https://web.nvd.nist.gov/view/vuln/search This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database. 2018-01-11T15:00:08Z en-us This material is not copywritten and may be freely used, however, attribution is requested. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2576 SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. 2017-12-20T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3353 The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader 2018-01-09T02:29:02Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4364 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7400 The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. 2017-12-29T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0120 Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." 2017-12-29T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0121 The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. 2017-12-29T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-10069 Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field. 2018-01-07T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1858 __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1859 (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2071 Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3607 DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3630 XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. 2017-12-29T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4337 The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. 2014-06-22T21:55:03Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4338 cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. 2014-06-22T21:55:03Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4972 Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4978 The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. 2017-12-29T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4991 (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4992 lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4993 (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4994 lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4995 Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4996 lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4997 lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4998 test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4999 vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5000 The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5001 lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5002 The lynx gem 0.2.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5003 chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5004 lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5069 Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5071 SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5334 FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5394 Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5509 clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7221 TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7222 Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8119 The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. 2017-12-29T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9515 Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. 2017-12-29T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1208 Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. 2018-01-09T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1290 The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. 2018-01-09T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2318 The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2319 The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2320 The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3302 The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." 2017-12-29T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4100 Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." 2017-12-21T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7224 puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. 2017-12-21T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7668 Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. 2017-12-27T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10256 The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. 2018-01-10T02:29:31Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10257 The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. 2018-01-10T02:29:31Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. 2017-12-29T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6810 In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. 2018-01-10T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6914 Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. 2017-12-27T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9722 IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737. 2018-01-10T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0301 In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0304 A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000415 MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. 2018-01-09T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000428 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. 2018-01-10T02:29:31Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000429 rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000465 Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code. 2018-01-09T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10907 Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. 2017-12-22T14:29:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10909 Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-12-22T14:29:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10910 MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. 2017-12-28T02:29:03Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11003 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11066 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11069 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow. 2018-01-10T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11079 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11080 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11081 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11305 A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. 2017-12-13T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11695 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. 2017-12-27T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11696 Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. 2017-12-27T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11697 The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. 2017-12-27T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11698 Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. 2017-12-27T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12169 It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. 2018-01-10T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12189 It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656. 2018-01-10T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12622 When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. 2018-01-10T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12695 An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12697 A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13056 The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. 2017-12-27T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14022 An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. 2017-12-23T00:29:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14387 The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability." 2017-12-20T23:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14589 It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. 2017-12-13T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1459 IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378. 2018-01-10T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14869 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14870 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14873 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14879 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1493 IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691. 2018-01-09T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15048 Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. 2017-12-19T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15049 The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. 2017-12-19T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15124 VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15129 A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. 2018-01-09T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15131 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15307 Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information. 2017-12-22T17:29:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15311 The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. 2017-12-22T17:29:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15322 Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. 2017-12-22T17:29:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1533 IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. 2018-01-10T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1534 IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. 2018-01-10T17:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15662 In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15663 In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. 2018-01-10T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15664 In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15665 In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15717 A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0. 2018-01-10T14:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15845 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15847 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15848 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15849 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition. 2018-01-10T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15850 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15883 Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. 2018-01-08T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15913 The Installer in Whale allows DLL hijacking. 2018-01-08T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15941 Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1612 IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. 2018-01-09T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1623 IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. 2018-01-10T17:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16514 Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. 2018-01-10T17:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1666 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540. 2018-01-09T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1668 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. 2018-01-09T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1670 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637. 2018-01-09T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1671 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638. 2018-01-09T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16727 A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. 2017-12-22T02:29:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16740 A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16766 An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. 2017-12-22T14:29:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16768 Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. 2017-12-27T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16786 The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. 2017-12-19T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16876 Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. 2017-12-29T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16878 Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1698 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. 2017-12-27T17:08:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16995 The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension. 2017-12-27T17:08:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16996 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling. 2017-12-27T17:08:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17010 Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-12-27T17:08:17Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17408 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101. 2017-12-21T14:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17409 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102. 2017-12-21T14:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17410 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116. 2017-12-21T14:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17411 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0 WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892. 2017-12-21T14:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17485 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17558 The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. 2017-12-12T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17562 Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0. 2017-12-12T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17662 Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a "GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts." request. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17692 Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. 2017-12-21T19:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17719 A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. 2017-12-19T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17744 A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. 2017-12-19T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17746 Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. 2017-12-20T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17752 Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4. 2017-12-20T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17759 Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service). 2017-12-19T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17760 OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. 2017-12-29T18:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17780 The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. 2017-12-20T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17805 The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. 2017-12-20T23:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17806 The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. 2017-12-20T23:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17807 The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. 2017-12-20T23:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17809 In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. 2017-12-20T23:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17821 WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. 2017-12-21T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17831 GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. 2017-12-21T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17841 Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17843 An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. 2017-12-27T17:08:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17844 An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue. 2017-12-27T17:08:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17845 An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. 2017-12-27T17:08:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17846 An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. 2017-12-27T17:08:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17847 An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format. 2017-12-27T17:08:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17848 An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text. 2017-12-27T17:08:19Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17850 An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17852 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17853 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17854 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17855 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17856 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17857 The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17862 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17863 kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17864 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17868 In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17869 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17873 Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. 2017-12-27T17:08:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17876 Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17891 Readymade Video Sharing Script has CSRF via user-profile-edit.php. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17892 Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17893 Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17894 Readymade Job Site Script has CSRF via the /job URI. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17895 Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17896 Readymade Job Site Script has XSS via the keyword parameter to the /job URI. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17897 SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17898 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17899 SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. 2017-12-27T17:08:21Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17900 SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17903 FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17904 FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17905 PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17906 PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17907 PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17908 PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17909 PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17911 packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17916 ** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. 2017-12-29T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17917 ** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. 2017-12-29T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17919 ** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. 2017-12-29T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17920 ** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. 2017-12-29T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17924 PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17925 PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17926 PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17927 PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17928 PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17929 PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17930 PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17931 PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17932 A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17935 The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. 2017-12-27T17:08:22Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17936 Vanguard Marketplace Digital Products PHP has CSRF via /search. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17937 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17938 PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17939 PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17940 PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17941 PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17942 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. 2017-12-28T06:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17946 A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action. 2018-01-10T20:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17973 In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. 2017-12-29T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17975 Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. 2017-12-30T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17981 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17982 PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17983 PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17984 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17985 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17986 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17987 PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17988 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17989 Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17990 Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17991 Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17992 Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17993 Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17994 Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17995 Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. 2017-12-30T04:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18023 Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18024 AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18025 cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter. 2018-01-09T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18026 Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536. 2018-01-10T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3765 In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. 2018-01-10T18:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4940 The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. 2017-12-20T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4949 VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. 2018-01-11T14:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4950 VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. 2018-01-11T14:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5254 In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5255 In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5256 In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5257 In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5258 In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5259 In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5260 In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5261 In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. 2017-12-20T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 2018-01-04T13:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5971 SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6129 In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6133 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6139 In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6140 On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6151 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6164 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6167 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. 2017-12-21T17:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7536 In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). 2018-01-10T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7559 In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. 2018-01-10T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7997 Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp. 2018-01-08T19:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7998 Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp. 2018-01-08T19:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9663 An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9689 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9705 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9712 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9795 When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution. 2018-01-10T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9796 When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. 2018-01-10T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0001 A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0002 On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0003 A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3R12 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0004 A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0005 QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0006 A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0007 An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0008 An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0009 On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0010 A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0011 A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0012 Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0013 A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0014 Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25. 2018-01-10T22:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0118 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264. 2018-01-11T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0764 Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0784 ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0785 ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0786 Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 and .NET Core 1.0 and 2.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0789 Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0790 Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0791 Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0792 Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0793 Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0794 Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0795 Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0796 Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0797 Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0798 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0799 Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0801 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0802 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0804 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0805 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0806 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0807 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806. 2018-01-10T01:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0812 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability". 2018-01-10T01:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0818 Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass". 2018-01-10T01:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0819 Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac." 2018-01-10T01:29:01Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2360 SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. 2018-01-09T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2361 In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. 2018-01-09T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2362 A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. 2018-01-09T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2363 SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. 2018-01-09T15:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3610 SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3815 The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4871 An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. 2018-01-09T21:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5071 Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. 2018-01-08T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5205 When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. 2018-01-06T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5206 When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. 2018-01-06T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5207 When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. 2018-01-06T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5208 In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. 2018-01-06T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5211 PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. 2018-01-09T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5221 Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property. 2018-01-09T16:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5259 Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. 2018-01-08T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5263 The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. 2018-01-08T23:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5266 Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1. 2018-01-08T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5267 Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. 2018-01-08T03:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5268 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5269 In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5270 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5271 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5272 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5273 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5274 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5275 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5276 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5277 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5278 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5279 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. 2018-01-08T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5280 SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. 2018-01-08T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5281 SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. 2018-01-08T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282 Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. 2018-01-08T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5283 The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. 2018-01-08T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5284 The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5285 The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5286 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5287 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5288 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5289 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5290 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5291 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5292 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5293 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5294 In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5295 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5296 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. 2018-01-08T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5298 In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file. 2018-01-08T08:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5301 Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. 2018-01-08T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5308 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. 2018-01-09T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5309 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. 2018-01-09T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5310 In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. 2018-01-09T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5311 The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. 2018-01-09T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5312 The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. 2018-01-09T05:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5316 The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. 2018-01-09T22:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5331 Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. 2018-01-10T09:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5332 In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). 2018-01-11T07:29:00Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5333 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. 2018-01-11T07:29:00Z