CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-2166 798 2018-02-08 2018-03-10
10.0
None Remote Low Not required Complete Complete Complete
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
2 CVE-2014-3205 798 2018-02-23 2018-03-18
10.0
None Remote Low Not required Complete Complete Complete
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
3 CVE-2014-3206 20 Exec Code 2018-02-23 2018-03-19
10.0
None Remote Low Not required Complete Complete Complete
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
4 CVE-2016-8519 502 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.
5 CVE-2016-9568 254 2018-02-19 2018-03-21
10.0
None Remote Low Not required Complete Complete Complete
A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.
6 CVE-2017-5790 502 2018-02-15 2018-03-07
10.0
None Remote Low Not required Complete Complete Complete
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
7 CVE-2017-5802 +Priv 2018-02-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
8 CVE-2017-5804 190 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
9 CVE-2017-5805 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
10 CVE-2017-5806 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
11 CVE-2017-5807 119 Exec Code Overflow 2018-02-15 2018-03-07
10.0
None Remote Low Not required Complete Complete Complete
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
12 CVE-2017-5814 89 Sql Bypass 2018-02-15 2018-03-07
10.0
None Remote Low Not required Complete Complete Complete
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
13 CVE-2017-5815 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
14 CVE-2017-5816 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
15 CVE-2017-5817 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
16 CVE-2017-5819 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
17 CVE-2017-5820 Exec Code 2018-02-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
18 CVE-2017-5821 Exec Code 2018-02-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
19 CVE-2017-5823 Exec Code 2018-02-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
20 CVE-2017-5824 Exec Code 2018-02-15 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
21 CVE-2017-7376 119 Exec Code Overflow 2018-02-19 2019-05-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
22 CVE-2017-8947 22 Exec Code Dir. Trav. 2018-02-15 2018-03-15
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.
23 CVE-2017-8948 Bypass 2018-02-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.
24 CVE-2017-8954 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
25 CVE-2017-8956 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
26 CVE-2017-8957 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
27 CVE-2017-8975 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
28 CVE-2017-8976 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
29 CVE-2017-8981 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.
30 CVE-2017-11632 798 2018-02-26 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.
31 CVE-2017-11634 798 2018-02-26 2018-03-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.
32 CVE-2017-12542 Exec Code Bypass 2018-02-15 2018-07-23
10.0
None Remote Low Not required Complete Complete Complete
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
33 CVE-2017-12556 502 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
34 CVE-2017-12557 502 Exec Code 2018-02-15 2019-03-08
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
35 CVE-2017-12558 502 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
36 CVE-2017-12561 824 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
37 CVE-2017-13229 20 Exec Code 2018-02-12 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.
38 CVE-2017-14910 125 2018-02-23 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file.
39 CVE-2018-0125 20 DoS Exec Code +Priv 2018-02-08 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.
40 CVE-2018-0514 78 Exec Code 2018-02-08 2018-03-10
10.0
None Remote Low Not required Complete Complete Complete
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
41 CVE-2018-1161 20 Exec Code 2018-02-08 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215.
42 CVE-2018-1163 Exec Code Bypass 2018-02-08 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752.
43 CVE-2018-1164 732 2018-02-21 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.
44 CVE-2018-4872 Bypass 2018-02-27 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.
45 CVE-2018-4877 416 Exec Code 2018-02-06 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
46 CVE-2018-4879 787 Exec Code 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
47 CVE-2018-4895 787 Exec Code 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
48 CVE-2018-5439 77 Exec Code 2018-02-19 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.
49 CVE-2018-5473 119 Exec Code Overflow 2018-02-19 2021-08-18
10.0
None Remote Low Not required Complete Complete Complete
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.
50 CVE-2018-6289 74 Exec Code 2018-02-06 2018-02-23
10.0
None Remote Low Not required Complete Complete Complete
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
Total number of vulnerabilities : 1328   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.