Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-0114 |
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header. Published: January 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-0104 |
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857. Published: January 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.6 CRITICAL V2.0: 9.3 HIGH |
CVE-2018-0103 |
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839. Published: January 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-8046 |
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. Published: January 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-18020 |
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598. Published: January 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.4 HIGH V2.0: 7.2 HIGH |
CVE-2017-14383 |
In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application. Published: January 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18019 |
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer. Published: January 03, 2018; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2017-18018 |
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Published: January 03, 2018; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.7 MEDIUM V2.0: 1.9 LOW |
CVE-2018-5088 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5087 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5086 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5085 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5084 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5083 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5082 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5081 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5080 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5079 |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130. Published: January 03, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5078 |
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. Published: January 03, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-5077 |
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. Published: January 03, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |