CVE-2018-7570

CVE: CVE-2018-7570
Published: 2018-02-28T21:29Z
Description Language: en
Description: The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.
References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22881
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d

CVE-2018-7569

CVE: CVE-2018-7569
Published: 2018-02-28T21:29Z
Description Language: en
Description: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.
References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22895

CVE-2018-7568

CVE: CVE-2018-7568
Published: 2018-02-28T21:29Z
Description Language: en
Description: The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.
References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22894

CVE-2018-7557

CVE: CVE-2018-7557
Published: 2018-02-28T07:29Z
Description Language: en
Description: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
References:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96

CVE-2018-7556

CVE: CVE-2018-7556
Published: 2018-02-28T07:29Z
Description Language: en
Description: LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
References:
https://www.limesurvey.org/about-us/news/2075-limesurvey-security-advisory-02-2018

CVE-2018-7554

CVE: CVE-2018-7554
Published: 2018-02-28T06:29Z
Description Language: en
Description: There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891527
https://github.com/pts/sam2p/issues/29

CVE-2018-7553

CVE: CVE-2018-7553
Published: 2018-02-28T06:29Z
Description Language: en
Description: There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891527
https://github.com/pts/sam2p/issues/32

CVE-2018-7552

CVE: CVE-2018-7552
Published: 2018-02-28T06:29Z
Description Language: en
Description: There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891527
https://github.com/pts/sam2p/issues/30

CVE-2018-7551

CVE: CVE-2018-7551
Published: 2018-02-28T06:29Z
Description Language: en
Description: There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891527
https://github.com/pts/sam2p/issues/28

CVE-2018-7482

CVE: CVE-2018-7482
Published: 2018-02-28T07:29Z
Description Language: en
Description: ** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads.
References:
https://exploit-db.com/exploits/44188
https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0

CVE-2018-7477

CVE: CVE-2018-7477
Published: 2018-02-28T07:29Z
Description Language: en
Description: SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
References:
https://exploit-db.com/exploits/44191

CVE-2018-7469

CVE: CVE-2018-7469
Published: 2018-02-28T15:29Z
Description Language: en
Description: PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories – Industry Type).
References:
https://neetech18.blogspot.in/2018/02/stored-xss-vulnerability-in-php-scripts.html

CVE-2018-7264

CVE: CVE-2018-7264
Published: 2018-02-28T17:29Z
Description Language: en
Description: The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.
References:
http://seclists.org/fulldisclosure/2018/Feb/74
https://www.exploit-db.com/exploits/44251/

CVE-2018-6947

CVE: CVE-2018-6947
Published: 2018-02-28T22:29Z
Description Language: en
Description: An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
References:
https://www.exploit-db.com/exploits/44167/
https://www.exploit-db.com/exploits/44168/

NoMachine – The Road To Code Execution Without Fuzzing – CVE-2018-6947


https://www.nomachine.com/SU02P00194
https://www.nomachine.com/SU02P00195
https://www.nomachine.com/TR02P08408

CVE-2018-6641

CVE: CVE-2018-6641
Published: 2018-02-28T05:29Z
Description Language: en
Description: An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d.
References:
http://www.dessci.com/en/dl/
https://drive.google.com/open?id=1qrHKzDA1daHh0mM2T8FRybL8we-mHRW9

CVE-2018-6640

CVE: CVE-2018-6640
Published: 2018-02-28T05:29Z
Description Language: en
Description: A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d.
References:
http://www.dessci.com/en/dl/
https://drive.google.com/open?id=1jIKf-EgP4qD-VmNHM1LbWGLbJLOClDim

CVE-2018-6639

CVE: CVE-2018-6639
Published: 2018-02-28T05:29Z
Description Language: en
Description: An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.
References:
http://www.dessci.com/en/dl/
https://drive.google.com/open?id=175_n6KhbOUlu9l0ySw-8QYk0oQbAaoZV

CVE-2018-6638

CVE: CVE-2018-6638
Published: 2018-02-28T05:29Z
Description Language: en
Description: A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d.
References:
http://www.dessci.com/en/dl/
https://drive.google.com/open?id=1V-AA1InXBPhgJviabilttkaP4DYay9f6

CVE-2018-1304

CVE: CVE-2018-1304
Published: 2018-02-28T20:29Z
Description Language: en
Description: The URL pattern of “” (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.
References:
http://www.securityfocus.com/bid/103170
http://www.securitytracker.com/id/1040427
https://access.redhat.com/errata/RHSA-2018:0465
https://access.redhat.com/errata/RHSA-2018:0466
https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html

CVE-2018-1286

CVE: CVE-2018-1286
Published: 2018-02-28T18:29Z
Description Language: en
Description: In Apache OpenMeetings 3.0.0 – 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
References:
https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E