CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2017-12497 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1002 CVE-2017-12496 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1003 CVE-2017-12495 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1004 CVE-2017-12494 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1005 CVE-2017-12493 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1006 CVE-2017-12492 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1007 CVE-2017-12491 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1008 CVE-2017-12490 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1009 CVE-2017-12489 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1010 CVE-2017-12488 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1011 CVE-2017-12487 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
1012 CVE-2017-12473 20 DoS 2018-02-07 2018-02-22
5.0
None Remote Low Not required None None Partial
ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values."
1013 CVE-2017-12472 476 2018-02-07 2018-02-22
7.5
None Remote Low Not required Partial Partial Partial
ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc.
1014 CVE-2017-12471 119 Overflow 2018-02-07 2018-02-22
7.5
None Remote Low Not required Partial Partial Partial
The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.
1015 CVE-2017-12470 190 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.
1016 CVE-2017-12469 119 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.
1017 CVE-2017-12468 119 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.
1018 CVE-2017-12467 772 DoS 2018-02-07 2019-10-03
5.0
None Remote Low Not required None None Partial
Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.
1019 CVE-2017-12466 119 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.
1020 CVE-2017-12465 190 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.
1021 CVE-2017-12464 476 DoS 2018-02-07 2018-02-22
5.0
None Remote Low Not required None None Partial
ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.
1022 CVE-2017-12463 772 DoS 2018-02-07 2019-10-03
5.0
None Remote Low Not required None None Partial
Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown.
1023 CVE-2017-12415 352 CSRF 2018-02-20 2018-03-16
5.1
None Remote High Not required Partial Partial Partial
OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order.
1024 CVE-2017-12412 835 Overflow 2018-02-07 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.
1025 CVE-2017-12191 613 2018-02-28 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.
1026 CVE-2017-12161 640 2018-02-21 2019-10-09
4.3
None Remote Medium Not required Partial None None
It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.
1027 CVE-2017-11635 200 +Info 2018-02-26 2018-03-22
5.0
None Remote Low Not required Partial None None
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.
1028 CVE-2017-11634 798 2018-02-26 2018-03-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.
1029 CVE-2017-11633 2018-02-26 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.
1030 CVE-2017-11632 798 2018-02-26 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.
1031 CVE-2017-10963 74 +Info 2018-02-20 2018-03-18
4.3
None Remote Medium Not required Partial None None
In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world.
1032 CVE-2017-10690 269 2018-02-09 2019-10-03
4.0
None Remote Low ??? Partial None None
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
1033 CVE-2017-10689 269 2018-02-09 2019-10-03
2.1
None Local Low Not required None Partial None
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
1034 CVE-2017-9970 434 Exec Code 2018-02-12 2018-03-09
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.
1035 CVE-2017-9969 522 2018-02-12 2019-10-03
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.
1036 CVE-2017-9968 295 2018-02-12 2018-03-09
4.3
None Remote Medium Not required Partial None None
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.
1037 CVE-2017-9967 2018-02-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.
1038 CVE-2017-9963 352 CSRF 2018-02-12 2019-04-23
5.8
None Remote Medium Not required Partial Partial None
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
1039 CVE-2017-9447 22 Dir. Trav. 2018-02-28 2018-03-23
5.0
None Remote Low Not required Partial None None
In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences.
1040 CVE-2017-9426 89 Sql 2018-02-26 2018-03-16
7.5
None Remote Low Not required Partial Partial Partial
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
1041 CVE-2017-9425 79 XSS 2018-02-26 2018-03-17
4.3
None Remote Medium Not required None Partial None
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.
1042 CVE-2017-9414 352 XSS CSRF 2018-02-05 2018-02-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
1043 CVE-2017-8993 79 XSS 2018-02-15 2018-03-12
3.5
None Remote Medium ??? None Partial None
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found.
1044 CVE-2017-8985 200 +Info 2018-02-15 2018-03-16
4.6
None Local Low Not required Partial Partial Partial
HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.
1045 CVE-2017-8984 Exec Code 2018-02-15 2018-03-06
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.
1046 CVE-2017-8983 20 Exec Code 2018-02-15 2018-03-06
9.0
None Remote Low ??? Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
1047 CVE-2017-8982 Bypass 2018-02-15 2019-10-03
5.0
None Remote Low Not required Partial None None
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
1048 CVE-2017-8981 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.
1049 CVE-2017-8980 200 +Info 2018-02-15 2018-02-26
5.0
None Remote Low Not required Partial None None
A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1050 CVE-2017-8979 DoS Exec Code Bypass 2018-02-15 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.
Total number of vulnerabilities : 1328   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.