CVE-2018-6526

CVE: CVE-2018-6526
Published: 2018-02-02T09:29Z
Vendor: mantisbt
Products: mantisbt
Versions: 2.10.0,
Description Language: en
Description: view_all_bug_page.php in MantisBT before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
References:
http://www.securityfocus.com/bid/103065
https://mantisbt.org/bugs/view.php?id=23921

CVE-2018-6525

CVE: CVE-2018-6525
Published: 2018-02-02T01:29Z
Description Language: en
Description: In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.
References:
http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf
https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x220458

CVE-2018-6524

CVE: CVE-2018-6524
Published: 2018-02-02T01:29Z
Description Language: en
Description: In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.
References:
http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf
https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x220c20

CVE-2018-6523

CVE: CVE-2018-6523
Published: 2018-02-02T01:29Z
Description Language: en
Description: In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.
References:
http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf
https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x22045c

CVE-2018-6522

CVE: CVE-2018-6522
Published: 2018-02-02T01:29Z
Description Language: en
Description: In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.
References:
http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf
https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKRgFtXp_0x220408

CVE-2018-6521

CVE: CVE-2018-6521
Published: 2018-02-02T01:29Z
Description Language: en
Description: The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
References:
https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
https://simplesamlphp.org/security/201801-03
https://www.debian.org/security/2018/dsa-4127

CVE-2018-6520

CVE: CVE-2018-6520
Published: 2018-02-02T01:29Z
Description Language: en
Description: SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.
References:
https://simplesamlphp.org/security/201801-02

CVE-2018-6519

CVE: CVE-2018-6519
Published: 2018-02-02T01:29Z
Description Language: en
Description: The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
References:
https://simplesamlphp.org/security/201801-01
https://www.debian.org/security/2018/dsa-4127

CVE-2018-6486

CVE: CVE-2018-6486
Published: 2018-02-02T14:29Z
Vendor: microfocus
Products: fortify_audit_workbench
Versions: 16.10, 16.20, 17.10,
fortify_software_security_center
Versions: 16.10, 16.20, 17.10,
Description Language: en
Description: XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
References:
http://www.securityfocus.com/bid/102902
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

CVE-2018-6319

CVE: CVE-2018-6319
Published: 2018-02-02T21:29Z
Vendor: sophos
Products: sophos_tester
Versions: 3.2.0.7,
Description Language: en
Description: In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn’t check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.
References:
https://29wspy.ru/exploits/CVE-2018-6319.pdf

CVE-2018-6318

CVE: CVE-2018-6318
Published: 2018-02-02T21:29Z
Vendor: sophos
Products: sophos_tester
Versions: 3.2.0.7,
Description Language: en
Description: In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it’s run in userland), but the driver doesn’t perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name — and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.
References:
https://29wspy.ru/exploits/CVE-2018-6318.pdf

CVE-2018-6317

CVE: CVE-2018-6317
Published: 2018-02-02T21:29Z
Vendor: claymore_dual_miner_project
Products: claymore_dual_miner
Versions: 10.5,
Description Language: en
Description: The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
References:
https://medium.com/@res1n/claymore-dual-gpu-miner-10-5-format-strings-vulnerability-916ab3d2db30
https://www.exploit-db.com/exploits/43972/

CVE-2018-5261

CVE: CVE-2018-5261
Published: 2018-02-02T21:29Z
Vendor: flexense
Products: diskboss
Versions: 8.8.16,
Description Language: en
Description: An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.
References:
https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261

CVE-2018-6485

CVE: CVE-2018-6485
Published: 2018-02-01T14:29Z
Vendor: gnu
Products: glibc
Versions: 2.26,
Description Language: en
Description: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
References:
http://bugs.debian.org/878159
http://www.securityfocus.com/bid/102912
https://sourceware.org/bugzilla/show_bug.cgi?id=22343

CVE-2018-6484

CVE: CVE-2018-6484
Published: 2018-02-01T05:29Z
Vendor: zziplib_project
Products: zziplib
Versions: 0.13.67,
Description Language: en
Description: In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
References:
https://github.com/gdraheim/zziplib/issues/14