Vulnerability & Exploit Database

Displaying entries 31 - 40 of 125212 in total

Juniper Junos OS: commit script may allow unauthenticated root login upon reboot (JSA10835) (CVE-2018-0008) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior ...

Juniper Junos OS: SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (JSA10836) (CVE-2018-0009) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks...

Juniper Junos OS: bbe-smgd process denial of service while processing VLAN authentication requests/rejects (JSA10834) (CVE-2018-0006) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, ...

Ubuntu: USN-3522-4: Linux kernel (Xenial HWE) regression Vulnerability

  • Severity: 4
  • Published: January 09, 2018

USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown (CVE-2017-5754). Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem.

We apologize for the inconvenience.

Original advisory d...

Microsoft CVE-2018-0812: Microsoft Word Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: January 08, 2018

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could t...

Microsoft CVE-2018-0807: Microsoft Word Remote Code Execution Vulnerability Vulnerability

  • Severity: 4
  • Published: January 08, 2018

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could t...

Microsoft ADV180002: Vulnerability in CPU Microcode Could Allow Information Disclosure Vulnerability

  • Severity: 5
  • Published: January 08, 2018
Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance fro...

CVE-2018-0793: Microsoft Outlook Remote Code Execution Vulnerability [Office for Mac] Vulnerability

  • Severity: 4
  • Published: January 08, 2018

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exp...