CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2779 399 2018-02-20 2018-03-19
5.0
None Remote Low Not required None None Partial
id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).
2 CVE-2009-4267 116 2018-02-19 2018-03-18
4.0
None Remote Low ??? None Partial None
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
3 CVE-2009-5144 254 2018-02-03 2018-03-13
5.0
None Remote Low Not required None Partial None
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.
4 CVE-2010-0109 119 DoS Overflow 2018-02-19 2018-03-18
3.3
None Local Network Low Not required None None Partial
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
5 CVE-2011-3477 20 DoS 2018-02-19 2018-03-21
4.9
None Local Low Not required None None Complete
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.
6 CVE-2011-4068 287 Bypass 2018-02-01 2018-02-21
7.5
None Remote Low Not required Partial Partial Partial
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
7 CVE-2011-4069 90 Bypass 2018-02-01 2018-02-21
7.5
None Remote Low Not required Partial Partial Partial
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
8 CVE-2011-4889 254 2018-02-08 2018-03-10
7.5
None Remote Low Not required Partial Partial Partial
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.
9 CVE-2011-4973 287 Bypass 2018-02-15 2018-03-15
7.5
None Remote Low Not required Partial Partial Partial
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
10 CVE-2012-0771 119 DoS Exec Code Overflow Mem. Corr. 2018-02-19 2018-03-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759.
11 CVE-2012-0941 79 1 XSS 2018-02-08 2018-02-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
12 CVE-2012-2166 798 2018-02-08 2018-03-10
10.0
None Remote Low Not required Complete Complete Complete
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
13 CVE-2012-3331 200 +Info 2018-02-08 2018-02-22
5.0
None Remote Low Not required Partial None None
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048.
14 CVE-2012-3536 79 XSS 2018-02-27 2018-03-16
4.3
None Remote Medium Not required None Partial None
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.
15 CVE-2012-5359 20 Exec Code 2018-02-08 2018-02-23
9.3
None Remote Medium Not required Complete Complete Complete
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.
16 CVE-2012-5360 20 Exec Code 2018-02-08 2018-02-23
9.3
None Remote Medium Not required Complete Complete Complete
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.
17 CVE-2012-6346 79 XSS 2018-02-09 2018-02-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.
18 CVE-2012-6347 79 XSS 2018-02-09 2018-02-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf.
19 CVE-2012-6709 295 2018-02-23 2018-03-20
4.3
None Remote Medium Not required Partial None None
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.
20 CVE-2013-0267 264 DoS +Priv XSS 2018-02-21 2019-07-29
6.5
None Remote Low ??? Partial Partial Partial
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
21 CVE-2013-2830 416 Exec Code 2018-02-08 2020-03-11
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.
22 CVE-2013-3552 119 Exec Code Overflow 2018-02-08 2018-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
23 CVE-2013-3553 119 Exec Code Overflow 2018-02-08 2018-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
24 CVE-2013-4317 200 +Info 2018-02-06 2018-02-26
4.0
None Remote Low ??? Partial None None
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
25 CVE-2013-4891 79 XSS Bypass 2018-02-21 2018-03-09
4.3
None Remote Medium Not required None Partial None
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.
26 CVE-2013-7435 200 +Info 2018-02-01 2018-02-16
4.0
None Remote Low ??? Partial None None
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
27 CVE-2014-0013 79 XSS 2018-02-15 2018-08-13
3.5
None Remote Medium ??? None Partial None
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.
28 CVE-2014-0014 79 XSS 2018-02-15 2018-10-17
3.5
None Remote Medium ??? None Partial None
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.
29 CVE-2014-1834 77 2018-02-02 2018-02-14
4.6
None Local Low Not required Partial Partial Partial
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.
30 CVE-2014-1835 255 2018-02-02 2018-02-14
2.1
None Local Low Not required Partial None None
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.
31 CVE-2014-3005 611 Exec Code 2018-02-01 2018-02-21
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
32 CVE-2014-3205 798 2018-02-23 2018-03-18
10.0
None Remote Low Not required Complete Complete Complete
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
33 CVE-2014-3206 20 Exec Code 2018-02-23 2018-03-19
10.0
None Remote Low Not required Complete Complete Complete
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
34 CVE-2014-3219 59 2018-02-09 2019-09-24
4.3
None Local Low ??? Partial Partial Partial
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
35 CVE-2014-3244 611 Exec Code 2018-02-01 2018-02-15
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
36 CVE-2014-3519 284 Bypass 2018-02-01 2018-02-27
4.9
None Local Low Not required Complete None None
The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.
37 CVE-2014-3752 264 Exec Code 2018-02-01 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
38 CVE-2014-3972 22 Dir. Trav. 2018-02-19 2018-03-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.
39 CVE-2014-4066 119 DoS Exec Code Overflow Mem. Corr. 2018-02-08 2018-03-08
7.6
None Remote High Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806.
40 CVE-2014-4112 119 DoS Exec Code Overflow Mem. Corr. 2018-02-08 2018-03-08
7.6
None Remote High Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304.
41 CVE-2014-4145 119 DoS Exec Code Overflow Mem. Corr. 2018-02-08 2018-03-08
7.6
None Remote High Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985.
42 CVE-2014-5279 284 Exec Code +Priv 2018-02-06 2019-04-29
9.0
None Remote Low ??? Complete Complete Complete
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.
43 CVE-2014-5280 352 CSRF 2018-02-06 2020-01-30
9.3
None Remote Medium Not required Complete Complete Complete
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
44 CVE-2014-5282 20 2018-02-06 2019-04-29
5.5
None Remote Low ??? Partial Partial None
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
45 CVE-2014-8171 399 DoS 2018-02-09 2019-04-22
4.9
None Local Low Not required None None Complete
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
46 CVE-2014-8985 119 DoS Exec Code Overflow Mem. Corr. 2018-02-08 2018-02-23
7.6
None Remote High Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145.
47 CVE-2014-9502 352 CSRF 2018-02-01 2018-02-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.
48 CVE-2014-9503 264 2018-02-01 2018-02-27
5.5
None Remote Low ??? None Partial Partial
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
49 CVE-2014-9504 284 2018-02-01 2018-02-27
5.0
None Remote Low Not required None Partial None
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
50 CVE-2014-10070 264 2018-02-27 2018-03-21
4.6
None Local Low Not required Partial Partial Partial
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
Total number of vulnerabilities : 1328   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.