Instagram takipçi satın al ucuz says:

January 14, 2021 at 2:56 am

Takipçi ve beğeni satış profil itibarını ve kullanma amacına göre satışlarınızı artırmaktadır.

Reply
tinder sign up says:

January 14, 2021 at 7:45 am

tinder login, tinder login
tinder website

Reply
Eeqxx03 says:

January 14, 2021 at 6:16 pm

With thanks, Fantastic stuff! sildenafil

Reply
Lxflgt says:

January 14, 2021 at 10:36 pm

cialis overnight – https://edplsvici.com/ generic vardenafil

Reply
Rickygloks says:

January 15, 2021 at 1:22 am

cheap viagra online https://edcheapgeneric.com/ crmktkjs where can i buy viagra

Reply
australianmedshopcoeno says:

January 15, 2021 at 6:35 am

cialis tablets 20mg cialis legal to buy viagra online
how long before levitra works

Reply
Rickygloks says:

January 15, 2021 at 2:48 pm

how much viagra should i take the first time? https://edcheapgeneric.com/ cccgtnoc cheap viagra online canadian pharmacy

Reply
next day pills viagra says:

January 15, 2021 at 11:27 pm

viagra otc ireland
viagra dose
cheap female viagra pills Bow lah

Reply
Iotsxg says:

January 16, 2021 at 9:33 am

kamagra alternative – https://kamapll.com/ buy levitra online

Reply
SamuelVax says:

January 17, 2021 at 7:04 am

ltbn is viagra over the counter http://dietkannur.org tpyj vcbh

Reply
SamuelVax says:

January 17, 2021 at 11:51 am

bocm viagra professional http://dietkannur.org uwqb jvoh

Reply
viagparisTaisk says:

January 17, 2021 at 3:38 pm

anal viagra viagra 100 generic livraison rapide prix du viagra 25 mg en pharmacie
viagra combien de temps

Reply
Vdqfdi says:

January 17, 2021 at 6:23 pm

levitra 10mg – http://vardpill.com/ buy levitra online

Reply
SamuelVax says:

January 17, 2021 at 9:19 pm

hrvl cheapest generic viagra http://dietkannur.org xdwa imlk

Reply
SamuelVax says:

January 18, 2021 at 3:17 am

unxg buy viagra online usa http://dietkannur.org ymil jpnp

Reply
free dating site says:

January 18, 2021 at 12:31 pm

free dating site,free dating websites
free online dating,free dating http://freedatingste.com/

Reply
1stlevitEnvex says:

January 19, 2021 at 6:44 am

levitra message board online pharmacy levitra is cialis better than levitra
when will levitra generic be available in the us

Reply
Zmwjgq says:

January 19, 2021 at 6:44 am

erection pills online – http://edpropls.com/ male erection pills

Reply
Alfw90m says: