Unknown · CVSS Not scored
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.
Published Feb 27, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.
Published Feb 23, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
Published Feb 2, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
Published Feb 23, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
Published Feb 9, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
Published Feb 14, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
Published Feb 2, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file.
Published Feb 23, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.
Published Feb 12, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.
Published Feb 14, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.
Published Feb 12, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.
Published Feb 12, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
Published Feb 8, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.
Published Feb 12, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
Published Feb 2, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.
Published Feb 2, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.
Published Feb 27, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
Published Feb 20, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.
Published Feb 27, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.
Published Feb 12, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132851.
Published Feb 21, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
Published Feb 12, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found.
Published Feb 15, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Published Feb 6, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.
Published Feb 1, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
Published Feb 12, 2018 · Updated Sep 16, 2024