CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2016-8528 264 2018-02-15 2018-03-07
6.5
None Remote Low ??? Partial Partial Partial
A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
1202 CVE-2016-8525 200 +Info 2018-02-15 2018-03-07
5.0
None Remote Low Not required Partial None None
A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
1203 CVE-2016-8523 77 Exec Code 2018-02-15 2018-03-05
9.0
None Remote Low ??? Complete Complete Complete
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
1204 CVE-2016-8522 79 XSS 2018-02-15 2018-03-05
3.5
None Remote Medium ??? None Partial None
A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
1205 CVE-2016-8521 20 2018-02-15 2018-03-05
4.3
None Remote Medium Not required None Partial None
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
1206 CVE-2016-8520 275 2018-02-15 2018-03-13
6.5
None Remote Low ??? Partial Partial Partial
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.
1207 CVE-2016-8519 502 Exec Code 2018-02-15 2018-03-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.
1208 CVE-2016-8518 DoS 2018-02-15 2018-03-05
5.0
None Remote Low Not required None None Partial
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
1209 CVE-2016-8517 79 XSS 2018-02-15 2018-03-05
4.3
None Remote Medium Not required None Partial None
A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
1210 CVE-2016-8516 DoS 2018-02-15 2018-03-05
5.0
None Remote Low Not required None None Partial
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
1211 CVE-2016-8515 434 2018-02-15 2018-03-06
6.5
None Remote Low ??? Partial Partial Partial
A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
1212 CVE-2016-8514 200 +Info 2018-02-15 2018-03-06
4.0
None Remote Low ??? Partial None None
A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
1213 CVE-2016-8513 352 CSRF 2018-02-15 2018-03-07
6.0
None Remote Medium ??? Partial Partial Partial
A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
1214 CVE-2016-8512 119 Exec Code Overflow 2018-02-15 2018-03-09
7.5
None Remote Low Not required Partial Partial Partial
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
1215 CVE-2016-8511 502 Exec Code 2018-02-15 2018-03-13
7.5
None Remote Low Not required Partial Partial Partial
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.
1216 CVE-2016-7394 79 XSS 2018-02-06 2018-03-13
4.3
None Remote Medium Not required None Partial None
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
1217 CVE-2016-6813 320 2018-02-06 2018-03-13
7.5
None Remote Low Not required Partial Partial Partial
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
1218 CVE-2016-6272 91 Sql 2018-02-20 2018-03-17
5.0
None Remote Low Not required Partial None None
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
1219 CVE-2016-6169 119 DoS Exec Code Overflow Mem. Corr. 2018-02-07 2018-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.
1220 CVE-2016-6168 416 DoS Exec Code 2018-02-07 2018-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.
1221 CVE-2016-5397 77 2018-02-12 2020-06-04
9.0
None Remote Low ??? Complete Complete Complete
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
1222 CVE-2016-3957 502 Exec Code 2018-02-06 2019-06-21
7.5
None Remote Low Not required Partial Partial Partial
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.
1223 CVE-2016-3954 200 Exec Code +Info 2018-02-06 2019-06-21
2.1
None Local Low Not required Partial None None
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
1224 CVE-2016-3953 798 Exec Code 2018-02-06 2019-06-21
7.5
None Remote Low Not required Partial Partial Partial
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
1225 CVE-2016-3952 255 2018-02-06 2019-06-21
2.1
None Local Low Not required Partial None None
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access.
1226 CVE-2016-2541 119 DoS Overflow Mem. Corr. 2018-02-07 2018-02-26
4.3
None Remote Medium Not required None None Partial
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.
1227 CVE-2016-2540 119 DoS Overflow Mem. Corr. 2018-02-07 2018-02-26
4.3
None Remote Medium Not required None None Partial
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.
1228 CVE-2016-0369 611 +Info 2018-02-21 2018-03-17
4.0
None Remote Low ??? Partial None None
XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088.
1229 CVE-2016-0367 200 +Info 2018-02-21 2018-03-12
4.0
None Remote Low ??? Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072.
1230 CVE-2016-0366 200 +Info 2018-02-21 2018-03-12
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071.
1231 CVE-2016-0351 200 +Info 2018-02-21 2018-03-13
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890.
1232 CVE-2016-0348 352 XSS CSRF 2018-02-21 2018-03-09
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.
1233 CVE-2016-0345 200 +Info 2018-02-21 2018-03-09
4.0
None Remote Low ??? Partial None None
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786.
1234 CVE-2016-0344 79 XSS 2018-02-21 2018-03-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785.
1235 CVE-2016-0343 200 +Info 2018-02-21 2018-03-09
4.0
None Remote Low ??? Partial None None
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784.
1236 CVE-2016-0342 284 2018-02-02 2018-02-15
5.5
None Remote Low ??? Partial Partial None
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783.
1237 CVE-2016-0329 601 2018-02-02 2018-02-16
4.9
None Remote Medium ??? Partial Partial None
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.
1238 CVE-2016-0312 200 +Info 2018-02-02 2018-02-14
5.0
None Remote Low Not required Partial None None
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486.
1239 CVE-2016-0311 79 XSS 2018-02-02 2018-02-14
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480.
1240 CVE-2016-0303 79 XSS 2018-02-02 2018-02-15
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1241 CVE-2016-0300 20 2018-02-02 2018-02-14
5.5
None Remote Low ??? Partial Partial None
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.
1242 CVE-2016-0299 200 +Info 2018-02-28 2018-03-17
5.0
None Remote Low Not required Partial None None
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382.
1243 CVE-2016-0295 352 XSS CSRF 2018-02-28 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.
1244 CVE-2016-0291 78 Exec Code 2018-02-28 2018-03-17
9.0
None Remote Low ??? Complete Complete Complete
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.
1245 CVE-2015-9256 200 +Info 2018-02-20 2018-03-19
5.0
None Remote Low Not required Partial None None
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
1246 CVE-2015-9255 200 +Info 2018-02-20 2018-03-19
5.0
None Remote Low Not required Partial None None
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.
1247 CVE-2015-9254 798 2018-02-20 2018-03-19
7.5
None Remote Low Not required Partial Partial Partial
Datto ALTO and SIRIS devices have a default VNC password.
1248 CVE-2015-9253 400 2018-02-19 2020-02-19
6.8
None Remote Low ??? None None Complete
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
1249 CVE-2015-9252 399 2018-02-13 2018-05-08
4.3
None Remote Medium Not required None None Partial
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
1250 CVE-2015-6569 362 DoS 2018-02-21 2018-03-19
4.3
None Remote Medium Not required None None Partial
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.
Total number of vulnerabilities : 1328   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.