CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2017-8978 200 +Info 2018-02-15 2018-03-15
4.9
None Remote Medium ??? Partial Partial None
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found.
1052 CVE-2017-8977 20 DoS 2018-02-15 2018-03-09
8.5
None Remote Low Not required None Partial Complete
A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
1053 CVE-2017-8976 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
1054 CVE-2017-8975 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
1055 CVE-2017-8974 Bypass 2018-02-15 2019-10-03
3.6
None Local Low Not required Partial Partial None
A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found.
1056 CVE-2017-8973 20 2018-02-15 2018-03-09
4.0
None Remote Low ??? None Partial None
An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.
1057 CVE-2017-8972 20 2018-02-15 2018-03-09
4.0
None Remote Low ??? None Partial None
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.
1058 CVE-2017-8971 20 2018-02-15 2018-03-09
4.0
None Remote Low ??? None Partial None
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.
1059 CVE-2017-8970 200 +Info 2018-02-15 2018-03-15
5.0
None Remote Low Not required Partial None None
A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.
1060 CVE-2017-8969 20 2018-02-15 2018-03-15
3.5
None Remote Medium ??? None Partial None
An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found.
1061 CVE-2017-8967 502 2018-02-15 2018-02-24
9.0
None Remote Low ??? Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1062 CVE-2017-8966 502 2018-02-15 2018-02-24
9.0
None Remote Low ??? Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1063 CVE-2017-8965 502 2018-02-15 2018-02-24
9.0
None Remote Low ??? Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1064 CVE-2017-8964 502 2018-02-15 2018-02-24
9.0
None Remote Low ??? Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1065 CVE-2017-8963 502 2018-02-15 2018-02-24
9.0
None Remote Low ??? Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1066 CVE-2017-8962 502 2018-02-15 2018-02-24
9.0
None Remote Low ??? Complete Complete Complete
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
1067 CVE-2017-8961 22 Exec Code Dir. Trav. 2018-02-15 2018-02-24
9.0
None Remote Low ??? Complete Complete Complete
A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.
1068 CVE-2017-8960 Bypass 2018-02-15 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.
1069 CVE-2017-8959 Bypass 2018-02-15 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found.
1070 CVE-2017-8958 Exec Code 2018-02-15 2018-03-06
9.3
None Remote Medium Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found.
1071 CVE-2017-8957 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
1072 CVE-2017-8956 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
1073 CVE-2017-8955 20 Exec Code 2018-02-15 2018-03-06
7.8
None Remote Low Not required None None Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
1074 CVE-2017-8954 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
1075 CVE-2017-8953 79 XSS 2018-02-15 2018-03-07
3.5
None Remote Medium ??? None Partial None
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found.
1076 CVE-2017-8952 200 +Info 2018-02-15 2018-03-06
5.0
None Remote Low Not required Partial None None
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
1077 CVE-2017-8951 200 +Info 2018-02-15 2018-03-06
4.6
None Local Low Not required Partial Partial Partial
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
1078 CVE-2017-8950 200 +Info 2018-02-15 2018-03-06
2.1
None Local Low Not required Partial None None
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
1079 CVE-2017-8949 2018-02-15 2019-10-03
2.1
None Local Low Not required Partial None None
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
1080 CVE-2017-8948 Bypass 2018-02-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.
1081 CVE-2017-8947 22 Exec Code Dir. Trav. 2018-02-15 2018-03-15
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.
1082 CVE-2017-8946 Exec Code 2018-02-15 2018-03-15
7.6
None Remote High Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.
1083 CVE-2017-8945 601 2018-02-15 2018-03-12
5.8
None Remote Medium Not required Partial Partial None
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.
1084 CVE-2017-8944 200 +Info 2018-02-15 2018-03-15
7.8
None Remote Low Not required Complete None None
A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.
1085 CVE-2017-8783 79 XSS 2018-02-04 2018-02-23
3.5
None Remote Medium ??? None Partial None
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.
1086 CVE-2017-7671 20 2018-02-27 2018-03-23
5.0
None Remote Low Not required None None Partial
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.
1087 CVE-2017-7525 184 Exec Code 2018-02-06 2021-09-27
7.5
None Remote Low Not required Partial Partial Partial
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
1088 CVE-2017-7376 119 Exec Code Overflow 2018-02-19 2019-05-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
1089 CVE-2017-7375 611 2018-02-19 2018-03-18
7.5
None Remote Low Not required Partial Partial Partial
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
1090 CVE-2017-7351 89 Sql 2018-02-08 2021-07-01
4.0
None Remote Low ??? Partial None None
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.
1091 CVE-2017-6279 787 Exec Code 2018-02-06 2018-03-01
7.2
None Local Low Not required Complete Complete Complete
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.
1092 CVE-2017-6258 787 Exec Code 2018-02-06 2018-03-01
7.2
None Local Low Not required Complete Complete Complete
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.
1093 CVE-2017-6230 78 Exec Code 2018-02-14 2018-03-16
9.0
None Remote Low ??? Complete Complete Complete
Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems.
1094 CVE-2017-6229 78 Exec Code 2018-02-14 2018-03-12
9.0
None Remote Low ??? Complete Complete Complete
Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.
1095 CVE-2017-6227 DoS 2018-02-08 2021-06-22
6.1
None Local Network Low Not required None None Complete
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
1096 CVE-2017-6225 79 Exec Code XSS 2018-02-08 2021-06-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
1097 CVE-2017-6201 918 Bypass 2018-02-06 2018-03-13
5.5
None Remote Low ??? Partial Partial None
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.
1098 CVE-2017-6200 200 +Info 2018-02-06 2018-03-13
4.0
None Remote Low ??? Partial None None
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
1099 CVE-2017-6199 287 Bypass 2018-02-06 2018-03-13
7.5
None Remote Low Not required Partial Partial Partial
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.
1100 CVE-2017-6198 400 DoS 2018-02-06 2018-03-13
6.8
None Remote Low ??? None None Complete
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.
Total number of vulnerabilities : 1328   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.