High · CVSS 8.8
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
Published Feb 7, 2018 · Updated Dec 3, 2025
Critical · CVSS 9.8
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
Published Feb 19, 2018 · Updated Dec 3, 2025
Unknown · CVSS Not scored
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
Published Feb 2, 2018 · Updated Nov 3, 2025
Critical · CVSS 9.8 · CISA KEV
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
Published Feb 22, 2017 · Updated Oct 21, 2025
High · CVSS 8.1 · CISA KEV
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
Published Feb 26, 2017 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
Published Feb 5, 2019 · Updated Oct 21, 2025
Medium · CVSS 4
A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.
Published Feb 6, 2023 · Updated Mar 25, 2025
Medium · CVSS 4
A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0 on WordPress. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The patch is identified as 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.
Published Feb 6, 2023 · Updated Mar 5, 2025
Unknown · CVSS Not scored
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
Published Feb 12, 2017 · Updated Oct 8, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
Published Feb 13, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.
Published Feb 23, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.
Published Feb 19, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.
Published Feb 2, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
Published Feb 27, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.
Published Feb 1, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.
Published Feb 9, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.
Published Feb 23, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
Published Feb 2, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
Published Feb 7, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
Published Feb 13, 2018 · Updated Sep 17, 2024
Medium · CVSS 5.9
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.
Published Feb 15, 2019 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024