CVE-2018-1000061 CVSS:0.0
ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-7034 CVSS:0.0
TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. (Last Update:2018-02-14) (Publish Update:2018-02-14)
CVE-2018-6835 CVSS:0.0
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. (Last Update:2018-02-08) (Publish Update:2018-02-08)
CVE-2018-6794 CVSS:0.0
Suricata before 4.1 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual. (Last Update:2018-02-07) (Publish Update:2018-02-07)
CVE-2018-6651 CVSS:0.0
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. (Last Update:2018-02-05) (Publish Update:2018-02-05)
CVE-2018-6635 CVSS:0.0
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. (Last Update:2018-02-07) (Publish Update:2018-02-05)
CVE-2018-6624 CVSS:0.0
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. (Last Update:2018-02-05) (Publish Update:2018-02-05)
CVE-2018-6521 CVSS:7.5
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. (Last Update:2018-02-15) (Publish Update:2018-02-01)
CVE-2018-6520 CVSS:5.8
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. (Last Update:2018-02-15) (Publish Update:2018-02-01)
CVE-2018-6316 CVSS:0.0
Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode. (Last Update:2018-02-15) (Publish Update:2018-02-15)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by