Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment

Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The information stolen from these universities was used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran. 

Google Unveils Acer’s Chromebook Tab 10 Ahead of Apple’s Education-Focused Event Tomorrow

An anonymous reader shares a report: Maybe Acer knows what Apple is up to tomorrow, maybe not. Regardless the information and communication tech company announced today the world’s first Chrome OS tablet made for the education market, the Chromebook Tab 10. Designed for use in K-12 classrooms, the 9.7-inch tablet could potentially add to Google’s Chromebook lead in the US education market and take some of the wind out of Apple’s education-focused press conference on March 27. […] Acer’s new tablet, which will sell for $329 in April, is built around a 2048×1536-resolution IPS touchscreen with 264 pixels per inch. A durable Wacom EMR stylus comes standard and stores in the tablet’s chassis that’s only 0.39-inch thick (9.98 mm). Running on a Rockchip OP1 processor, 4GB of memory and 32GB of storage, the Tab 10 fully supports Google Play giving schools access to educational Android apps.

The Latest: Senate committee seeks Zuckerberg testimony

NEW YORK (AP) — The Latest on reports that millions of Facebook users’ data was used to target political ads (all times local):2:20 p.m.The chairman of the Senate Judiciary Committee says he’s invited Facebook CEO Mark Zuckerberg to testify at a hearing next month on data privacy.Sen. Charles Grassley of Iowa says the April 10 hearing will cover how consumer data is collected, retained and distributed for commercial use. He says the hearing also will examine what steps companies like Facebook can do to better protect personal information.Grassley’s committee is the third congressional panel to seek Zuckerberg’s testimony in the wake of a privacy scandal involving Cambridge Analytica, a Trump-connected data-mining company.Several Judiciary Committee members had pressed Grassley to hold the hearing.Grassley says he’s also invited Google CEO Sundar Pichai and Twitter CEO Jack Dorsey.12:15 p.m.The chief law enforcement officers for 37 U.S. states and territories are demanding to know when Facebook learned of a huge breach of privacy protections.The officers say in a letter Monday to CEO Mark Zuckerberg that users’ trust in the social media platform is “broken.”The attorneys general are asking how Facebook monitored what these developers did with all the data they collected and whether Facebook had safeguards to prevent misuse.They also asked Zuckerberg for an update on how Facebook will allow users to more easily control the privacy of their accounts.Cambridge Analytica, a political data-mining firm, is accused of lifting data from some 50 million Facebook users to influence voters in the 2016 elections.11:55 a.m.Germany’s justice minister says she wants closer oversight of companies such as Facebook, following a meeting with executives about the abuse of users’ private data.Katarina Barley says Facebook representatives assured her Monday that such breaches wouldn’t occur again and pledged to inform those users who were affected.She added that “promises aren’t enough, though. We will need to monitor companies such as Facebook much more strictly in future and also punish breaches of data protection strongly, swiftly and painfully.”Barley said Facebook reacted “favorably” to her demand for greater transparency about the algorithms that underpin the company’s data collection.She said campaigns such as “Delete Facebook” would likely make a strong impression on the company because “in the end the currency that Facebook works with is trust.”10:50 a.m.The Federal Trade Commission is investigating Facebook’s privacy practices following a week of privacy scandals including whether the company engaged in “unfair acts” that cause “substantial injury” to consumers.Facebook’s stock, which already took a big hit last week, plunged as a result.Facebook said in a statement on Monday that the company remains “strongly committed” to protecting people’s information and that it welcomes the opportunity to answer the FTC’s questions.News outlets have reported on the FTC investigation last week, but the FTC hadn’t confirmed it until Monday. Facebook reached a settlement with the FTC in 2011 offering privacy assurances.5 a.m.Facebook CEO Mark Zuckerberg is promising to do a better job protecting user data following reports that a political consultant misused the personal information of millions of the company’s subscribers. The fact is, European regulators are already forcing him to do so.A similar data breach in the future could make Facebook liable for fines of more than $1.6 billion under the European Union’s new General Data Protection Regulation, which will be enforced from May 25. The rules, approved two years ago, also make it easier for consumers to give and withdraw consent for the use of their data and apply to any company that uses the data of EU residents, no matter where it is based.

Now Or Never: Don’t Get Left Behind In The Race To GDPR Compliance

Businesses across Europe are busy making sure they are GDPR compliant ahead of its looming deadline of May 25th. The fast-approaching legislation will give consumers more control over how their personal data is being used and significantly increases the pressure on businesses to protect and secure customer information.

SB18-085: Vulnerability Summary for the Week of March 19, 2018

2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. 2018-03-20 not yet calculated CVE-2018-8873MISC 2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018. 2018-03-18 not yet calculated CVE-2018-8765MISC 2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044. 2018-03-22 not yet calculated CVE-2018-8896MISC 2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054. 2018-03-20 not yet calculated CVE-2018-8874MISC 2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c. 2018-03-20 not yet calculated CVE-2018-8875MISC 2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. 2018-03-22 not yet calculated CVE-2018-8895MISC 2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108. 2018-03-22 not yet calculated CVE-2018-8894MISC 2345_security_guard — 2345_security_guard  In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098. 2018-03-20 not yet calculated CVE-2018-8876MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. 2018-03-24 not yet calculated CVE-2018-8998MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. 2018-03-24 not yet calculated CVE-2018-8999MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. 2018-03-24 not yet calculated CVE-2018-9000MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. 2018-03-24 not yet calculated CVE-2018-9005MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. 2018-03-24 not yet calculated CVE-2018-9006MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. 2018-03-24 not yet calculated CVE-2018-9007MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. 2018-03-24 not yet calculated CVE-2018-9001MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. 2018-03-24 not yet calculated CVE-2018-9004MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. 2018-03-24 not yet calculated CVE-2018-9002MISC advanced_systemcare_ultimate — advanced_systemcare_ultimate  In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. 2018-03-24 not yet calculated CVE-2018-9003MISC ajaxdiscussion.php — ajaxdiscussion.php  I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. 2018-03-23 not yet calculated CVE-2018-1000141MISC alkacon — opencms  Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. 2018-03-20 not yet calculated CVE-2018-8811MISC alkacon — opencms  Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. 2018-03-20 not yet calculated CVE-2018-8815MISC amd — epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips  The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. 2018-03-22 not yet calculated CVE-2018-8936MISCMISCMISCMISC amd — epyc_server_and_ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips  The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. 2018-03-22 not yet calculated CVE-2018-8930MISCMISCMISCMISC amd — epyc_server_processor_chips  The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. 2018-03-22 not yet calculated MISCMISCMISCMISC amd — ryzen_and_ryzen_pro_and_ryzen_mobile_processor_chips The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. 2018-03-22 not yet calculated MISCMISCMISCMISC amd — ryzen_and_ryzen_pro_processor_chips  The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. 2018-03-22 not yet calculated MISCMISCMISCMISC amd — ryzen_and_ryzen_pro_processor_chips  The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. 2018-03-22 not yet calculated MISCMISCMISCMISC amd — ryzen_and_ryzen_pro_processor_chips  The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. 2018-03-22 not yet calculated MISCMISCMISCMISC apache — apache_commons_components  A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress’ extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress’ zip package. 2018-03-16 not yet calculated apache — commons-email  If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called “Bounce Address”, and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String). 2018-03-20 not yet calculated apache — syncope  An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can recover sensitive security values using the fiql and orderby parameters. 2018-03-20 not yet calculated apache — syncope  An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution. 2018-03-20 not yet calculated

atlassian — bitbucket_server

  In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. 2018-03-22 not yet calculated CVE-2018-5225
BID
CONFIRM atlassian — fisheye_and_crucible
  Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. 2018-03-22 not yet calculated CVE-2017-18094
CONFIRM
CONFIRM authentikat-jwt — authentikat-jwt
  A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests. 2018-03-17 not yet calculated CVE-2017-18239
MISC
MISC
MISC beckhoff — twincat
  Kernal drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. 2018-03-23 not yet calculated CVE-2018-7502
BID
MISC
MISC bmc_remedy — action_request_system
  BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. 2018-03-24 not yet calculated CVE-2015-9257
CONFIRM bose — soundtouch_devices
  Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora. 2018-03-24 not yet calculated CVE-2017-17749
MISC bose — soundtouch_devices
  Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify. 2018-03-24 not yet calculated CVE-2017-17750
MISC bose — soundtouch_devices
  Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol. 2018-03-24 not yet calculated CVE-2017-17751
MISC bylancer — bookme_control_panel
  Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers “Book Me” function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user’s browser. 2018-03-17 not yet calculated CVE-2018-8737
MISC cloud_controller — cloud_controller
  In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication. 2018-03-19 not yet calculated CVE-2018-1195
CONFIRM cloud_foundry_foundation — garden
  In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet. 2018-03-19 not yet calculated CVE-2015-5350
CONFIRM cloud_foundry_foundation — gorouter
  In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service. 2018-03-19 not yet calculated CVE-2018-1221
CONFIRM cloud_foundry_foundation — windows_stemcells
  In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials. 2018-03-19 not yet calculated CVE-2018-1197
CONFIRM core_ftp_server — core_ftp_server
  Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry. 2018-03-20 not yet calculated CVE-2014-1215
BUGTRAQ
MISC covercms — covercms
  CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. 2018-03-23 not yet calculated CVE-2018-8957
MISC
MISC
MISC creditwest_bank — cms_project
  Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. 2018-03-24 not yet calculated CVE-2018-8972
MISC dell — storage_manager
  In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. 2018-03-16 not yet calculated CVE-2017-14384
CONFIRM
BID dell_emc — idrac
  Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server’s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. 2018-03-23 not yet calculated CVE-2018-1211
MISC dell_emc — idrac
  Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. 2018-03-23 not yet calculated CVE-2018-1207
MISC
MISC dell_emc — networker
  In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the ‘nsrd’ daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems. 2018-03-19 not yet calculated CVE-2018-1218
FULLDISC
SECTRACK dsmall — dsmall
  dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. 2018-03-22 not yet calculated CVE-2018-8906
MISC dtisqlinstaller.exe — dtisqlinstaller.exe
  Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa. 2018-03-19 not yet calculated CVE-2018-5551
MISC dtisqlinstaller.exe — dtisqlinstaller.exe
  Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, “S@l+&pepper”. 2018-03-19 not yet calculated CVE-2018-5552
MISC eaton — elcsoft
  In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. 2018-03-20 not yet calculated CVE-2018-7511
CONFIRM
BID
MISC electron — electron
  Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4. 2018-03-23 not yet calculated CVE-2018-1000136
MISC elfutils — elfutils
  elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. 2018-03-18 not yet calculated CVE-2018-8769
CONFIRM emc — data_protection_advisor
  EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: “Apollo System Test”, “emc.dpa.agent.logon” and “emc.dpa.metrics.logon”. An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges). 2018-03-16 not yet calculated CVE-2017-8013
FULLDISC
BID
SECTRACK enhavo — enhavo
  enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. 2018-03-20 not yet calculated CVE-2018-8832
MISC exiv2 — exiv2
  In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. 2018-03-24 not yet calculated CVE-2018-8977
MISC exiv2 — exiv2
  In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. 2018-03-24 not yet calculated CVE-2018-8976
MISC f5 — big-ip
  In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 – 13.1.0.3 or 12.1.0 – 12.1.3.1. 2018-03-22 not yet calculated CVE-2018-5504
SECTRACK
CONFIRM f5 — big-ip
  On F5 BIG-IP versions 13.0.0 – 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. 2018-03-22 not yet calculated CVE-2018-5502
SECTRACK
CONFIRM f5 — big-ip
  SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack. 2018-03-19 not yet calculated CVE-2014-4024
XF
CONFIRM f5 — big-ip
  On F5 BIG-IP versions 13.0.0 or 12.1.0 – 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. 2018-03-22 not yet calculated CVE-2018-5509
SECTRACK
CONFIRM f5 — big-ip
  On F5 BIG-IP versions 13.1.0 – 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. 2018-03-22 not yet calculated CVE-2018-5505
SECTRACK
CONFIRM f5 — big-ip
  On F5 BIG-IP versions 13.0.0 – 13.1.0.3 or 12.0.0 – 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. 2018-03-22 not yet calculated CVE-2018-5503
SECTRACK
CONFIRM flafla — arsenol
  Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0534
JVN flafla — arsenol
  Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi. 2018-03-22 not yet calculated CVE-2018-0536
JVN fortinet — fortiweb
  An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 and above under “Signed Security Mode”, allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. A fix is scheduled in upcoming FortiWeb v6.1.0. 2018-03-20 not yet calculated CVE-2017-14191
BID
CONFIRM frog_cms — frog_cms
  An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. 2018-03-22 not yet calculated CVE-2014-4912
EXPLOIT-DB functions.php — functions.php
  I, Librarian version 4.8 and earlier contains a SSRF vulnerability in “url” parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. 2018-03-23 not yet calculated CVE-2018-1000138
MISC
MISC general_electric — centricity_pacs_ra1000_devices
  GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14008
BID
MISC general_electric — gemnet_license_server
  GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14004
MISC general_electric — infinia_and_infinia_with_hawkeye_4_medical_imaging_systems
  GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14002
BID
MISC general_electric — xeleris_medical_imaging_systems
  GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. 2018-03-20 not yet calculated CVE-2017-14006
MISC gentoo — collectd
  The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped). 2018-03-18 not yet calculated CVE-2017-18240
BID
CONFIRM
GENTOO geutebruck — ip_cameras Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. 2018-03-22 not yet calculated CVE-2018-7532
BID
MISC geutebruck — ip_cameras
  A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. 2018-03-22 not yet calculated CVE-2018-7516
BID
MISC geutebruck — ip_cameras
  A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. 2018-03-22 not yet calculated CVE-2018-7524
BID
MISC geutebruck — ip_cameras
  An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. 2018-03-22 not yet calculated CVE-2018-7520
BID
MISC geutebruck — ip_cameras
  An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. 2018-03-22 not yet calculated CVE-2018-7528
BID
MISC geutebruck — ip_cameras
  A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. 2018-03-22 not yet calculated CVE-2018-7512
BID
MISC gitlab — community_and_enterprise_editions
  Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. 2018-03-21 not yet calculated CVE-2018-3710
CONFIRM
MISC
CONFIRM
MISC
DEBIAN gitlab — community_and_enterprise_editions
  Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance’s database. 2018-03-21 not yet calculated CVE-2017-0914
CONFIRM
MISC gitlab — community_and_enterprise_editions
  GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. 2018-03-22 not yet calculated CVE-2017-0920
CONFIRM
MISC gitlab — community_edition
  Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting. 2018-03-21 not yet calculated CVE-2017-0924
CONFIRM
MISC gitlab — community_edition
  Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. 2018-03-21 not yet calculated CVE-2017-0915
CONFIRM
MISC
DEBIAN gitlab — community_edition
  Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. 2018-03-21 not yet calculated CVE-2017-0917
CONFIRM
MISC
DEBIAN gitlab — community_edition
  Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. 2018-03-21 not yet calculated CVE-2017-0926
CONFIRM
CONFIRM
DEBIAN gitlab — community_edition
  Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. 2018-03-21 not yet calculated CVE-2017-0918
CONFIRM
MISC
DEBIAN gitlab — community_edition
  Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. 2018-03-21 not yet calculated CVE-2017-0927
CONFIRM
CONFIRM gitlab — community_edition
  Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. 2018-03-21 not yet calculated CVE-2017-0916
CONFIRM
MISC
DEBIAN gitlab — community_edition
  Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting. 2018-03-21 not yet calculated CVE-2017-0923
CONFIRM
MISC gitlab — enterprise_edition
  Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. 2018-03-21 not yet calculated CVE-2017-0925
CONFIRM
CONFIRM
DEBIAN gitlab — enterprise_edition
  Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. 2018-03-21 not yet calculated CVE-2017-0922
CONFIRM
MISC gitlab — gitlab
  The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. 2018-03-24 not yet calculated CVE-2018-8971
MISC gnome — networkmanager
  GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network’s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. 2018-03-20 not yet calculated CVE-2018-1000135
BID
CONFIRM
CONFIRM
CONFIRM gnu — binutils
  The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. 2018-03-22 not yet calculated CVE-2018-8945
MISC wire.com — wire_application_for_android
  The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. 2018-03-22 not yet calculated CVE-2018-8909
MISC grav_cms — grav_cms
  Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. 2018-03-19 not yet calculated CVE-2018-5233
MLIST
MISC gundam_cult_qqq — qqq_systems
  Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi. 2018-03-22 not yet calculated CVE-2018-0537
JVN gundam_cult_qqq — qqq_systems
  Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0538
JVN gundam_cult_qqq — qqq_systems
  QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0539
JVN heimdal_security — heimdal_pro_and_heimdal_free_and_heimdal_corp
  A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory “C:\ProgramData\Heimdal Security\Heimdal Agent” allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. 2018-03-22 not yet calculated CVE-2018-5349
MISC heimdal_security — heimdal_pro
  An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerablity is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. 2018-03-22 not yet calculated CVE-2018-5731
MISC hisayuki_nomura — tiny_ftp_daemon
  Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0541
JVN huawei — fusionsphere_openstack
  Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users’ certificates. Successful exploit may cause privilege escalation. 2018-03-20 not yet calculated CVE-2017-8187
CONFIRM huawei — hg532
  Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. 2018-03-20 not yet calculated CVE-2017-17215
CONFIRM
BID huawei — iptv_stb
  Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free. 2018-03-20 not yet calculated CVE-2017-8176
MISC
CONFIRM huawei — mate_9_pro_smartphones
  Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. 2018-03-20 not yet calculated CVE-2017-17320
CONFIRM huawei — multiple_devices
  DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. 2018-03-23 not yet calculated CVE-2017-15326
CONFIRM huawei — multiple_smartphones
  Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal. 2018-03-20 not yet calculated CVE-2017-17306
CONFIRM huawei — p9_smartphones
  Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure. 2018-03-20 not yet calculated CVE-2017-17319
CONFIRM huawei — smartphones_with_vns-l21autc555b141_software
  Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal. 2018-03-20 not yet calculated CVE-2017-17307
CONFIRM ibm — data_server_driver_for_jdbc_and_sqlj
  IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999. 2018-03-22 not yet calculated CVE-2017-1677
CONFIRM
BID
MISC ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043. 2018-03-22 not yet calculated CVE-2018-1448
CONFIRM
MISC ibm — db2_for_linux_and_unix_and_windows
  IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853. 2018-03-22 not yet calculated CVE-2017-1571
CONFIRM
MISC ibm — gskit
  IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072. 2018-03-22 not yet calculated CVE-2018-1427
CONFIRM
MISC ibm — gskit
  IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073. 2018-03-22 not yet calculated CVE-2018-1428
CONFIRM
MISC ibm — gskit
  IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071. 2018-03-22 not yet calculated CVE-2018-1426
CONFIRM
MISC ibm — ibm_connections
  Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354. 2018-03-20 not yet calculated CVE-2015-7458
CONFIRM
XF ibm — ibm_connections
  Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355. 2018-03-20 not yet calculated CVE-2015-7459
CONFIRM
XF ibm — ibm_connections
  Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356. 2018-03-20 not yet calculated CVE-2015-7460
CONFIRM
XF ibm — ibm_connections
  XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. 2018-03-20 not yet calculated CVE-2015-7461
CONFIRM
XF ibm — ibm_jazz_foundation
  IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379. 2018-03-23 not yet calculated CVE-2017-1655
CONFIRM
BID
MISC ibm — ibm_jazz_foundation
  IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006. 2018-03-23 not yet calculated CVE-2017-1762
CONFIRM
BID
MISC ibm — ibm_jazz_foundation
  IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127. 2018-03-23 not yet calculated CVE-2017-1629
CONFIRM
BID
MISC ibm — ibm_jazz_foundation
  IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970. 2018-03-23 not yet calculated CVE-2017-1524
CONFIRM
BID
MISC ibm — ibm_jazz_foundation
  IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221. 2018-03-20 not yet calculated CVE-2015-7449
CONFIRM
XF ibm — mq_appliance
  IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. 2018-03-23 not yet calculated CVE-2018-1429
CONFIRM
BID
SECTRACK
MISC ibm — predictive_solutions_foundation
  IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619. 2018-03-22 not yet calculated CVE-2016-9711
CONFIRM
MISC ibm — rational_collaborative_lifecycle_management
  IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625. 2018-03-23 not yet calculated CVE-2017-1602
CONFIRM
BID
MISC ibm — tivoli_monitoring_v6
  IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. 2018-03-22 not yet calculated CVE-2017-1789
CONFIRM
MISC ibm — websphere_application_server_9
  IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. 2018-03-22 not yet calculated CVE-2017-1788
CONFIRM
MISC identityserver — identityserver4
  IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. 2018-03-22 not yet calculated CVE-2018-8899
MISC
MISC
MISC
MISC imagemagick — imagemagick
  WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. 2018-03-20 not yet calculated CVE-2018-8804
CONFIRM imagemagick — imagemagick
  The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. 2018-03-23 not yet calculated CVE-2018-8960
MISC intel — sgx_sdk
  Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information. 2018-03-20 not yet calculated CVE-2018-3626
BID
CONFIRM intel — software_guard_extensions_platform_software_component
  An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator. 2018-03-20 not yet calculated CVE-2017-5736
BID
CONFIRM invision_power_board — invision_power_board
  SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. 2018-03-20 not yet calculated CVE-2014-4928
MISC jboss — enterprise_application_platform_and_application_server The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a ‘%’ character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren’t tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed. 2018-03-19 not yet calculated CVE-2014-3626
CONFIRM joyent_smartos — joyent_smartos
  This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106. 2018-03-19 not yet calculated CVE-2018-1171
CONFIRM
MISC joyplus-cms — joyplus-cms
  joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. 2018-03-18 not yet calculated CVE-2018-8767
MISC joyplus-cms — joyplus-cms
  joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. 2018-03-18 not yet calculated CVE-2018-8766
MISC jungo_connectivity — driverwizard_windriver
  windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file. 2018-03-20 not yet calculated CVE-2018-8821
MISC jupyter_notebook — jupyter_notebook
  In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is ‘fixed’ by jQuery after sanitization, making it dangerous. 2018-03-18 not yet calculated CVE-2018-8768
CONFIRM k_okada — vix
  Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-03-22 not yet calculated CVE-2018-0540
JVN kagaminokuni — php_2chbbs
  Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0535
JVN kamailio — kamailio
  A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c. 2018-03-20 not yet calculated CVE-2018-8828
MISC
MISC
DEBIAN kentico — kentico
  Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. 2018-03-23 not yet calculated CVE-2017-17736
MISC kentico — kentico
  Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. 2018-03-19 not yet calculated CVE-2018-6842
MISC kentico — kentico
  Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. 2018-03-19 not yet calculated CVE-2018-6843
MISC libav — libav
  The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file. 2018-03-22 not yet calculated CVE-2017-18242
MISC libav — libav
  The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file. 2018-03-23 not yet calculated CVE-2017-18245
MISC libav — libav
  The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file. 2018-03-23 not yet calculated CVE-2017-18247
MISC libav — libav
  The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply. 2018-03-22 not yet calculated CVE-2017-18244
MISC libav — libav
  The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file. 2018-03-23 not yet calculated CVE-2017-18246
MISC libav — libav
  The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file. 2018-03-22 not yet calculated CVE-2017-18243
MISC libevt — libevt
  The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. 2018-03-17 not yet calculated CVE-2018-8754
MISC libming — libming
  In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. 2018-03-24 not yet calculated CVE-2018-9009
MISC libming — libming
  In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8961
MISC libming — libming
  In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8962
MISC libming — libming
  In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8964
MISC libming — libming
  In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-20 not yet calculated CVE-2018-8807
MISC libming — libming
  In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-03-23 not yet calculated CVE-2018-8963
MISC libming — libming
  In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file. 2018-03-20 not yet calculated CVE-2018-8806
MISC libressl — libressl
  The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. 2018-03-24 not yet calculated CVE-2018-8970
MISC
MISC
MISC libtiff — libtiff
  In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. 2018-03-22 not yet calculated CVE-2018-8905
MISC
MISC linux — linux_kernel
  A flaw was found in the Linux 4.x kernel’s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. 2018-03-16 not yet calculated CVE-2018-1068
BID
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST linux — linux_kernel
  fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. 2018-03-21 not yet calculated CVE-2017-18241
MISC
MISC linux — linux_kernel
  Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. 2018-03-20 not yet calculated CVE-2018-8822
BID
CONFIRM lunarnight — laboratory_webproxy
  Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors. 2018-03-22 not yet calculated CVE-2018-0542
JVN malwarebytes — anti-malware_consumer_version
  A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. 2018-03-21 not yet calculated CVE-2016-10717
MISC
MISC
MISC
MISC
MISC maradns — maradns
  Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error. 2018-03-20 not yet calculated CVE-2014-2031
CONFIRM
MLIST
SECTRACK
CONFIRM
XF maradns — maradns
  Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation. 2018-03-20 not yet calculated CVE-2014-2032
CONFIRM
MLIST
BID
SECTRACK
CONFIRM
XF meco — usb_memory_stick_with_fingerprint_mecoziolsamde601_devices
  An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint. 2018-03-22 not yet calculated CVE-2017-16242
MISC
MISC
MISC
MISC micro_focus — netiq_edirectory
  Addresses denial of service attack to eDirectory versions prior to 9.1. 2018-03-21 not yet calculated CVE-2018-1346
BID
CONFIRM micro_focus — netiq_imanager
  The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. 2018-03-21 not yet calculated CVE-2018-1347
BID
CONFIRM micro_focus — netiq_imanager
  NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. 2018-03-21 not yet calculated CVE-2018-1345
CONFIRM micro_focus — netiq_imanager
  Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 2018-03-21 not yet calculated CVE-2018-1344
CONFIRM mikrotik — routeros_smb
  A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. 2018-03-19 not yet calculated CVE-2018-7445
FULLDISC
BID
MISC
EXPLOIT-DB misp — misp
  In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. 2018-03-23 not yet calculated CVE-2018-8948
CONFIRM misp — misp
  An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute. 2018-03-23 not yet calculated CVE-2018-8949
CONFIRM ncr — s1_dispenser_controller
  Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. 2018-03-20 not yet calculated CVE-2017-17668
CONFIRM ncr — s2_dispenser_controller
  Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. 2018-03-20 not yet calculated CVE-2018-5717
CONFIRM nessus — nessus
  When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. 2018-03-20 not yet calculated CVE-2018-1141
SECTRACK
CONFIRM netpbm — netpbm
  The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask. 2018-03-24 not yet calculated CVE-2018-8975
MISC netwide_assembler — netwide_assembler
  Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. 2018-03-20 not yet calculated CVE-2018-8883
MISC netwide_assembler — netwide_assembler
  Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. 2018-03-20 not yet calculated CVE-2018-8881
MISC netwide_assembler — netwide_assembler
  Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. 2018-03-20 not yet calculated CVE-2018-8882
MISC omron — cx-supervisor
  In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets. 2018-03-21 not yet calculated CVE-2018-7515
BID
MISC omron — cx-supervisor
  In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. 2018-03-21 not yet calculated CVE-2018-7517
BID
MISC omron — cx-supervisor
  In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. 2018-03-21 not yet calculated CVE-2018-7519
BID
MISC omron — cx-supervisor
  In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. 2018-03-21 not yet calculated CVE-2018-7521
BID
MISC omron — cx-supervisor
  In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. 2018-03-21 not yet calculated CVE-2018-7523
BID
MISC omron — cx-supervisor
  In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. 2018-03-21 not yet calculated CVE-2018-7525
BID
MISC omron — cx-supervisor
  In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. 2018-03-21 not yet calculated CVE-2018-7513
BID
MISC open_web_analytics — open_web_analytics
  Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. 2018-03-20 not yet calculated CVE-2014-1457
CONFIRM
BID
XF
MISC openbuildservice — openbuildservice
  In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. 2018-03-20 not yet calculated CVE-2011-3178
CONFIRM
CONFIRM opencart — opencart
  The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. 2018-03-20 not yet calculated CVE-2014-3990
MISC
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM opendaylight — opendaylight
  OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. 2018-03-16 not yet calculated CVE-2018-1078
MISC
CONFIRM openscape_development_service — openscape_development_service
  SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2018-03-19 not yet calculated CVE-2014-2652
CONFIRM opmantek — open-audit_professional
  Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. 2018-03-22 not yet calculated CVE-2018-8903
MISC otcms — otcms
  OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. 2018-03-24 not yet calculated CVE-2018-8973
MISC owncloud — owncloud
  Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. 2018-03-20 not yet calculated CVE-2014-1665
MISC
BID
XF
MISC
EXPLOIT-DB philips — intellispace_cardiovascular_application
  Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information. 2018-03-20 not yet calculated CVE-2018-5438
BID
MISC
CONFIRM phpok — phpok
  PHPOK 4.8.338 has an arbitrary file upload vulnerability. 2018-03-22 not yet calculated CVE-2018-8944
MISC phpshe — phpshe
  There is a SQL injection in the PHPSHE 1.6 userbank parameter. 2018-03-22 not yet calculated CVE-2018-8943
MISC pivotal — gemfire
  The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. 2018-03-16 not yet calculated CVE-2016-9880
BID
CONFIRM pivotal — pivotal_application_service
  Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links. 2018-03-16 not yet calculated CVE-2018-1200
BID
CONFIRM pivotal — spring_batch_admin
  Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life. 2018-03-21 not yet calculated CVE-2018-1229
BID
CONFIRM pivotal — spring_batch_admin
  Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. 2018-03-21 not yet calculated CVE-2018-1230
BID
CONFIRM pivotal — spring_boot
  Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the “run_user” to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the “run_user” requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. 2018-03-19 not yet calculated CVE-2018-1196
CONFIRM prague — smart_phones
  The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution. 2018-03-23 not yet calculated CVE-2017-15325
CONFIRM qos.ch_slf4j — qos.ch_slf4j
  org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. 2018-03-20 not yet calculated CVE-2018-8088
MISC
MISC
MISC radare2 — radare2
  In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. 2018-03-20 not yet calculated CVE-2018-8808
MISC radare2 — radare2
  In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. 2018-03-20 not yet calculated CVE-2018-8809
MISC radare2 — radare2
  In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. 2018-03-20 not yet calculated CVE-2018-8810
MISC radosgw — radosgw
  In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn’t handle malformed HTTP headers properly, allowing for denial of service. 2018-03-19 not yet calculated CVE-2018-7262
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
FEDORA rsyslog_librelp — rsyslog_librelp
  rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. 2018-03-23 not yet calculated CVE-2018-1000140
MISC
MISC seafile  — seafile_server_and_server_professional_edition
  Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts. 2018-03-19 not yet calculated CVE-2014-5443
MLIST
BID
XF
CONFIRM
CONFIRM securebrain_corporation — installer_of_phishwall_client_firefox_and_chrome_edition_for_windows
  Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-03-22 not yet calculated CVE-2018-0552
JVN
CONFIRM siemans — simatic_and_sinumerik_and_profinet_io
  A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions), SIMATIC S7-400 H V6 (All versions), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions), SINUMERIK 840D sl (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. 2018-03-20 not yet calculated CVE-2018-4843
BID
CONFIRM siemans — simatic_wincc_oa_ui_for_android_and__simatic_wincc_oa_ui_for_ios
  A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app’s sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app’s folder on a mobile device. The vulnerability could allow reading data from and writing data to the app’s folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. 2018-03-20 not yet calculated CVE-2018-4844
BID
CONFIRM sqlite — sqlite
  In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. 2018-03-16 not yet calculated CVE-2018-8740
BID
MISC
MISC
MISC
MISC squirrelmail — squirrelmail
  A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. 2018-03-17 not yet calculated CVE-2018-8741
MISC
SECTRACK
MISC
MISC
MISC stable.php — stable.php
  I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in “id” parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user. 2018-03-23 not yet calculated CVE-2018-1000139
MISC
MISC synology — photo_station
  Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. 2018-03-22 not yet calculated CVE-2017-16771
CONFIRM synology — photo_station
  Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. 2018-03-22 not yet calculated CVE-2017-16772
CONFIRM tenda — ac15_router
  A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. 2018-03-20 not yet calculated CVE-2018-5768
MISC tenda — ac15_router
  An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. 2018-03-20 not yet calculated CVE-2018-5770
MISC truecrypt — truecrypt
  The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. 2018-03-19 not yet calculated CVE-2014-2884
MLIST
MISC truecrypt — truecrypt
  Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. 2018-03-19 not yet calculated CVE-2014-2885
MLIST
MISC ubiquiti_networks — edgeos
  Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. 2018-03-22 not yet calculated CVE-2017-0935
CONFIRM
MISC ubiquiti_networks — edgeos
  Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system. 2018-03-22 not yet calculated CVE-2017-0932
CONFIRM
MISC ubiquiti_networks — edgeos
  Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system. 2018-03-22 not yet calculated CVE-2017-0933
CONFIRM
MISC ubiquiti_networks — edgeos
  Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. 2018-03-22 not yet calculated CVE-2017-0934
CONFIRM
MISC ucopia — wireless_appliance_devices
  Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account. 2018-03-22 not yet calculated CVE-2017-17743
MISC unboundid — ldap_sdk_for_java
  UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn’t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6. 2018-03-16 not yet calculated CVE-2018-1000134
BID
CONFIRM users.php — users.php
  I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator’s knowledge. 2018-03-23 not yet calculated CVE-2018-1000137
MISC wampserver — wampserver
  Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. 2018-03-19 not yet calculated CVE-2018-8732
MISC

western_bridge — cobub_razor

2008 was the earliest use of the word “mansplain”

Rebecca Solnit’s 2008 essay “Men who explain things” popularized the concept and the general awareness of this gentlemanly practice, but the word itself was not used therein. Instead, “Mansplain” was apparently first uttered on Livejournal a few weeks later by phosfate, a now-vanished psuedonymous user. This is revealed in Merriam-Webster’s new official definition, crediting Know your Meme for the discovery. [via Kottke]

Cops Are Now Opening iPhones With Dead People’s Fingerprints

An anonymous reader shares a report: In November 2016, around seven hours after Abdul Razak Ali Artan had mowed down a group of people in his car, gone on a stabbing spree with a butcher’s knife and been shot dead by a police officer on the grounds of Ohio State University, an FBI agent applied the bloodied body’s index finger to the iPhone found on the deceased. The cops hoped it would help them access the Apple device to learn more about the assailant’s motives and Artan himself.

This is according to FBI forensics specialist Bob Moledor, who detailed for Forbes the first known case of police using a deceased person’s fingerprints in an attempt to get past the protections of Apple’s Touch ID technology. Unfortunately for the FBI, Artan’s lifeless fingerprint didn’t unlock the device. In the hours between his death and the attempt to unlock, when the feds had to go through legal processes regarding access to the smartphone, the iPhone had gone to sleep and when reopened required a passcode, Moledor said. He sent the device to a forensics lab which managed to retrieve information from the iPhone, the FBI phone expert and a Columbus officer who worked the case confirmed. That data helped the authorities determine that Artan’s failed attempt to murder innocents may have been a result of ISIS-inspired radicalization.

City Of Atlanta Hit With Ransomware

City of Atlanta has been hit by a ransomware attack, causing outages across internal and customer-facing applications. The cybercriminals are requesting a payment of $6,800 to unlock each computer or $51,000 for all of the needed keys. As of now, the city hasn’t paid and has assured citizens the systems will be restored soon. The FBI is currently investigating to find out who is responsible. You can view the tweet from the city here. IT security experts commented below.

Facebook Woes Continue as FTC Opens Data Privacy Probe

The Federal Trade Commission on Monday announced it is launching an investigation into Facebook’s data privacy practices. The announcement is another kick to Facebook, which has been grappling with the fallout from a scandal where data from the social media platform leaked through a third-party app.

IDG Contributor Network: Cyber insurance: data breach, business interruption and beyond

In today’s market, no growing business can isolate itself from online communications and commerce. Yet avoiding the internet entirely is the only way to guarantee your company will not be exposed to cyber threats. Once a business is online it will always be exposed to some residual risk it cannot feasibly address in a disaster recovery plan, business continuity plan, or through an information security technology solution.

IDG Contributor Network: Filter this

Few of us think about filters until we take our car in for its 50,000-mile service. Looking at the service invoice, there’s an air filter, oil filter, fuel filter, cabin air filter, transmission filter…