CVE List - 2018 / March
Showing 1 - 100 of 1337 CVEs for March 2018 (Page 1 of 14)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-7550 | 2018-03-01 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr,... |
| CVE-2017-18207 | 2018-03-01 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a... |
| CVE-2017-18208 | 2018-03-01 | The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX... |
| CVE-2017-12627 | 2018-03-01 | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. |
| CVE-2018-7561 | 2018-03-01 | Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. |
| CVE-2017-6150 | 2018-03-01 | Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may... |
| CVE-2017-6154 | 2018-03-01 | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of... |
| CVE-2018-5500 | 2018-03-01 | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile... |
| CVE-2018-5501 | 2018-03-01 | In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow... |
| CVE-2018-2365 | 2018-03-01 | SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2018-2367 | 2018-03-01 | ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path... |
| CVE-2018-2368 | 2018-03-01 | SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. |
| CVE-2018-5314 | 2018-03-01 | Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed... |
| CVE-2018-7573 | 2018-03-01 | An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application;... |
| CVE-2018-2380 | 2018-03-01 | SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through... |
| CVE-2018-7579 | 2018-03-01 | \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. |
| CVE-2018-7584 | 2018-03-01 | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in... |
| CVE-2017-14798 | 2018-03-01 | local privilege escalation in SUSE postgresql init script |
| CVE-2017-14799 | 2018-03-01 | XSS Vulnerability with ESP URL |
| CVE-2017-14800 | 2018-03-01 | Reflected xss on Access Manager iManager UI |
| CVE-2017-14804 | 2018-03-01 | package builds could use directory traversal to write outside of target area |
| CVE-2017-5188 | 2018-03-01 | OBS worker VM escape via relative symbolic links |
| CVE-2017-7426 | 2018-03-01 | iManager - XML External Entity vulnerabilities |
| CVE-2017-7435 | 2018-03-01 | libzypp accepts unsigned 3rd party repo without warning |
| CVE-2017-7436 | 2018-03-01 | libzypp accepts unsigned packages even when configured to check signatures |
| CVE-2017-9268 | 2018-03-01 | open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions |
| CVE-2017-9269 | 2018-03-01 | lack of keypinning in libzypp could lead to repository switching |
| CVE-2017-9270 | 2018-03-01 | post-auth arbitrary file write on cryptctl server |
| CVE-2017-9271 | 2018-03-01 | proxy credentials written to log files by zypper |
| CVE-2017-9274 | 2018-03-01 | osc executes spec code during "osc commit" |
| CVE-2017-9286 | 2018-03-01 | nextcloud package security issues with /srv/www/htdocs |
| CVE-2017-18209 | 2018-03-01 | In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. |
| CVE-2017-18210 | 2018-03-01 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. |
| CVE-2017-18211 | 2018-03-01 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. |
| CVE-2018-7047 | 2018-03-01 | An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials... |
| CVE-2018-7048 | 2018-03-01 | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request. |
| CVE-2018-7049 | 2018-03-01 | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted... |
| CVE-2017-18212 | 2018-03-01 | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload. |
| CVE-2018-7586 | 2018-03-01 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. |
| CVE-2018-7587 | 2018-03-01 | An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. |
| CVE-2018-7588 | 2018-03-01 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. |
| CVE-2018-7589 | 2018-03-01 | An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. |
| CVE-2018-7590 | 2018-03-01 | CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. |
| CVE-2017-15134 | 2018-03-01 | A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could... |
| CVE-2018-7634 | 2018-03-01 | An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a... |
| CVE-2017-6926 | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able... |
| CVE-2017-6927 | 2018-03-01 | Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as... |
| CVE-2017-6928 | 2018-03-01 | Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to... |
| CVE-2017-6929 | 2018-03-01 | A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in... |
| CVE-2017-6930 | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access... |
| CVE-2017-6931 | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If... |
| CVE-2017-6932 | 2018-03-01 | Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This... |
| CVE-2018-1169 | 2018-03-02 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2018-1170 | 2018-03-02 | This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit... |
| CVE-2018-6490 | 2018-03-02 | MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) |
| CVE-2018-1065 | 2018-03-02 | The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to... |
| CVE-2018-1066 | 2018-03-02 | The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has... |
| CVE-2018-7637 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7638 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7639 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7640 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7641 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7642 | 2018-03-02 | The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out... |
| CVE-2018-7643 | 2018-03-02 | The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via... |
| CVE-2017-14461 | 2018-03-02 | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of... |
| CVE-2017-15130 | 2018-03-02 | A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory... |
| CVE-2018-1058 | 2018-03-02 | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this... |
| CVE-2018-1063 | 2018-03-02 | Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few... |
| CVE-2018-7648 | 2018-03-02 | An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more... |
| CVE-2017-1654 | 2018-03-02 | IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service... |
| CVE-2017-1787 | 2018-03-02 | IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. |
| CVE-2018-1373 | 2018-03-02 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. |
| CVE-2018-7433 | 2018-03-02 | The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. |
| CVE-2015-0796 | 2018-03-02 | open build service source server symlink exploitation via source patch |
| CVE-2017-14801 | 2018-03-02 | Reflected xss in Admin Console REST interface |
| CVE-2017-14802 | 2018-03-02 | Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs |
| CVE-2017-5189 | 2018-03-02 | private SSL key embedded in JAR file in iManager |
| CVE-2017-7419 | 2018-03-02 | NetIQ Access Manager OAuth Consent screen XSS attack |
| CVE-2017-7429 | 2018-03-02 | Fix for NetIQ shell code upload |
| CVE-2017-7434 | 2018-03-02 | NetIQ Identity Manager JDBC driver could leak passwords in exception traces |
| CVE-2017-7438 | 2018-03-02 | DOM cross site scripting attack against NetIQ Privileged Account Manager |
| CVE-2017-9267 | 2018-03-02 | eDirectory LDAP peer certificate validation issue |
| CVE-2017-9276 | 2018-03-02 | XSS Vulnerability in iManager |
| CVE-2017-9277 | 2018-03-02 | existing connection is being used even though eDirectory LDAP server is upgraded to EBA |
| CVE-2017-9278 | 2018-03-02 | Avoid password disclosure via EBS event logging in the iManager Oracle driver |
| CVE-2017-9279 | 2018-03-02 | NetIQ Identity Manager allowed uploading of user icons with incorrect types or extensions |
| CVE-2017-9280 | 2018-03-02 | Novell Identity Manager User Application get request url contains the session token. |
| CVE-2017-9285 | 2018-03-02 | Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface |
| CVE-2015-7596 | 2018-03-02 | SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an... |
| CVE-2015-7597 | 2018-03-02 | SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
| CVE-2015-7598 | 2018-03-02 | SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
| CVE-2015-7961 | 2018-03-02 | SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
| CVE-2015-7962 | 2018-03-02 | SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable... |
| CVE-2015-7963 | 2018-03-02 | SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
| CVE-2015-7964 | 2018-03-02 | SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
| CVE-2015-7965 | 2018-03-02 | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a... |
| CVE-2015-7966 | 2018-03-02 | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a... |
| CVE-2015-7967 | 2018-03-02 | SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable... |
| CVE-2018-7449 | 2018-03-04 | SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. |
| CVE-2018-7583 | 2018-03-04 | Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. |