Category Archives: Cyber Security

Cyber Technology

SB17-261: Vulnerability Summary for the Week of September 11, 2017

Original release date: September 18, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. 2017-09-08 9.3 CVE-2017-0752
BID
CONFIRM
google — android A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. 2017-09-08 9.3 CVE-2017-0753
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. 2017-09-08 9.3 CVE-2017-0755
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. 2017-09-08 9.3 CVE-2017-0756
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. 2017-09-08 9.3 CVE-2017-0757
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. 2017-09-08 9.3 CVE-2017-0758
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. 2017-09-08 9.3 CVE-2017-0759
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. 2017-09-08 9.3 CVE-2017-0760
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. 2017-09-08 9.3 CVE-2017-0761
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. 2017-09-08 9.3 CVE-2017-0762
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. 2017-09-08 9.3 CVE-2017-0763
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. 2017-09-08 9.3 CVE-2017-0764
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. 2017-09-08 9.3 CVE-2017-0765
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688. 2017-09-08 9.3 CVE-2017-0766
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407. 2017-09-08 9.3 CVE-2017-0767
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992. 2017-09-08 9.3 CVE-2017-0768
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. 2017-09-08 9.3 CVE-2017-0769
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812. 2017-09-08 9.3 CVE-2017-0770
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. 2017-09-08 7.1 CVE-2017-0771
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076. 2017-09-08 7.1 CVE-2017-0772
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. 2017-09-08 7.1 CVE-2017-0773
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844. 2017-09-08 7.1 CVE-2017-0774
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179. 2017-09-08 7.1 CVE-2017-0775
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. 2017-09-08 7.8 CVE-2017-0778
BID
CONFIRM
google — android A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976. 2017-09-08 7.1 CVE-2017-0780
BID
CONFIRM
google — android A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. 2017-09-08 7.1 CVE-2017-0793
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480. 2017-09-08 9.3 CVE-2017-0795
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887. 2017-09-08 9.3 CVE-2017-0796
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854. 2017-09-08 9.3 CVE-2017-0797
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. 2017-09-08 9.3 CVE-2017-0798
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072. 2017-09-08 9.3 CVE-2017-0799
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. 2017-09-08 9.3 CVE-2017-0800
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980. 2017-09-08 9.3 CVE-2017-0801
BID
CONFIRM
ibm — db2_connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. 2017-09-12 7.2 CVE-2017-1451
CONFIRM
BID
SECTRACK
MISC
ibm — db2_connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. 2017-09-12 7.2 CVE-2017-1452
CONFIRM
BID
SECTRACK
MISC
imagemagick — imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. 2017-09-12 7.1 CVE-2017-14325
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. 2017-09-12 7.1 CVE-2017-14341
CONFIRM
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766. 2017-09-12 7.6 CVE-2017-8751
SECTRACK
CONFIRM
synology — photo_station Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. 2017-09-08 7.5 CVE-2017-11161
CONFIRM
tcpdump — tcpdump The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). 2017-09-14 7.5 CVE-2017-12893
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). 2017-09-14 7.5 CVE-2017-12894
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). 2017-09-14 7.5 CVE-2017-12895
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). 2017-09-14 7.5 CVE-2017-12896
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). 2017-09-14 7.5 CVE-2017-12897
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). 2017-09-14 7.5 CVE-2017-12898
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). 2017-09-14 7.5 CVE-2017-12899
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). 2017-09-14 7.5 CVE-2017-12900
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). 2017-09-14 7.5 CVE-2017-12901
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. 2017-09-14 7.5 CVE-2017-12902
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). 2017-09-14 7.5 CVE-2017-12985
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). 2017-09-14 7.5 CVE-2017-12986
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). 2017-09-14 7.5 CVE-2017-12987
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). 2017-09-14 7.5 CVE-2017-12988
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-12991
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). 2017-09-14 7.5 CVE-2017-12992
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. 2017-09-14 7.5 CVE-2017-12993
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-12994
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). 2017-09-14 7.5 CVE-2017-12996
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). 2017-09-14 7.5 CVE-2017-12998
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). 2017-09-14 7.5 CVE-2017-12999
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). 2017-09-14 7.5 CVE-2017-13000
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). 2017-09-14 7.5 CVE-2017-13001
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). 2017-09-14 7.5 CVE-2017-13002
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). 2017-09-14 7.5 CVE-2017-13003
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). 2017-09-14 7.5 CVE-2017-13004
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). 2017-09-14 7.5 CVE-2017-13005
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. 2017-09-14 7.5 CVE-2017-13006
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). 2017-09-14 7.5 CVE-2017-13007
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). 2017-09-14 7.5 CVE-2017-13008
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). 2017-09-14 7.5 CVE-2017-13009
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). 2017-09-14 7.5 CVE-2017-13010
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). 2017-09-14 7.5 CVE-2017-13011
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). 2017-09-14 7.5 CVE-2017-13012
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. 2017-09-14 7.5 CVE-2017-13013
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. 2017-09-14 7.5 CVE-2017-13014
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). 2017-09-14 7.5 CVE-2017-13015
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). 2017-09-14 7.5 CVE-2017-13016
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). 2017-09-14 7.5 CVE-2017-13017
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13018
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13019
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). 2017-09-14 7.5 CVE-2017-13020
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). 2017-09-14 7.5 CVE-2017-13021
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). 2017-09-14 7.5 CVE-2017-13022
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13023
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13024
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13025
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. 2017-09-14 7.5 CVE-2017-13026
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). 2017-09-14 7.5 CVE-2017-13027
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). 2017-09-14 7.5 CVE-2017-13028
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). 2017-09-14 7.5 CVE-2017-13029
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. 2017-09-14 7.5 CVE-2017-13030
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). 2017-09-14 7.5 CVE-2017-13031
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). 2017-09-14 7.5 CVE-2017-13032
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). 2017-09-14 7.5 CVE-2017-13033
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13034
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). 2017-09-14 7.5 CVE-2017-13035
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). 2017-09-14 7.5 CVE-2017-13036
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). 2017-09-14 7.5 CVE-2017-13037
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). 2017-09-14 7.5 CVE-2017-13038
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. 2017-09-14 7.5 CVE-2017-13039
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. 2017-09-14 7.5 CVE-2017-13040
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). 2017-09-14 7.5 CVE-2017-13041
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). 2017-09-14 7.5 CVE-2017-13042
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). 2017-09-14 7.5 CVE-2017-13043
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). 2017-09-14 7.5 CVE-2017-13044
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). 2017-09-14 7.5 CVE-2017-13045
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-13046
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). 2017-09-14 7.5 CVE-2017-13047
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). 2017-09-14 7.5 CVE-2017-13048
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). 2017-09-14 7.5 CVE-2017-13049
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). 2017-09-14 7.5 CVE-2017-13050
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). 2017-09-14 7.5 CVE-2017-13051
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). 2017-09-14 7.5 CVE-2017-13052
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). 2017-09-14 7.5 CVE-2017-13053
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). 2017-09-14 7.5 CVE-2017-13054
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). 2017-09-14 7.5 CVE-2017-13055
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). 2017-09-14 7.5 CVE-2017-13687
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). 2017-09-14 7.5 CVE-2017-13688
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). 2017-09-14 7.5 CVE-2017-13689
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. 2017-09-14 7.5 CVE-2017-13690
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). 2017-09-14 7.5 CVE-2017-13725
SECTRACK
CONFIRM
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
azeotech — daqfactory An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. 2017-09-08 4.6 CVE-2017-5147
BID
MISC
divinglog — diving_log XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. 2017-09-08 4.3 CVE-2017-9095
MISC
ee — 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. 2017-09-11 6.8 CVE-2017-14267
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ee — 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. 2017-09-11 4.3 CVE-2017-14268
MISC
MISC
ee — 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. 2017-09-11 5.0 CVE-2017-14269
MISC
MISC
ellucian — banner_student Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-09-11 4.3 CVE-2015-4687
MISC
BUGTRAQ
ffmpeg — ffmpeg The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) 2017-09-09 6.8 CVE-2017-14225
BID
MISC
MISC
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. 2017-09-11 4.3 CVE-2017-3132
BID
SECTRACK
CONFIRM
EXPLOIT-DB
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. 2017-09-11 4.3 CVE-2017-3133
BID
SECTRACK
CONFIRM
EXPLOIT-DB
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. 2017-09-08 4.3 CVE-2017-0776
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. 2017-09-08 4.3 CVE-2017-0777
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. 2017-09-08 4.3 CVE-2017-0779
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. 2017-09-08 5.8 CVE-2017-0784
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. 2017-09-08 5.8 CVE-2017-0786
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104. 2017-09-08 5.8 CVE-2017-0787
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103. 2017-09-08 5.8 CVE-2017-0788
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102. 2017-09-08 5.8 CVE-2017-0789
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101. 2017-09-08 5.8 CVE-2017-0790
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. 2017-09-08 5.8 CVE-2017-0791
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. 2017-09-08 6.8 CVE-2017-0794
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818. 2017-09-08 6.8 CVE-2017-0802
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477. 2017-09-08 6.8 CVE-2017-0803
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487. 2017-09-08 6.8 CVE-2017-0804
BID
CONFIRM
graphicsmagick — graphicsmagick Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. 2017-09-11 4.3 CVE-2017-14314
CONFIRM
CONFIRM
ibm — db2_connect IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. 2017-09-12 4.3 CVE-2017-1519
CONFIRM
BID
SECTRACK
MISC
ibm — db2_connect IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. 2017-09-12 4.3 CVE-2017-1520
CONFIRM
BID
SECTRACK
MISC
ibm — qradar_security_information_and_event_manager IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. 2017-09-12 5.0 CVE-2017-1162
CONFIRM
BID
MISC
imagemagick — imagemagick A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. 2017-09-11 4.3 CVE-2017-14248
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. 2017-09-11 4.3 CVE-2017-14249
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. 2017-09-12 4.3 CVE-2017-14324
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. 2017-09-12 4.3 CVE-2017-14326
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. 2017-09-12 4.3 CVE-2017-14342
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. 2017-09-12 4.3 CVE-2017-14343
CONFIRM
jasper_project — jasper There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. 2017-09-09 5.0 CVE-2017-14229
MISC
nasm — netwide_assembler In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. 2017-09-09 5.0 CVE-2017-14228
MISC
nexusphp_project — nexusphp NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. 2017-09-12 4.3 CVE-2017-14347
MISC
novell — leap The mkdumprd script called “dracut” in the current working directory “.” allows local users to trick the administrator into executing code as root. 2017-09-08 6.9 CVE-2016-5759
SUSE
MLIST
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c.” 2017-09-11 4.6 CVE-2017-14286
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb.” 2017-09-11 4.6 CVE-2017-14287
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7.” 2017-09-11 4.6 CVE-2017-14288
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e.” 2017-09-11 4.6 CVE-2017-14289
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-09-11 4.6 CVE-2017-14290
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8.” 2017-09-11 4.6 CVE-2017-14291
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e.” 2017-09-11 4.6 CVE-2017-14292
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1.” 2017-09-11 4.6 CVE-2017-14293
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e.” 2017-09-11 4.6 CVE-2017-14294
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6.” 2017-09-11 4.6 CVE-2017-14296
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35.” 2017-09-11 4.6 CVE-2017-14297
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8.” 2017-09-11 4.6 CVE-2017-14298
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b.” 2017-09-11 4.6 CVE-2017-14299
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479.” 2017-09-11 4.6 CVE-2017-14300
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3.” 2017-09-11 4.6 CVE-2017-14301
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7.” 2017-09-11 4.6 CVE-2017-14302
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047.” 2017-09-11 4.6 CVE-2017-14303
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0.” 2017-09-11 4.6 CVE-2017-14304
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578.” 2017-09-11 4.6 CVE-2017-14305
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10.” 2017-09-11 4.6 CVE-2017-14306
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402.” 2017-09-11 4.6 CVE-2017-14307
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd.” 2017-09-11 4.6 CVE-2017-14308
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8.” 2017-09-11 4.6 CVE-2017-14309
MISC
synology — photo_station Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. 2017-09-08 4.0 CVE-2017-11162
CONFIRM
synology — photo_station Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. 2017-09-08 4.0 CVE-2017-12071
CONFIRM
tcpdump — tcpdump The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). 2017-09-14 5.0 CVE-2017-12989
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. 2017-09-14 5.0 CVE-2017-12990
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). 2017-09-14 5.0 CVE-2017-12995
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). 2017-09-14 5.0 CVE-2017-12997
SECTRACK
CONFIRM
CONFIRM
tcpreplay — tcpreplay tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file. 2017-09-12 6.8 CVE-2017-14266
EXPLOIT-DB
typo3 — typo3 Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. 2017-09-11 6.5 CVE-2017-14251
BID
SECTRACK
CONFIRM
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-09-11 4.6 CVE-2017-14275
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe.” 2017-09-11 4.6 CVE-2017-14276
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005956.” 2017-09-11 4.6 CVE-2017-14277
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005940.” 2017-09-11 4.6 CVE-2017-14278
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005643.” 2017-09-11 4.6 CVE-2017-14279
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d.” 2017-09-11 4.6 CVE-2017-14280
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1.” 2017-09-11 4.6 CVE-2017-14281
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005862.” 2017-09-11 4.6 CVE-2017-14282
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000008fe4.” 2017-09-11 4.6 CVE-2017-14283
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c.” 2017-09-11 4.6 CVE-2017-14284
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b.” 2017-09-11 4.6 CVE-2017-14285
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in “Applications” under FortiView. 2017-09-11 3.5 CVE-2017-3131
BID
SECTRACK
CONFIRM
EXPLOIT-DB
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via ‘Comments’ while saving Config Revisions. 2017-09-11 3.5 CVE-2017-7734
BID
SECTRACK
CONFIRM
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the “Groups” input while creating or editing User Groups. 2017-09-11 3.5 CVE-2017-7735
BID
SECTRACK
CONFIRM
google — android A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. 2017-09-08 3.3 CVE-2017-0792
BID
CONFIRM
wolfcms — wolf_cms Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a “create-file-popup” action, and the directory name in a “create-directory-popup” action, in the HTTP POST method to the “/plugin/file_manager/” script (aka an /admin/plugin/file_manager/browse// URI). 2017-09-08 3.5 CVE-2017-11611
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alegrocart — alegrocart
 
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. 2017-09-11 not yet calculated CVE-2015-9227
MISC
FULLDISC
MISC
EXPLOIT-DB
alegrocart — alegrocart
 
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. 2017-09-11 not yet calculated CVE-2015-9226
MISC
FULLDISC
MISC
EXPLOIT-DB
ansible — vault
 
An exploitable vulnerability exists in the yaml loading functionality of Ansible Vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. 2017-09-14 not yet calculated CVE-2017-2809
BID
CONFIRM
CONFIRM
CONFIRM
MISC
anydesk — anydesk
 
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. 2017-09-12 not yet calculated CVE-2017-14397
CONFIRM
apache — brooklyn
 
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2016-8744
CONFIRM
MLIST
apache — brooklyn
 
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker’s commands as the user. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2016-8737
BID
CONFIRM
MLIST
apache — brooklyn
 
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user’s resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2017-3165
BID
CONFIRM
MLIST
apache — spark
 
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later. 2017-09-13 not yet calculated CVE-2017-12612
BID
MISC
apache — struts
 
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. 2017-09-15 not yet calculated CVE-2017-9805
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apache — traffic_server
 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. 2017-09-13 not yet calculated CVE-2015-5206
MLIST
apache — traffic_server
 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. 2017-09-13 not yet calculated CVE-2015-5168
MLIST
apache — wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. 2017-09-15 not yet calculated CVE-2014-7808
MLIST
MISC
apple — ios In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default “Bluetooth On” value must be present in Settings. 2017-09-12 not yet calculated CVE-2017-14315
BID
MISC
axesstel — mu553s_modem _router _firmware
 
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the “Basic Settings” page. 2017-09-13 not yet calculated CVE-2017-13724
MISC
axesstel — mu553s_modem _router _firmware
 
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. 2017-09-13 not yet calculated CVE-2017-11351
MISC
axesstel — mu553s_modem _router _firmware
 
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. 2017-09-13 not yet calculated CVE-2017-11350
MISC
beijing_hanbang – hanbanggaoke_devices
 
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. 2017-09-12 not yet calculated CVE-2017-14335
MISC
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14258
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14260
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14259
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14261
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14257
CONFIRM

blackcat-cms — blackcat_cms

 

In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. 2017-09-12 not yet calculated CVE-2017-14399
MISC
blackwave — dive_assistant
 
XXE in Dive Assistant – Template Builder in Blackwave Dive Assistant – Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. 2017-09-12 not yet calculated CVE-2017-8918
MISC
blue_coat — malware_analysis_appliance_and_malware_analyzer_g2
 
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. 2017-09-11 not yet calculated CVE-2015-4523
CONFIRM
bluez — bluez
 
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. 2017-09-12 not yet calculated CVE-2017-1000250
BID
CONFIRM
MISC
celery_flower — celery_flower
 
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command. 2017-09-15 not yet calculated CVE-2017-14483
CONFIRM
cisco — meeting_server
 
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127. 2017-09-13 not yet calculated CVE-2017-12249
BID
SECTRACK
CONFIRM
corega — cg-wlr300nm
 
CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10813
MISC
JVN
corega — cg-wlr300nm
 
Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10814
MISC
JVN
cyrus — cyrus_imap
 
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a ‘LIST “” “Other Users”‘ command. 2017-09-10 not yet calculated CVE-2017-14230
CONFIRM
CONFIRM
CONFIRM
CONFIRM

d-link — d-link

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. 2017-09-13 not yet calculated CVE-2017-14427
MISC

d-link — d-link

 

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. 2017-09-13 not yet calculated CVE-2017-14419
MISC

d-link — d-link

 

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. 2017-09-13 not yet calculated CVE-2017-14426
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. 2017-09-13 not yet calculated CVE-2017-14415
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. 2017-09-13 not yet calculated CVE-2017-14413
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. 2017-09-13 not yet calculated CVE-2017-14424
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. 2017-09-13 not yet calculated CVE-2017-14416
MISC

d-link — d-link

 

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. 2017-09-13 not yet calculated CVE-2017-14430
MISC
d-link — d-link
 
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. 2017-09-13 not yet calculated CVE-2017-14421
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. 2017-09-13 not yet calculated CVE-2017-14428
MISC

d-link — d-link

 

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. 2017-09-13 not yet calculated CVE-2017-14423
MISC

d-link — d-link

 

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. 2017-09-13 not yet calculated CVE-2017-14418
MISC

d-link — d-link

 

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-09-13 not yet calculated CVE-2017-14420
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. 2017-09-13 not yet calculated CVE-2017-14425
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers’ installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. 2017-09-13 not yet calculated CVE-2017-14422
MISC

d-link — d-link

 

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. 2017-09-13 not yet calculated CVE-2017-14414
MISC

d-link — d-link

 

register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. 2017-09-13 not yet calculated CVE-2017-14417
MISC

d-link — d-link

 

The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. 2017-09-13 not yet calculated CVE-2017-14429
MISC
dolibarr — erp_crm
 
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. 2017-09-11 not yet calculated CVE-2017-14238
CONFIRM
dolibarr — erp_crm
 
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. 2017-09-11 not yet calculated CVE-2017-14241
CONFIRM
dolibarr — erp_crm
 
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. 2017-09-11 not yet calculated CVE-2017-14242
CONFIRM

dolibarr — erp_crm

 

There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. 2017-09-11 not yet calculated CVE-2017-14240
CONFIRM
dolibarr — erp_crm
 
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. 2017-09-11 not yet calculated CVE-2017-14239
CONFIRM
drupal — drupal
 
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. 2017-09-13 not yet calculated CVE-2015-2749
CONFIRM
DEBIAN
MLIST
BID
CONFIRM
CONFIRM
drupal — drupal
 
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. 2017-09-11 not yet calculated CVE-2015-7877
CONFIRM
MISC
drupal — drupal
 
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the “//” initial sequence. 2017-09-13 not yet calculated CVE-2015-2750
CONFIRM
CONFIRM
DEBIAN
MLIST
BID
CONFIRM
drupal — drupal
 
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the “Register other accounts” permission and knowledge of usernames. 2017-09-13 not yet calculated CVE-2015-7880
MLIST
BID
MISC
CONFIRM
drupal — drupal
 
Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. 2017-09-11 not yet calculated CVE-2015-7879
MLIST
BID
CONFIRM
MISC
eclipse — kura
 
The network enabled distribution of Kura before 2.1.0 takes control over the device’s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox “exec” command. As the process is running as “root” full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address. 2017-09-11 not yet calculated CVE-2017-7649
CONFIRM
CONFIRM
ellucian — banner_student
 
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka “Weak Password Reset.” 2017-09-11 not yet calculated CVE-2015-4689
MISC
BUGTRAQ
ellucian — banner_student
 
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. 2017-09-11 not yet calculated CVE-2015-5054
MISC
BUGTRAQ
ellucian — banner_student
 
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. 2017-09-11 not yet calculated CVE-2015-4688
MISC
BUGTRAQ
elux_rp — elux_rp
 
In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions. 2017-09-13 not yet calculated CVE-2017-14124
CONFIRM

emc — appsync

 

EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-09-12 not yet calculated CVE-2017-8015
CONFIRM
BID
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. 2017-09-12 not yet calculated CVE-2017-14403
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. 2017-09-12 not yet calculated CVE-2017-14404
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. 2017-09-12 not yet calculated CVE-2017-14405
MISC
eyesofnetwork — eyesofnetwork
 
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. 2017-09-11 not yet calculated CVE-2017-14252
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the “ACCOUNT CREATION” section, related to lack of input validation in include/function.php. 2017-09-12 not yet calculated CVE-2017-14402
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the “ACCOUNT UPDATE” section. 2017-09-12 not yet calculated CVE-2017-14401
MISC
eyesofnetwork — eyesofnetwork
 
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. 2017-09-11 not yet calculated CVE-2017-14247
MISC
ffmpeg — ffmpeg
 
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large “ict” field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14223
BID
CONFIRM
ffmpeg — ffmpeg
 
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large “item_count” field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14222
BID
CONFIRM
file() — file()
 
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). 2017-09-11 not yet calculated CVE-2017-1000249
CONFIRM
CONFIRM
fujitsu — fence-explorer
 
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10855
MISC
JVN
genixcms — genixcms
 
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. 2017-09-10 not yet calculated CVE-2017-14231
CONFIRM
CONFIRM
gentoo — gentoo_security
 
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe “chown -R” command is executed. 2017-09-15 not yet calculated CVE-2017-14484
CONFIRM
gnu — binutils
 
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during “readelf -a” execution. 2017-09-12 not yet calculated CVE-2017-14333
CONFIRM
gnu — emacs
 
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted “Content-Type: text/enriched” data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). 2017-09-14 not yet calculated CVE-2017-14482
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — android
 
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. 2017-09-14 not yet calculated CVE-2017-0785
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. 2017-09-14 not yet calculated CVE-2017-0783
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. 2017-09-14 not yet calculated CVE-2017-0782
BID
CONFIRM
google — android
 
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. 2017-09-15 not yet calculated CVE-2015-1527
BID
CONFIRM
MISC
google — android
 
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. 2017-09-14 not yet calculated CVE-2017-0781
BID
CONFIRM

honeywell — network_video_recorder

 

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. 2017-09-11 not yet calculated CVE-2017-14263
MISC
i-filter — install_program_and_installer
 
Untrusted search path vulnerability in “i-filter 6.0 install program” file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10858
MISC
JVN
i-filter — install_program_and_installer
 
Untrusted search path vulnerability in “i-filter 6.0 installer” timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10859
MISC
JVN
i-filter — install_program_and_installer
 
Untrusted search path vulnerability in “i-filter 6.0 installer” timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10860
MISC
JVN
ibm — api_connect
 
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546. 2017-09-13 not yet calculated CVE-2017-1556
CONFIRM
BID
MISC
ibm — business_process_manager_and_websphere_lombardi_edition
 
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. 2017-09-15 not yet calculated CVE-2015-0110
BID
CONFIRM
ibm — db2
 
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. 2017-09-12 not yet calculated CVE-2017-1439
CONFIRM
BID
SECTRACK
MISC
ibm — db2
 
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. 2017-09-12 not yet calculated CVE-2017-1438
CONFIRM
BID
SECTRACK
MISC

ibm — db2

 

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. 2017-09-12 not yet calculated CVE-2017-1434
CONFIRM
BID
SECTRACK
MISC
ibm — informix_dynamic_server
 
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. 2017-09-13 not yet calculated CVE-2017-1508
CONFIRM
BID
MISC
ibm — maximo_asset_management
 
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538. 2017-09-12 not yet calculated CVE-2017-1352
CONFIRM
BID
MISC

imagemagick — imagemagick

 

In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. 2017-09-12 not yet calculated CVE-2017-14400
CONFIRM

imagemagick — imagemagick

 

A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. 2017-09-08 not yet calculated CVE-2017-14224
BID
CONFIRM
india_goods_and_services_tax_network — offline_utility_tool
 
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the “C:\GST Offline Tool” directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. 2017-09-14 not yet calculated CVE-2017-13779
MISC
internet_initiative_japan — seil
 
SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device’s encrypted communications via a specially crafted packet. 2017-09-15 not yet calculated CVE-2017-10856
MISC
JVN
jazz — reporting_service
 
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. 2017-09-14 not yet calculated CVE-2017-1490
CONFIRM
BID
MISC
jenkins — jenkins
 
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. 2017-09-12 not yet calculated CVE-2014-9634
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
jenkins — jenkins
 
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. 2017-09-12 not yet calculated CVE-2014-9635
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM

joomla — joomla!

 

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php. 2017-09-14 not yet calculated CVE-2013-7429
FULLDISC
CONFIRM
MLIST
MLIST
jungo — windriver
 
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. 2017-09-11 not yet calculated CVE-2017-14075
MISC
EXPLOIT-DB
jungo — windriver
 
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. 2017-09-12 not yet calculated CVE-2017-14344
MISC
EXPLOIT-DB
jungo — windriver
 
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. 2017-09-11 not yet calculated CVE-2017-14153
MISC
EXPLOIT-DB
kind_editor — kind_editor
 
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. 2017-09-14 not yet calculated CVE-2017-1002024
MISC
MISC
MISC
kubernetes — azure_cloud_provider
 
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to “container” which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. 2017-09-14 not yet calculated CVE-2017-1002100
MISC
MISC
libofx — libofx
 
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. 2017-09-13 not yet calculated CVE-2017-2816
BID
MISC
libraw — libraw
 
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. 2017-09-12 not yet calculated CVE-2017-14348
CONFIRM
libraw — libraw
 
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. 2017-09-11 not yet calculated CVE-2017-14265
CONFIRM
linux — linux_kernel
 
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. 2017-09-15 not yet calculated CVE-2017-14340
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. 2017-09-12 not yet calculated CVE-2017-1000251
BID
CONFIRM
MISC
linux — linux_kernel
 
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. 2017-09-15 not yet calculated CVE-2017-14489
CONFIRM
CONFIRM

linux — linux_kernel

 

The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. 2017-09-15 not yet calculated CVE-2017-14497
CONFIRM
CONFIRM
CONFIRM
CONFIRM
magneto2 — magneto2
 
The Fastly CDN module before 1.2.26 for Magneto2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses. 2017-09-14 not yet calculated CVE-2017-13761
CONFIRM
mantisbt — mantisbt
 
CAPTCHA bypass vulnerability in MantisBT before 1.2.19. 2017-09-12 not yet calculated CVE-2014-9624
MLIST
SECTRACK
CONFIRM
XF
CONFIRM
CONFIRM
microsoft — .net_framework
 
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka “.NET Framework Remote Code Execution Vulnerability.” 2017-09-12 not yet calculated CVE-2017-8759
BID
SECTRACK
CONFIRM
EXPLOIT-DB
microsoft — bluetooth_driver
 
Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft’s implementation of the Bluetooth stack, aka “Microsoft Bluetooth Driver Spoofing Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8628
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8738
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8756
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756. 2017-09-12 not yet calculated CVE-2017-11764
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766. 2017-09-12 not yet calculated CVE-2017-8734
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka “Microsoft Edge Remote Code Execution Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8757
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka “Microsoft Edge Spoofing Vulnerability”. This CVE ID is unique from CVE-2017-8724. 2017-09-12 not yet calculated CVE-2017-8735
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8752
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-8754. 2017-09-12 not yet calculated CVE-2017-8723
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8649
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user’s system, due to the way that Microsoft Edge handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. 2017-09-12 not yet calculated CVE-2017-8648
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user’s system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8739
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka “Microsoft Edge Spoofing Vulnerability”. This CVE ID is unique from CVE-2017-8735. 2017-09-12 not yet calculated CVE-2017-8724
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8740
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. 2017-09-12 not yet calculated CVE-2017-8731
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8753
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-8723. 2017-09-12 not yet calculated CVE-2017-8754
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. 2017-09-12 not yet calculated CVE-2017-8643
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8660
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8755
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751. 2017-09-12 not yet calculated CVE-2017-11766
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user’s system, due to the way that Microsoft Edge handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648. 2017-09-12 not yet calculated CVE-2017-8597
BID
SECTRACK
CONFIRM

microsoft — edge

 

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8729
BID
SECTRACK
CONFIRM
microsoft — excel_for_mac_2011
 
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution”. 2017-09-12 not yet calculated CVE-2017-8567
BID
SECTRACK
CONFIRM
microsoft — excel
 
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744. 2017-09-12 not yet calculated CVE-2017-8631
BID
SECTRACK
CONFIRM
microsoft — excel
 
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731. 2017-09-12 not yet calculated CVE-2017-8744
BID
SECTRACK
CONFIRM
microsoft — exchange_server
 
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka “Microsoft Exchange Information Disclosure Vulnerability” 2017-09-12 not yet calculated CVE-2017-11761
BID
SECTRACK
CONFIRM
microsoft — exchange_server
 
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka “Microsoft Exchange Cross-Site Scripting Vulnerability.” 2017-09-12 not yet calculated CVE-2017-8758
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8748
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8741
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8749. 2017-09-12 not yet calculated CVE-2017-8747
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka “Internet Explorer Spoofing Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8733
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka “Microsoft Browser Memory Corruption Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8750
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka “Microsoft Browser Information Disclosure Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8736
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8747. 2017-09-12 not yet calculated CVE-2017-8749
BID
SECTRACK
CONFIRM
microsoft — office_2016
 
Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744. 2017-09-12 not yet calculated CVE-2017-8630
BID
SECTRACK
CONFIRM
microsoft — powerpoint_and_sharepoint_and_office_online_server
 
A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka “PowerPoint Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8742. 2017-09-12 not yet calculated CVE-2017-8743
BID
SECTRACK
CONFIRM
microsoft — publisher
 
A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka “Microsoft Office Publisher Remote Code Execution”. 2017-09-12 not yet calculated CVE-2017-8725
BID
SECTRACK
CONFIRM

microsoft — sharepoint_server_2013

 

Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint XSS Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8629
BID
SECTRACK
CONFIRM
microsoft — sharepoint
 
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Cross Site Scripting Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8745
BID
CONFIRM
microsoft — windows The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka “Windows DHCP Server Remote Code Execution Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8686
BID
SECTRACK
CONFIRM
microsoft — windows The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka “Remote Desktop Virtual Host Remote Code Execution Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8714
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka “Windows Security Feature Bypass Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8716
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka “Microsoft Graphics Component Remote Code Execution.” 2017-09-12 not yet calculated CVE-2017-8696
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. 2017-09-12 not yet calculated CVE-2017-8709
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8678
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8677
BID
SECTRACK
CONFIRM
microsoft — windows
 
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744. 2017-09-12 not yet calculated CVE-2017-8632
BID
SECTRACK
CONFIRM

microsoft — windows

 

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. 2017-09-12 not yet calculated CVE-2017-8708
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”.. This CVE ID is unique from CVE-2017-8720. 2017-09-12 not yet calculated CVE-2017-8675
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka “Hyper-V Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8711
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka “Windows GDI+ Information Disclosure Vulnerability.” 2017-09-12 not yet calculated CVE-2017-8676
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka “Windows GDI+ Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688. 2017-09-12 not yet calculated CVE-2017-8684
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka “NetBIOS Remote Code Execution Vulnerability”. 2017-09-12 not yet calculated CVE-2017-0161
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719. 2017-09-12 not yet calculated CVE-2017-8679
BID
SECTRACK
CONFIRM

microsoft — windows

 

The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka “Hyper-V Denial of Service Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8704
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. 2017-09-12 not yet calculated CVE-2017-8719
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka “Windows GDI+ Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688. 2017-09-12 not yet calculated CVE-2017-8685
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka “Win32k Graphics Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8682. 2017-09-12 not yet calculated CVE-2017-8683
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8680
BID
SECTRACK
CONFIRM

microsoft — windows

 

The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8707
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka “Windows PDF Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8728. 2017-09-12 not yet calculated CVE-2017-8737
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user’s system via a specially crafted document or an untrusted webpage, aka “Graphics Component Information Disclosure Vulnerability.” 2017-09-12 not yet calculated CVE-2017-8695
BID
SECTRACK
CONFIRM

microsoft — windows

 

Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka “Windows Elevation of Privilege Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8702
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681. 2017-09-12 not yet calculated CVE-2017-8687
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka “Windows PDF Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8737. 2017-09-12 not yet calculated CVE-2017-8728
BID
SECTRACK
CONFIRM

microsoft — windows

 

Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka “Windows Shell Remote Code Execution Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8699
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka “Windows GDI+ Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. 2017-09-12 not yet calculated CVE-2017-8688
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka “Win32k Graphics Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8683. 2017-09-12 not yet calculated CVE-2017-8682
BID
SECTRACK
CONFIRM
microsoft — windows
 
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka “PowerPoint Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8743. 2017-09-12 not yet calculated CVE-2017-8742
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka “Windows Information Disclosure Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8710
BID
SECTRACK
CONFIRM

microsoft — windows

 

The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka “Hyper-V Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8706
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka “Hyper-V Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8712
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka “Device Guard Security Feature Bypass Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8746
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8681
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8675. 2017-09-12 not yet calculated CVE-2017-8720
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka “Hyper-V Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. 2017-09-12 not yet calculated CVE-2017-8713
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka “Uniscribe Remote Code Execution Vulnerability”. 2017-09-12 not yet calculated CVE-2017-8692
BID
SECTRACK
CONFIRM
misp — misp
 
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. 2017-09-12 not yet calculated CVE-2017-14337
CONFIRM
CONFIRM

mit — kerberos

 

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. 2017-09-13 not yet calculated CVE-2017-11462
CONFIRM
CONFIRM
CONFIRM
FEDORA
mongodb — libson
 
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. 2017-09-09 not yet calculated CVE-2017-14227
BID
MISC
MISC
MISC
mosquitto — mosquitto
 
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to ‘#’ or ‘+’. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. 2017-09-11 not yet calculated CVE-2017-7650
CONFIRM
BID
CONFIRM
mp3gain — mp3gain
 
A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14407
MISC
mp3gain — mp3gain
 
A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. 2017-09-12 not yet calculated CVE-2017-14411
MISC
mp3gain — mp3gain
 
A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14410
MISC
mp3gain — mp3gain
 
An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact. 2017-09-12 not yet calculated CVE-2017-14412
MISC
mp3gain — mp3gain
 
A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14406
MISC
mp3gain — mp3gain
 
A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. 2017-09-12 not yet calculated CVE-2017-14409
MISC
mp3gain — mp3gain
 
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14408
MISC
nagios_core — nagios_core
 
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. 2017-09-11 not yet calculated CVE-2017-14312
MISC

ntt_docomo — wi-fi_station_l-02f

 

Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. 2017-09-15 not yet calculated CVE-2017-10845
JVN
MISC
ntt_docomo — wi-fi_station_l-02f
 
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10846
JVN
MISC
osticket — osticket
 
In osTicket 1.10, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. 2017-09-12 not yet calculated CVE-2017-14396
MISC
pagure — pagure
 
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization 2017-09-14 not yet calculated CVE-2017-1002151
MISC
MISC
puppetlabs — apache_module
 
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. 2017-09-15 not yet calculated CVE-2017-2299
CONFIRM
python-fedora — python-fedora
 
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection 2017-09-14 not yet calculated CVE-2017-1002150
MISC
MISC
qnap — qts_media_library
 
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack. 2017-09-14 not yet calculated CVE-2017-13067
CONFIRM
razer_synapse — razer_synapse
 
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection. 2017-09-13 not yet calculated CVE-2017-14398
MISC

redhat — enterprise_mrg

 

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. 2017-09-14 not yet calculated CVE-2015-7553
CONFIRM

redhat — jboss_eap

 

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. 2017-09-13 not yet calculated CVE-2017-7561
BID
MISC

rhnsd — rhnsd

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. 2017-09-13 not yet calculated CVE-2017-7560
CONFIRM
ruby — ruby
 
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its heap by the malicious specification of the format of sprintf method. If a script allows to accept any format from the outside, there is a risk to be spied the contents of the heap. 2017-09-15 not yet calculated CVE-2017-0898
SECTRACK
MISC
MISC
MISC
samsung — network_video_recorder
 
On Samsung NVR devices, remote attackers can read the MD5 password hash of the ‘admin’ account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. 2017-09-11 not yet calculated CVE-2017-14262
MISC
silverstripe — silverstripe
 
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. 2017-09-15 not yet calculated CVE-2017-14498
MISC
MISC
MISC
MISC

sophos — surfright_hitmanpro

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie. 2017-09-13 not yet calculated CVE-2017-7441
MISC
MISC

sophos — surfright_hitmanpro

 

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call. 2017-09-13 not yet calculated CVE-2017-6007
MISC
MISC

sophos — surfright_hitmanpro

 

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call. 2017-09-13 not yet calculated CVE-2017-6008
MISC
MISC
MISC
MISC
sourcebans — sourcebans
 
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. 2017-09-11 not yet calculated CVE-2015-8349
BUGTRAQ
MISC
stdu — stdu_viewer
 
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869.” 2017-09-11 not yet calculated CVE-2017-14310
MISC
stdu — stdu_viewer
 
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9.” 2017-09-11 not yet calculated CVE-2017-14295
MISC
symantec — encryption_desktop
 
Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.” 2017-09-13 not yet calculated CVE-2017-6330
BID
CONFIRM
terramaster — tos
 
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. 2017-09-15 not yet calculated CVE-2017-9328
MISC
tianchoy/blog — tianchoy/blog
 
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. 2017-09-12 not yet calculated CVE-2017-14346
MISC
tianchoy/blog — tianchoy/blog
 
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. 2017-09-12 not yet calculated CVE-2017-14345
MISC
vbulletin — vbulletin
 
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. 2017-09-15 not yet calculated CVE-2014-9463
CONFIRM
EXPLOIT-DB
vmware — esxi_and_workstation_and_fusion
 
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. 2017-09-15 not yet calculated CVE-2017-4925
BID
SECTRACK
SECTRACK
CONFIRM

vmware — esxi_and_workstation_and_fusion

 

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. 2017-09-15 not yet calculated CVE-2017-4924
BID
SECTRACK
SECTRACK
CONFIRM
vmware — vcenter_server
 
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. 2017-09-15 not yet calculated CVE-2017-4926
BID
SECTRACK
CONFIRM
wordpress — wordpress Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. 2017-09-14 not yet calculated CVE-2017-1002028
MISC
MISC
MISC
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. 2017-09-11 not yet calculated CVE-2015-8354
MISC
BUGTRAQ
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002020
MISC
MISC
MISC
wordpress — wordpress
 
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. 2017-09-11 not yet calculated CVE-2015-8351
MISC
BUGTRAQ
CONFIRM
EXPLOIT-DB
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. 2017-09-14 not yet calculated CVE-2017-1002019
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002021
MISC
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn’t require authentication or check that the user is allowed to upload content. 2017-09-14 not yet calculated CVE-2017-1002000
BID
BID
MISC
MISC
EXPLOIT-DB
wordpress — wordpress
 
The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). 2017-09-11 not yet calculated CVE-2017-14313
CONFIRM
CONFIRM
MISC
wordpress — wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/. 2017-09-11 not yet calculated CVE-2015-8350
MISC
BUGTRAQ
CONFIRM
MISC
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php. 2017-09-11 not yet calculated CVE-2015-8353
MISC
BUGTRAQ
CONFIRM
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn’t sanitize user input to prevent a stored XSS vulnerability. 2017-09-14 not yet calculated CVE-2017-1002017
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002022
MISC
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. 2017-09-14 not yet calculated CVE-2017-1002018
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. 2017-09-14 not yet calculated CVE-2017-1002015
MISC
MISC
wordpress — wordpress
 
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. 2017-09-12 not yet calculated CVE-2015-9228
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn’t sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. 2017-09-14 not yet calculated CVE-2017-1002027
MISC
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn’t check to see if the user is authenticated or that they have permission to upload files. 2017-09-14 not yet calculated CVE-2017-1002016
MISC
MISC
wordpress — wordpress
 
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. 2017-09-12 not yet calculated CVE-2015-9229
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. 2017-09-14 not yet calculated CVE-2017-1002012
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. 2017-09-14 not yet calculated CVE-2017-1002013
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn’t check that the user is authorized before injecting new contacts into the wp_contact table. 2017-09-14 not yet calculated CVE-2017-1002006
BID
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php 2017-09-14 not yet calculated CVE-2017-1002023
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. 2017-09-14 not yet calculated CVE-2017-1002014
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. 2017-09-14 not yet calculated CVE-2017-1002001
MISC
MISC
EXPLOIT-DB
wordpress — wordpress
 
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. 2017-09-14 not yet calculated CVE-2017-1002003
BID
MISC
MISC
EXPLOIT-DB
wordpress — wordpress
 
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ 2017-09-14 not yet calculated CVE-2017-1002002
BID
MISC
MISC
EXPLOIT-DB
wordpress — wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn’t sanitized via the id variable before adding it to the end of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002004
BID
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn’t sanitized via the contact_id variable before adding it to the end of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002005
BID
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. 2017-09-14 not yet calculated CVE-2017-1002025
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. 2017-09-14 not yet calculated CVE-2017-1002026
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. 2017-09-14 not yet calculated CVE-2017-1002011
MISC
MISC
wordpress — wordpress
 
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. 2017-09-12 not yet calculated CVE-2015-9230
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn’t sanitize user input via recordId in the delete_media function. 2017-09-14 not yet calculated CVE-2017-1002010
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn’t sanitize user input via recordId in the delete function. 2017-09-14 not yet calculated CVE-2017-1002009
MISC
MISC
wordpress — wordpress
 
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. 2017-09-14 not yet calculated CVE-2017-1002008
MISC
MISC
MISC
EXPLOIT-DB
wordpress — wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn’t check that the user is authorized before injecting new contacts into the wp_contact table. 2017-09-14 not yet calculated CVE-2017-1002007
BID
MISC
MISC
xen — xen
 
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). 2017-09-12 not yet calculated CVE-2017-14317
BID
SECTRACK
CONFIRM
xen — xen
 
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. 2017-09-12 not yet calculated CVE-2017-14319
BID
SECTRACK
CONFIRM
xen — xen
 
An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner’s grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct. 2017-09-12 not yet calculated CVE-2017-14318
BID
SECTRACK
CONFIRM
xen — xen
 
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. 2017-09-12 not yet calculated CVE-2017-14316
BID
SECTRACK
CONFIRM
xen — xen
 
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. 2017-09-13 not yet calculated CVE-2017-14431
CONFIRM
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010.” 2017-09-11 not yet calculated CVE-2017-14270
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at jbig2dec+0x000000000000595d.” 2017-09-11 not yet calculated CVE-2017-14272
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.” 2017-09-11 not yet calculated CVE-2017-14271
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706.” 2017-09-11 not yet calculated CVE-2017-14274
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0.” 2017-09-11 not yet calculated CVE-2017-14273
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates

Original release date: September 15, 2017

VMware has released security updates to address vulnerabilities in ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0015 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Potential Phishing Scams Related to Equifax Data Breach

Original release date: September 14, 2017 | Last revised: September 18, 2017

The Federal Trade Commission (FTC) has released an alert on phishing attacks related to the Equifax data breach. Phishing attacks try to trick message recipients into sharing sensitive information with cyber criminals. FTC warns consumers to be wary of calls or emails purporting to be from Equifax agents. Legitimate Equifax representatives will not contact consumers to ask for verification of their information.

The National Cyber Security Centre (NCSC) also released a statement on the Equifax breach, warning potential victims to be vigilant against phishing because scam emails often increase after major data breaches. Scammers can use stolen data to make phishing messages seem more credible and trick users into revealing more data.

US-CERT encourages consumers to report fraudulent calls and emails to the FTC Complaint Assistant. For more information, refer to the following resources:


This product is provided subject to this Notification and this Privacy & Use policy.

BlueBorne Bluetooth Vulnerabilities

Original release date: September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases September 2017 Security Updates

Original release date: September 12, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft’s September 2017 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates

Original release date: September 12, 2017

Adobe has released security updates to address vulnerabilities in Adobe RoboHelp, Flash Player, and ColdFusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-25, APSB17-28, and APSB17-30 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Advisories

Original release date: September 11, 2017

Cisco has released advisories describing Apache Struts 2 vulnerabilities potentially affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisories for more information:

 


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-254: Vulnerability Summary for the Week of September 4, 2017

Original release date: September 11, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ffmpeg — ffmpeg In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large “nb_index_entries” field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. 2017-09-07 7.1 CVE-2017-14170
CONFIRM
ffmpeg — ffmpeg In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large “table_entries_used” field in the header but does not contain sufficient backing data, is provided, the loop over ‘table_entries_used’ would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14171
CONFIRM
fujixerox — contentsbridge_utility Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10851
CONFIRM
JVN
fujixerox — docuworks Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10848
CONFIRM
JVN
fujixerox — docuworks Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10849
CONFIRM
JVN
gnome — gedit libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many ‘\0’ characters. 2017-09-05 7.1 CVE-2017-14108
MISC
MISC
helpdezk — helpdezk HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. 2017-09-05 7.5 CVE-2017-14145
MISC
imagemagick — imagemagick The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-09-01 7.1 CVE-2017-12691
CONFIRM
imagemagick — imagemagick The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. 2017-09-01 7.1 CVE-2017-12692
CONFIRM
imagemagick — imagemagick The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. 2017-09-01 7.1 CVE-2017-12693
CONFIRM
imagemagick — imagemagick ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. 2017-09-04 7.5 CVE-2017-14137
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. 2017-09-04 7.5 CVE-2017-14138
CONFIRM
imagemagick — imagemagick In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large “extent” field in the header but does not contain sufficient backing data, is provided, the loop over “length” would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14172
CONFIRM
CONFIRM
imagemagick — imagemagick In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large “length” field in the header but does not contain sufficient backing data, is provided, the loop over “length” would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14174
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14175
CONFIRM
CONFIRM
mcafee — security_scan_plus A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. 2017-09-01 7.5 CVE-2017-3897
CONFIRM
BID
netapp — data_ontap NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. 2017-09-01 7.5 CVE-2015-7746
CONFIRM
ntt — enkaku_support_tool Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10829
CONFIRM
MISC
JVN
rarlab — unrar unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. 2017-09-03 7.5 CVE-2017-14122
MISC
MISC
salesagility — suitecrm Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. 2017-09-06 9.3 CVE-2015-5948
MLIST
MISC
CONFIRM
CONFIRM
sap — netweaver XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. 2017-09-06 7.5 CVE-2015-7241
MISC
BUGTRAQ
BID
EXPLOIT-DB
scrapy — scrapy Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. 2017-09-05 7.8 CVE-2017-14158
MISC
MISC
simplesamlphp — simplesamlphp The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. 2017-09-01 7.5 CVE-2017-12868
CONFIRM
CONFIRM
simplesamlphp — simplesamlphp SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. 2017-09-01 7.5 CVE-2017-12873
CONFIRM
CONFIRM
technicolor — td5336_firmware Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. 2017-09-04 10.0 CVE-2017-14127
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aspl — libaxl Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. 2017-09-06 6.8 CVE-2015-3450
MLIST
BID
beaker-project — beaker XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server’s file system. 2017-09-06 4.0 CVE-2015-3160
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
beaker-project — beaker The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. 2017-09-06 4.0 CVE-2015-3163
MLIST
BID
CONFIRM
CONFIRM
bento4 — bento4 The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. 2017-09-06 4.3 CVE-2017-12474
MISC
MISC
MISC
bento4 — bento4 The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. 2017-09-06 4.3 CVE-2017-12475
MISC
MISC
MISC
bento4 — bento4 The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. 2017-09-06 4.3 CVE-2017-12476
MISC
MISC
MISC
embedthis — goahead GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a “POST / HTTP/1.1” request. 2017-09-05 5.0 CVE-2017-14149
MISC
eyesofnetwork — eonweb In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. 2017-09-03 6.5 CVE-2017-14118
MISC
eyesofnetwork — eonweb In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. 2017-09-03 6.5 CVE-2017-14119
MISC
ffmpeg — ffmpeg In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large “item_num” field such as 0xffffffff, is provided. As a result, the variable “item_num” turns negative, bypassing the check for a large value. 2017-09-07 6.8 CVE-2017-14169
CONFIRM
froxlor — froxlor Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. 2017-09-06 5.0 CVE-2015-5959
MLIST
BID
CONFIRM
gnome — evince backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a “–” command-line option substring, as demonstrated by a –checkpoint-action=exec=bash at the beginning of the filename. 2017-09-05 6.8 CVE-2017-1000083
MISC
BID
MISC
MISC
gnome — gdk-pixbuf An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2862
BID
MISC
gnome — gdk-pixbuf An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2870
BID
MISC
gnu — binutils The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. 2017-09-04 4.3 CVE-2017-14128
BID
CONFIRM
CONFIRM
gnu — binutils The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. 2017-09-04 4.3 CVE-2017-14129
BID
CONFIRM
CONFIRM
gnu — binutils The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. 2017-09-04 4.3 CVE-2017-14130
BID
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. 2017-09-01 6.8 CVE-2017-14103
MISC
MISC
helpdezk — helpdezk HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. 2017-09-05 6.5 CVE-2017-14146
MISC
honda — moto_linc Honda Moto LINC 1.6.1 does not verify SSL certificates. 2017-09-06 4.3 CVE-2015-2943
JVN
JVNDB
ibm — emptoris_strategic_supply_management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657. 2017-09-05 6.8 CVE-2017-1097
CONFIRM
MISC
ibm — inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370. 2017-09-05 4.3 CVE-2017-1129
CONFIRM
CONFIRM
MISC
EXPLOIT-DB
ibm — inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371. 2017-09-05 4.3 CVE-2017-1130
CONFIRM
BID
MISC
EXPLOIT-DB
ibm — qradar_network_security IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376. 2017-09-05 4.3 CVE-2017-1457
CONFIRM
BID
MISC
ibm — qradar_network_security IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. 2017-09-05 5.5 CVE-2017-1458
CONFIRM
BID
MISC
ibm — qradar_network_security IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689. 2017-09-05 5.0 CVE-2017-1491
CONFIRM
MISC
imagemagick — imagemagick ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. 2017-09-04 6.8 CVE-2017-14139
CONFIRM
imagemagick — imagemagick In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation “GetQuantumRange(depth)+1” when “depth” is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large “max_value” value. 2017-09-07 4.3 CVE-2017-14173
CONFIRM
CONFIRM
jasper_project — jasper JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. 2017-09-04 4.3 CVE-2017-14132
MISC
ledger-cli — ledger An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2807
BID
MISC
ledger-cli — ledger An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2808
BID
MISC
lexmark — perceptive_document_filters An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. 2017-09-05 6.8 CVE-2017-2821
BID
MISC
lexmark — perceptive_document_filters An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2822
BID
MISC
libarchive — libarchive libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. 2017-09-06 4.3 CVE-2017-14166
MISC
MISC
libzip_project — libzip The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. 2017-09-01 4.3 CVE-2017-14107
MISC
MISC
linux — linux_kernel The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. 2017-09-01 4.9 CVE-2017-14106
CONFIRM
CONFIRM
CONFIRM
mcafee — livesafe A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. 2017-09-01 4.3 CVE-2017-3898
CONFIRM
mimedefang — mimedefang MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command, as demonstrated by the init-script.in and mimedefang-init.in scripts. 2017-09-01 4.6 CVE-2017-14102
MISC
MISC
netapp — clustered_data_ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. 2017-09-01 6.5 CVE-2017-12421
CONFIRM
netapp — clustered_data_ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. 2017-09-01 4.0 CVE-2017-12423
CONFIRM
netapp — data_ontap NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. 2017-09-01 4.0 CVE-2016-1895
CONFIRM
netapp — oncommand_unified_manager_for_clustered_data_ontap NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. 2017-09-01 5.0 CVE-2017-14053
CONFIRM
opencv — opencv OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. 2017-09-04 4.3 CVE-2017-14136
MISC
MISC
MISC
openjpeg — openjpeg An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. 2017-09-05 6.8 CVE-2017-14151
BID
MISC
MISC
MISC
openjpeg — openjpeg A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. 2017-09-05 6.8 CVE-2017-14152
MISC
MISC
MISC
qemu — qemu Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. 2017-09-01 5.0 CVE-2017-13711
MLIST
BID
CONFIRM
MLIST
rarlab — unrar unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. 2017-09-03 5.0 CVE-2017-14120
MISC
MISC
rarlab — unrar The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive. 2017-09-03 6.8 CVE-2017-14121
MISC
MISC
simplesamlphp — infocard_module The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. 2017-09-01 5.0 CVE-2017-12874
CONFIRM
simplesamlphp — simplesamlphp The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. 2017-09-01 5.0 CVE-2017-12869
CONFIRM
simplesamlphp — simplesamlphp SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. 2017-09-01 4.3 CVE-2017-12870
CONFIRM
simplesamlphp — simplesamlphp The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). 2017-09-01 4.3 CVE-2017-12871
CONFIRM
CONFIRM
simplesamlphp — simplesamlphp The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. 2017-09-01 4.3 CVE-2017-12872
CONFIRM
suitecrm — suitecrm SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. 2017-09-06 6.8 CVE-2015-5947
MLIST
CONFIRM
CONFIRM
CONFIRM
vulcanjs — vulcan TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. 2017-09-06 5.0 CVE-2015-3454
MLIST
BID
CONFIRM
MISC
xnau — participants_database The Participants Database plugin before 1.7.5.10 for WordPress has XSS. 2017-09-04 4.3 CVE-2017-14126
MISC
CONFIRM
EXPLOIT-DB

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
beaker-project — beaker The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. 2017-09-06 3.5 CVE-2015-3161
MLIST
BID
CONFIRM
MISC
CONFIRM
beaker-project — beaker Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked cancelled job. 2017-09-06 3.5 CVE-2015-3162
MLIST
BID
CONFIRM
MISC
CONFIRM
linux — linux_kernel The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn’t check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. 2017-09-05 2.1 CVE-2017-14140
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. 2017-09-05 2.1 CVE-2017-14156
BID
MISC
MISC
MISC
qemu — qemu QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. 2017-09-01 2.1 CVE-2017-13672
MLIST
BID
CONFIRM
MLIST

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
anchor-cms — anchor-cms
 
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. 2017-09-07 not yet calculated CVE-2015-5060
CONFIRM
apache — hadoop
 
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. 2017-09-05 not yet calculated CVE-2016-3086
MLIST
BID
apache_directory — ldap_api
 
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors. 2017-09-07 not yet calculated CVE-2015-3250
CONFIRM
MLIST
MLIST
CONFIRM
askbot — askbot
 
Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. 2017-09-07 not yet calculated CVE-2015-3169
MLIST
BID
CONFIRM
asterisk — asterisk In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an “externnotify” program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. 2017-09-02 not yet calculated CVE-2017-14100
CONFIRM
SECTRACK
CONFIRM
CONFIRM
asterisk — asterisk
 
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. 2017-09-02 not yet calculated CVE-2017-14098
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
asterisk — asterisk
 
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The “strictrtp” option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The “nat” and “rtp_symmetric” options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. 2017-09-02 not yet calculated CVE-2017-14099
CONFIRM
SECTRACK
CONFIRM
CONFIRM
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports. 2017-09-03 not yet calculated CVE-2017-10793
BID
MISC
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with “nc -l” support. 2017-09-03 not yet calculated CVE-2017-14116
BID
MISC
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a “Terminal shell v1.0” service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. 2017-09-03 not yet calculated CVE-2017-14115
BID
MISC
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. 2017-09-03 not yet calculated CVE-2017-14117
BID
MISC
MISC
azeotech — daqfactory
 
An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. 2017-09-08 not yet calculated CVE-2017-5147
BID
MISC
azeotech — daqfactory
 
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. 2017-09-08 not yet calculated CVE-2017-12699
BID
MISC
centreon — centreon
 
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1. 2017-09-07 not yet calculated CVE-2015-7672
MISC
cisco — asyncos_software_for_cisco_security_appliances A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533. 2017-09-07 not yet calculated CVE-2017-12218
SECTRACK
CONFIRM
cisco — emergency_responder
 
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973. 2017-09-07 not yet calculated CVE-2017-12227
BID
SECTRACK
CONFIRM
cisco — firepower_management_center
 
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc50771. 2017-09-07 not yet calculated CVE-2017-12220
BID
CONFIRM
cisco — firepower_management_center

 

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system. Cisco Bug IDs: CSCvc38983. 2017-09-07 not yet calculated CVE-2017-12221
BID
CONFIRM
cisco — gprs_tunneling_protocol
 
A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119. 2017-09-07 not yet calculated CVE-2017-12217
BID
SECTRACK
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device. Known Affected Releases: Denali-16.3.1. Cisco Bug IDs: CSCvb14640. 2017-09-07 not yet calculated CVE-2017-12211
BID
SECTRACK
CONFIRM
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506. 2017-09-07 not yet calculated CVE-2017-6627
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949. 2017-09-07 not yet calculated CVE-2017-6796
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751. 2017-09-07 not yet calculated CVE-2017-12213
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783. 2017-09-07 not yet calculated CVE-2017-6795
BID
SECTRACK
CONFIRM
cisco — iot_field_network_director A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164. 2017-09-07 not yet calculated CVE-2017-6780
BID
CONFIRM
cisco — ir800_integrated_services_router_software
 
A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027. 2017-09-07 not yet calculated CVE-2017-12223
SECTRACK
CONFIRM
cisco — meeting server
 
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873. 2017-09-07 not yet calculated CVE-2017-12224
BID
SECTRACK
CONFIRM
cisco — meeting_server
 
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830. 2017-09-07 not yet calculated CVE-2017-6794
BID
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning_tool
 
A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932. 2017-09-07 not yet calculated CVE-2017-6793
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning_tool
 
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766. 2017-09-07 not yet calculated CVE-2017-6792
BID
SECTRACK
CONFIRM
cisco — prime_lan_management_solution
 
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user’s administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user’s session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392. 2017-09-07 not yet calculated CVE-2017-12225
SECTRACK
CONFIRM
CONFIRM
cisco — socialminer
 
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. 2017-09-07 not yet calculated CVE-2017-12216
BID
SECTRACK
CONFIRM
cisco — unified_intelligence_center
 
A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905. 2017-09-07 not yet calculated CVE-2017-6791
BID
SECTRACK
CONFIRM
CONFIRM
cisco — unified_intelligence_center
 
A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325. 2017-09-07 not yet calculated CVE-2017-6789
BID
SECTRACK
CONFIRM
CONFIRM
cisco — unity_connection
 
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user’s browser in the context of an affected site. Known Affected Releases 10.5(2). Cisco Bug IDs: CSCvf25345. 2017-09-07 not yet calculated CVE-2017-12212
BID
SECTRACK
CONFIRM
CONFIRM
cisco — yes_set-top_boxes
 
A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812. 2017-09-07 not yet calculated CVE-2017-6631
BID
CONFIRM
concrete5 — concrete5
 
SQL injection vulnerability in Concrete5 5.7.3.1. 2017-09-07 not yet calculated CVE-2015-4724
MISC
concrete5 — concrete5
 
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. 2017-09-07 not yet calculated CVE-2015-4721
MISC
d-link — dir-600l
 
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. 2017-09-07 not yet calculated CVE-2016-10405
CONFIRM
dayrui — finecms
 
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. 2017-09-07 not yet calculated CVE-2017-14192
MISC
dayrui — finecms
 
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. 2017-09-07 not yet calculated CVE-2017-14194
MISC
dayrui — finecms
 
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. 2017-09-07 not yet calculated CVE-2017-14193
MISC
dayrui — finecms
 
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. 2017-09-07 not yet calculated CVE-2017-14195
MISC
devscripts — devscripts
 
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. 2017-09-06 not yet calculated CVE-2015-5705
FEDORA
FEDORA
MLIST
CONFIRM
CONFIRM
CONFIRM
diving_log — diving_log
 
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. 2017-09-08 not yet calculated CVE-2017-9095
MISC
django — django
 
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn’t affect most production sites since you shouldn’t run with “DEBUG = True” (which makes this page accessible) in your production settings. 2017-09-07 not yet calculated CVE-2017-12794
BID
SECTRACK
CONFIRM
epicor_crs — retail_store
 
The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. 2017-09-06 not yet calculated CVE-2015-2210
MISC
BUGTRAQ
etherpad — etherpad
 
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. 2017-09-07 not yet calculated CVE-2015-4085
MLIST
CONFIRM
ffmpeg — ffmpeg In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large “ict” field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14223
CONFIRM
ffmpeg — ffmpeg
 
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) 2017-09-09 not yet calculated CVE-2017-14225
MISC
MISC
ffmpeg — ffmpeg
 
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large “item_count” field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14222
CONFIRM
fiberhome — user_end_routers_an1020-25
 
An issue was discovered on FiberHome User End Routers bearing model number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. 2017-09-07 not yet calculated CVE-2017-14147
MISC
glibc — glibc
 
The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation. 2017-09-07 not yet calculated CVE-2017-12133
FEDORA
CONFIRM
CONFIRM
gongjin_electronics — t&w_wifi_repeater_be126
 
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. 2017-09-07 not yet calculated CVE-2017-13713
MISC
EXPLOIT-DB
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. 2017-09-08 not yet calculated CVE-2017-0758
BID
CONFIRM
google — android A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. 2017-09-08 not yet calculated CVE-2017-0753
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. 2017-09-08 not yet calculated CVE-2017-0773
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. 2017-09-08 not yet calculated CVE-2017-0769
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. 2017-09-08 not yet calculated CVE-2017-0786
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. 2017-09-08 not yet calculated CVE-2017-0771
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. 2017-09-08 not yet calculated CVE-2017-0757
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. 2017-09-08 not yet calculated CVE-2017-0779
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103. 2017-09-08 not yet calculated CVE-2017-0788
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. 2017-09-08 not yet calculated CVE-2017-0777
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477. 2017-09-08 not yet calculated CVE-2017-0803
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. 2017-09-08 not yet calculated CVE-2017-0761
BID
CONFIRM
google — android A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. 2017-09-08 not yet calculated CVE-2017-0792
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. 2017-09-08 not yet calculated CVE-2017-0759
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480. 2017-09-08 not yet calculated CVE-2017-0795
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854. 2017-09-08 not yet calculated CVE-2017-0797
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844. 2017-09-08 not yet calculated CVE-2017-0774
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. 2017-09-08 not yet calculated CVE-2017-0798
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887. 2017-09-08 not yet calculated CVE-2017-0796
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. 2017-09-08 not yet calculated CVE-2017-0793
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072. 2017-09-08 not yet calculated CVE-2017-0799
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076. 2017-09-08 not yet calculated CVE-2017-0772
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818. 2017-09-08 not yet calculated CVE-2017-0802
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992. 2017-09-08 not yet calculated CVE-2017-0768
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. 2017-09-08 not yet calculated CVE-2017-0800
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101. 2017-09-08 not yet calculated CVE-2017-0790
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. 2017-09-08 not yet calculated CVE-2017-0778
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812. 2017-09-08 not yet calculated CVE-2017-0770
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. 2017-09-08 not yet calculated CVE-2017-0794
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980. 2017-09-08 not yet calculated CVE-2017-0801
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. 2017-09-08 not yet calculated CVE-2017-0776
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102. 2017-09-08 not yet calculated CVE-2017-0789
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179. 2017-09-08 not yet calculated CVE-2017-0775
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407. 2017-09-08 not yet calculated CVE-2017-0767
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. 2017-09-08 not yet calculated CVE-2017-0764
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. 2017-09-08 not yet calculated CVE-2017-0762
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688. 2017-09-08 not yet calculated CVE-2017-0766
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. 2017-09-08 not yet calculated CVE-2017-0763
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. 2017-09-08 not yet calculated CVE-2017-0765
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. 2017-09-08 not yet calculated CVE-2017-0791
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. 2017-09-08 not yet calculated CVE-2017-0760
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. 2017-09-08 not yet calculated CVE-2017-0784
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. 2017-09-08 not yet calculated CVE-2017-0752
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. 2017-09-08 not yet calculated CVE-2017-0756
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. 2017-09-08 not yet calculated CVE-2017-0755
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976. 2017-09-08 not yet calculated CVE-2017-0780
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104. 2017-09-08 not yet calculated CVE-2017-0787
BID
CONFIRM
graphicsmagick — graphicsmagick
 
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. 2017-09-06 not yet calculated CVE-2017-14165
MISC
MISC
huawei — e5756s
 
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. 2017-09-07 not yet calculated CVE-2015-4629
BID
CONFIRM
ibm — content_navigator_&_cmis
 
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577. 2017-09-07 not yet calculated CVE-2017-1502
CONFIRM
MISC
ibm — emptoris_supplier_lifecycle_management
 
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. 2017-09-07 not yet calculated CVE-2017-1098
CONFIRM
MISC
ibm — flex_system
 
Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. 2017-09-07 not yet calculated CVE-2014-9565
BID
CONFIRM
ibm — websphere_portal_web_content_manager
 
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. 2017-09-07 not yet calculated CVE-2017-1189
CONFIRM
SECTRACK
MISC
idapauth-fork — idapauth-fork
 
Idapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username. 2017-09-06 not yet calculated CVE-2015-7294
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. 2017-09-08 not yet calculated CVE-2017-14224
CONFIRM
intel — firmware_for_multiple_products
 
Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 can be upgraded to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. 2017-09-05 not yet calculated CVE-2017-5698
CONFIRM
intelbras — wireless_n_router_firmware
 
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an “airbase-ng -e” command. 2017-09-07 not yet calculated CVE-2017-14219
MISC
EXPLOIT-DB
jasper — jasper
 
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of JasPer 2.0.13. It will lead to a remote denial of service attack. 2017-09-09 not yet calculated CVE-2017-14229
MISC
joomla! — joomla!
 
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php. 2017-09-07 not yet calculated CVE-2013-7428
FULLDISC
CONFIRM
MLIST
MLIST
joomla! — joomla!
 
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. 2017-09-08 not yet calculated CVE-2017-2550
MISC
kamailio — kamailio
 
The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. 2017-09-07 not yet calculated CVE-2015-1590
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
lexmark — scan_to_network
 
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. 2017-09-07 not yet calculated CVE-2017-13771
MISC
FULLDISC
libgd2 — libgd2
 
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. 2017-09-07 not yet calculated CVE-2017-6362
DEBIAN
CONFIRM
CONFIRM
FEDORA
libwpd — libwpd
 
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. 2017-09-09 not yet calculated CVE-2017-14226
MISC
MISC
MISC
MISC
MISC
MISC
lightdm — lightdm
 
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address. 2017-09-06 not yet calculated CVE-2015-8316
MLIST
CONFIRM
CONFIRM
linux — linux_kernel
 
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. 2017-09-08 not yet calculated CVE-2017-12146
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The mkdumprd script called “dracut” in the current working directory “.” allows local users to trick the administrator into executing code as root. 2017-09-08 not yet calculated CVE-2016-5759
SUSE
MLIST
linux — linux_kernel
 
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. 2017-09-06 not yet calculated CVE-2015-5186
MLIST
BID
CONFIRM
CONFIRM
mediatek — mediatek A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487. 2017-09-08 not yet calculated CVE-2017-0804
BID
CONFIRM
mongodb — libbson
 
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. 2017-09-09 not yet calculated CVE-2017-14227
MISC
MISC
MISC
mongoose_web_server — mongoose_web_server
 
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. 2017-09-07 not yet calculated CVE-2017-11567
MISC
FULLDISC
EXPLOIT-DB
mp3gain — mp3gain
 
The “mpglibDBL/layer3.c” file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. 2017-09-07 not yet calculated CVE-2017-12912
MISC
mp3gain — mp3gain
 
The “apetag.c” file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. 2017-09-07 not yet calculated CVE-2017-12911
MISC
mp4tools — aacplusenc
 
DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference. 2017-09-07 not yet calculated CVE-2017-14181
MISC
MISC
nasm — nasm In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. 2017-09-09 not yet calculated CVE-2017-14228
MISC
national_instruments — labview
 
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. 2017-09-05 not yet calculated CVE-2017-2779
CONFIRM
BID
MISC
MISC
nexsusphp — nexsusphp
 
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. 2017-09-07 not yet calculated CVE-2017-12838
MISC
nexsusphp — nexsusphp
 
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. 2017-09-07 not yet calculated CVE-2017-12906
MISC
MISC
ocaml — ocaml
 
OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 “but with much less impact.” 2017-09-07 not yet calculated CVE-2017-9779
CONFIRM
MLIST
opendreambox — opendreambox
 
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI. 2017-09-04 not yet calculated CVE-2017-14135
MISC
openjpeg — openjpeg
 
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. 2017-09-06 not yet calculated CVE-2017-14164
MISC
MISC
MISC
openldap — openldap
 
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command, as demonstrated by openldap-initscript. 2017-09-05 not yet calculated CVE-2017-14159
MISC
opw_fuel_management_systems — sitesentinel_integra_consoles

 

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. 2017-09-08 not yet calculated CVE-2017-12733
BID
MISC
opw_fuel_management_systems — sitesentinel_integra_consoles
 
A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client. 2017-09-08 not yet calculated CVE-2017-12731
BID
MISC
ossec — ossec
 
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. 2017-09-07 not yet calculated CVE-2015-3222
MISC
MLIST
BID
CONFIRM
palo_alto — pan-os Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. 2017-09-07 not yet calculated CVE-2017-12416
CONFIRM
BID
SECTRACK
palo_alto — pan_os
 
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. 2017-09-07 not yet calculated CVE-2017-9458
CONFIRM
BID
SECTRACK
pivotal — cloud_foundry
 
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. 2017-09-07 not yet calculated CVE-2016-0732
CONFIRM
pivotal — cloud_foundry
 
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system. 2017-09-08 not yet calculated CVE-2017-8040
BID
CONFIRM
pivotal — cloud_foundry
 
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. 2017-09-08 not yet calculated CVE-2017-8041
BID
CONFIRM
pragyan — pragyan
 
SQL injection vulnerability in Pragyan CMS 3.0. 2017-09-07 not yet calculated CVE-2015-4627
MISC
qemu — qemu
 
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. 2017-09-08 not yet calculated CVE-2017-14167
MLIST
MLIST
qtwebkit — qt5
 
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. 2017-09-07 not yet calculated CVE-2015-8079
MLIST
CONFIRM
CONFIRM
ruby — ruby
 
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. 2017-09-06 not yet calculated CVE-2014-6438
MLIST
SECTRACK
CONFIRM
CONFIRM
safrengo — safrengo
 
SQL injection vulnerability in Sefrengo before 1.6.5 beta2. 2017-09-07 not yet calculated CVE-2015-5052
CONFIRM
simple-php-captcha — simple-php-captcha
 
simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. 2017-09-06 not yet calculated CVE-2015-6250
MLIST
CONFIRM
CONFIRM
soreco — xpert_line
 
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. 2017-09-07 not yet calculated CVE-2015-3442
MISC
FULLDISC
BUGTRAQ
BID
MISC
spina — spina
 
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. 2017-09-07 not yet calculated CVE-2015-4619
MLIST
BID
MISC
strongswan — strongswan
 
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. 2017-09-07 not yet calculated CVE-2015-3991
FEDORA
FEDORA
BID
CONFIRM
CONFIRM
svn-workbench — svn-workbench
 
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the “Command Shell” menu item while in the directory trunk/$(xeyes). 2017-09-06 not yet calculated CVE-2015-0853
MISC
MLIST
MISC
MISC
CONFIRM
symantec — proxyclient
 
Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. 2017-09-01 not yet calculated CVE-2017-13674
BID
CONFIRM
synology — photo_station Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. 2017-09-08 not yet calculated CVE-2017-12071
CONFIRM
synology — photo_station
 
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. 2017-09-08 not yet calculated CVE-2017-11162
CONFIRM
synology — photo_station
 
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. 2017-09-08 not yet calculated CVE-2017-11161
CONFIRM
tinfoil — devise-two-factor
 
Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not “burn” a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user’s login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step. 2017-09-06 not yet calculated CVE-2015-7225
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
wibu_systems — codemeter
 
Cross-site scripting (XSS) vulnerability in the “advanced settings – time server” module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the “server name” field in actions/ChangeConfiguration.html. 2017-09-07 not yet calculated CVE-2017-13754
FULLDISC
BUGTRAQ
EXPLOIT-DB
MISC
wolf_cms — wolf_cms
 
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a “create-file-popup” action, and the directory name in a “create-directory-popup” action, in the HTTP POST method to the “/plugin/file_manager/” script (aka an /admin/plugin/file_manager/browse// URI). 2017-09-08 not yet calculated CVE-2017-11611
MISC
wordpress — wordpress
 
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. 2017-09-07 not yet calculated CVE-2017-9834
MISC
EXPLOIT-DB
wordpress — wordpress
 
Cross-site request forgery (CSRF) vulnerability in Google Analyticator WordPress Plugin before 6.4.9.3 rev @1183563. 2017-09-07 not yet calculated CVE-2015-4697
MLIST
MLIST
BID
MISC
MISC
wordpress — wordpress
 
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. 2017-09-07 not yet calculated CVE-2015-3314
MISC
MLIST
MLIST
BID
CONFIRM
EXPLOIT-DB
wordpress — wordpress
 
SQL injection vulnerability in WordPress Community Events plugin before 1.4. 2017-09-07 not yet calculated CVE-2015-3313
MISC
MLIST
MLIST
BID
CONFIRM
EXPLOIT-DB
yast — yast
 
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks. 2017-09-08 not yet calculated CVE-2011-3177
CONFIRM
CONFIRM
zoho — manageengine_firewall_analyzer
 
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the “Group Chat” section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. 2017-09-04 not yet calculated CVE-2017-14123
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Hurricane-Related Scams

Original release date: September 08, 2017

As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.

To avoid becoming a victim of fraudulent activity, users and administrators should consider taking the following preventive measures:


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

Original release date: September 06, 2017

Google has released Chrome version 61.0.3163.79 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Apache Software Foundation Releases Security Update

Original release date: September 06, 2017

The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Apache Security Bulletin and upgrade to Struts 2.5.13.


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-247: Vulnerability Summary for the Week of August 28, 2017

Original release date: September 04, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arubanetworks — clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. 2017-08-29 9.0 CVE-2015-3653
CONFIRM
arubanetworks — clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. 2017-08-29 9.0 CVE-2015-3654
CONFIRM
arubanetworks — clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. 2017-08-29 9.0 CVE-2015-4649
CONFIRM
BID
barracuda — load_balancer Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. 2017-08-28 7.5 CVE-2014-8426
MISC
FULLDISC
barracuda — load_balancer Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. 2017-08-28 7.5 CVE-2014-8428
MISC
FULLDISC
basercms — basercms SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2017-08-28 7.5 CVE-2017-10842
JVN
MISC
canonical — ubuntu_linux GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. 2017-08-25 7.1 CVE-2014-9637
CONFIRM
FEDORA
FEDORA
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
canonical — ubuntu_linux Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. 2017-08-25 7.2 CVE-2015-1324
BID
UBUNTU
CONFIRM
canonical — ubuntu_linux Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. 2017-08-25 7.8 CVE-2015-1395
FEDORA
FEDORA
MLIST
BID
UBUNTU
MISC
CONFIRM
CONFIRM
CONFIRM
crushftp — crushftp CrushFTP 8.x before 8.2.0 has a serialization vulnerability. 2017-08-30 7.5 CVE-2017-14035
CONFIRM
gnu — binutils The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). 2017-08-28 7.1 CVE-2017-13716
MISC
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. 2017-08-30 7.1 CVE-2017-13775
CONFIRM
MISC
BID
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c “Read hex image data” version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. 2017-08-30 7.1 CVE-2017-13776
CONFIRM
MISC
BID
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c “Read hex image data” version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. 2017-08-30 7.1 CVE-2017-13777
CONFIRM
MISC
BID
imagemagick — imagemagick The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. 2017-08-29 7.1 CVE-2017-12875
CONFIRM
kamailio — kamailio Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. 2017-08-29 7.5 CVE-2013-7426
MLIST
BID
CONFIRM
kaspersky — kaspersky_internet_security In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. 2017-08-25 7.5 CVE-2017-12816
BID
CONFIRM
moj.go — commercial_registration_electronic_authentication_software Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system “The CRCA user’s Software” Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-10831
MISC
JVN
nippon-antenna — scr02hd_firmware “Dokodemo eye Smart HD” SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-08-28 10.0 CVE-2017-10832
MISC
JVN
ntt — flets_azukuu_pc_automatic_backup_tool Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-10827
MISC
JVN
ntt — flets_install_tool Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-10828
MISC
JVN
ntt — flets_setsuzoku_tool Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-2242
MISC
JVN
ntt — security_kinou_mihariban Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-10826
MISC
JVN
ntt — security_setup_tool Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-10830
MISC
JVN
nttdocomo — photo_collection_pc_software Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-10812
JVN
optim — optimal_guard Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-28 9.3 CVE-2017-10836
JVN
MISC
smartcms — smartcms Multiple SQL injection vulnerabilities in SmartCMS v.2. 2017-08-28 7.5 CVE-2014-9558
MISC
FULLDISC
BID
spidercontrol — scada_microbrowser A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. 2017-08-25 7.5 CVE-2017-12707
BID
MISC
wireshark — wireshark In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. 2017-08-30 7.8 CVE-2017-13767
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
xymon — xymon Buffer overflow in xymon 4.3.17-1. 2017-08-28 7.5 CVE-2015-1430
MLIST

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. 2017-08-30 6.8 CVE-2017-12704
BID
MISC
apache — atlas Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. 2017-08-29 5.0 CVE-2016-8752
MLIST
apache — atlas Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. 2017-08-29 4.3 CVE-2017-3150
BID
MLIST
apache — atlas Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. 2017-08-29 4.3 CVE-2017-3151
BID
MLIST
apache — atlas Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. 2017-08-29 4.3 CVE-2017-3152
BID
MLIST
apache — atlas Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. 2017-08-29 4.3 CVE-2017-3153
BID
MLIST
apache — atlas Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. 2017-08-29 5.0 CVE-2017-3154
MLIST
apache — atlas Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. 2017-08-29 4.3 CVE-2017-3155
MLIST
arubanetworks — clearpass Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. 2017-08-29 6.8 CVE-2015-3655
CONFIRM
arubanetworks — clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. 2017-08-29 6.5 CVE-2015-3656
CONFIRM
arubanetworks — clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain “Super Admin” privileges via unspecified vectors. 2017-08-29 6.5 CVE-2015-3657
CONFIRM
basercms — basercms baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the “File” field is being used in the mail form. 2017-08-28 6.4 CVE-2017-10843
JVN
MISC
basercms — basercms baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. 2017-08-28 6.5 CVE-2017-10844
JVN
MISC
blackcat-cms — blackcat_cms In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. 2017-08-31 4.0 CVE-2017-13670
MISC
blackcat-cms — blackcat_cms BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. 2017-08-31 6.5 CVE-2017-14048
MISC
blackcat-cms — blackcat_cms In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. 2017-08-31 6.5 CVE-2017-14050
MISC
bmc — footprints_service_core Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. 2017-08-28 4.3 CVE-2014-9514
BUGTRAQ
c.p.sub_project — c.p.sub Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. 2017-08-29 4.3 CVE-2017-12856
CONFIRM
canonical — ubuntu_linux Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. 2017-08-25 6.9 CVE-2015-1325
MLIST
BID
UBUNTU
EXPLOIT-DB
coremail — coremail_xt Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. 2017-08-29 4.3 CVE-2015-6942
FULLDISC
crushftp — crushftp CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. 2017-08-30 4.3 CVE-2017-14036
CONFIRM
CONFIRM
crushftp — crushftp CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. 2017-08-30 4.3 CVE-2017-14037
CONFIRM
CONFIRM
crushftp — crushftp CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. 2017-08-30 5.8 CVE-2017-14038
CONFIRM
CONFIRM
cybozu — garoon Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu’s edit function via specially crafted input 2017-08-28 4.0 CVE-2017-2254
JVN
CONFIRM
cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. 2017-08-28 4.3 CVE-2017-2257
JVN
CONFIRM
cybozu — garoon Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API “WorkflowHandleApplications”. 2017-08-28 4.0 CVE-2017-2258
JVN
CONFIRM
exponentcms — exponent_cms Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. 2017-08-28 4.3 CVE-2015-1177
MISC
BUGTRAQ
BID
ffmpeg — ffmpeg Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. 2017-08-28 5.0 CVE-2012-2805
MISC
CONFIRM
finecms_project — finecms controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. 2017-08-25 4.3 CVE-2017-13697
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. 2017-08-30 4.3 CVE-2017-13778
MISC
gnu — binutils The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. 2017-08-27 5.0 CVE-2017-13710
BID
CONFIRM
gnu — binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. 2017-08-29 4.3 CVE-2017-13757
BID
CONFIRM
CONFIRM
gnu — emacs Emacs 24.4 allows remote attackers to bypass security restrictions. 2017-08-28 5.0 CVE-2014-9483
MLIST
XF
CONFIRM
gnu — ncurses There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13728
MISC
gnu — ncurses There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13729
MISC
gnu — ncurses There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13730
MISC
gnu — ncurses There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13731
MISC
gnu — ncurses There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13732
MISC
gnu — ncurses There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13733
MISC
gnu — ncurses There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13734
MISC
good — good_for_enterprise Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. 2017-08-28 4.3 CVE-2014-4925
MISC
FULLDISC
XF
graphicsmagick — graphicsmagick There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13736
BID
MISC
graphicsmagick — graphicsmagick There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13737
MISC
MISC
graphicsmagick — graphicsmagick A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. 2017-08-30 4.3 CVE-2017-14042
MISC
BID
MISC
htacg — tidy In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. 2017-08-25 5.0 CVE-2017-13692
BID
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579. 2017-08-29 4.3 CVE-2017-1427
CONFIRM
MISC
ibm — cognos_analytics IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583. 2017-08-29 5.8 CVE-2017-1428
CONFIRM
MISC
ibm — curam_social_program_management IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915. 2017-08-28 4.0 CVE-2017-1110
CONFIRM
MISC
ibm — curam_social_program_management IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. 2017-08-29 5.8 CVE-2017-1195
CONFIRM
MISC
ibm — emptoris_services_procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105. 2017-08-30 6.5 CVE-2017-1440
CONFIRM
BID
MISC
ibm — emptoris_services_procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107. 2017-08-30 6.8 CVE-2017-1442
CONFIRM
BID
MISC
ibm — emptoris_services_procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109. 2017-08-30 4.3 CVE-2017-1443
CONFIRM
BID
MISC
ibm — en6131_firmware CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. 2017-08-25 4.3 CVE-2014-9564
BID
CONFIRM
ibm — sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. 2017-08-29 6.0 CVE-2016-0354
CONFIRM
SECTRACK
MISC
ibm — sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. 2017-08-29 4.0 CVE-2016-0355
CONFIRM
SECTRACK
MISC
ibm — sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. 2017-08-29 4.0 CVE-2016-0356
CONFIRM
SECTRACK
MISC
ibm — sametime IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. 2017-08-29 4.0 CVE-2016-0358
CONFIRM
BID
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803. 2017-08-29 4.0 CVE-2016-10503
CONFIRM
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. 2017-08-29 4.0 CVE-2016-2959
CONFIRM
SECTRACK
MISC
ibm — sametime IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813. 2017-08-29 5.0 CVE-2016-2964
CONFIRM
BID
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. 2017-08-29 4.3 CVE-2016-2965
CONFIRM
SECTRACK
MISC
ibm — sametime IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. 2017-08-29 4.0 CVE-2016-2966
CONFIRM
BID
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. 2017-08-29 4.0 CVE-2016-2969
CONFIRM
SECTRACK
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. 2017-08-29 4.0 CVE-2016-2976
CONFIRM
BID
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. 2017-08-29 4.0 CVE-2016-2977
CONFIRM
SECTRACK
MISC
ibm — sametime The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993. 2017-08-29 6.8 CVE-2016-2980
CONFIRM
BID
MISC
ibm — urbancode_deploy Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. 2017-08-28 6.8 CVE-2014-8900
CONFIRM
BID
imagemagick — imagemagick Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. 2017-08-28 4.3 CVE-2017-12876
MLIST
MISC
CONFIRM
imagemagick — imagemagick Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. 2017-08-28 4.3 CVE-2017-12877
MLIST
MISC
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. 2017-08-29 4.3 CVE-2017-13758
SECTRACK
CONFIRM
imagemagick — imagemagick Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. 2017-08-30 4.3 CVE-2017-13768
BID
CONFIRM
imagemagick — imagemagick The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. 2017-08-30 4.3 CVE-2017-13769
CONFIRM
jasper_project — jasper There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13745
BID
MISC
jasper_project — jasper There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13746
BID
MISC
jasper_project — jasper There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13747
BID
MISC
jasper_project — jasper There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13748
BID
MISC
jasper_project — jasper There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13749
BID
MISC
jasper_project — jasper There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13750
BID
MISC
jasper_project — jasper There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13751
BID
MISC
jasper_project — jasper There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13752
BID
MISC
kaspersky — kaspersky_internet_security In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. 2017-08-25 5.0 CVE-2017-12817
BID
CONFIRM
lame_project — lame NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. 2017-08-28 5.0 CVE-2017-13712
BID
MISC
libfpx_project — libfpx Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. 2017-08-28 4.3 CVE-2017-12919
MLIST
MISC
libfpx_project — libfpx CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. 2017-08-28 4.3 CVE-2017-12920
MLIST
MISC
libfpx_project — libfpx PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. 2017-08-28 4.3 CVE-2017-12921
MLIST
MISC
libfpx_project — libfpx wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. 2017-08-28 4.3 CVE-2017-12922
MLIST
MISC
libfpx_project — libfpx OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. 2017-08-28 4.3 CVE-2017-12923
MLIST
MISC
libfpx_project — libfpx CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. 2017-08-28 4.3 CVE-2017-12924
MLIST
MISC
libfpx_project — libfpx Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. 2017-08-28 4.3 CVE-2017-12925
MLIST
MISC
libgig0 — libgig The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. 2017-08-28 4.3 CVE-2017-12950
FULLDISC
libgig0 — libgig The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file. 2017-08-28 4.3 CVE-2017-12951
FULLDISC
libgig0 — libgig The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. 2017-08-28 4.3 CVE-2017-12952
FULLDISC
libgig0 — libgig The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. 2017-08-28 4.3 CVE-2017-12953
FULLDISC
libgig0 — libgig The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. 2017-08-28 4.3 CVE-2017-12954
FULLDISC
libhtp_project — libhtp libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). 2017-08-28 5.0 CVE-2015-0928
BID
MISC
liblouis — liblouis There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. 2017-08-29 6.8 CVE-2017-13738
MISC
liblouis — liblouis There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. 2017-08-29 6.8 CVE-2017-13739
MISC
liblouis — liblouis There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. 2017-08-29 6.8 CVE-2017-13740
MISC
liblouis — liblouis There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13741
MISC
liblouis — liblouis There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13742
MISC
liblouis — liblouis There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13743
MISC
liblouis — liblouis There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. 2017-08-29 4.3 CVE-2017-13744
MISC
libraw — libraw There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. 2017-08-29 5.0 CVE-2017-13735
MISC
libtiff — libtiff There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13726
MISC
BID
libtiff — libtiff There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. 2017-08-29 4.3 CVE-2017-13727
MISC
BID
linux — linux_kernel An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. 2017-08-31 4.9 CVE-2017-14051
BID
MISC
MISC
linux — linux_kernel The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 4.9 CVE-2017-13693
BID
MISC
MISC
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. 2017-08-28 4.3 CVE-2015-2046
MLIST
MLIST
CONFIRM
mapsplugin — googlemaps Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter. 2017-08-28 4.3 CVE-2013-7430
CONFIRM
MLIST
mapsplugin — googlemaps Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!. 2017-08-29 5.0 CVE-2013-7431
MISC
CONFIRM
MLIST
mapsplugin — googlemaps The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. 2017-08-29 5.0 CVE-2013-7432
MISC
CONFIRM
MLIST
mapsplugin — googlemaps Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!. 2017-08-29 4.3 CVE-2013-7433
MISC
CONFIRM
MLIST
modx — modx_revolution Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. 2017-08-29 4.3 CVE-2015-6588
MISC
mpg123 — mpg123 Buffer overflow in mpg123 before 1.18.0. 2017-08-29 5.0 CVE-2014-9497
MLIST
GENTOO
MISC
nippon-antenna — scr02hd_firmware “Dokodemo eye Smart HD” SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. 2017-08-28 6.4 CVE-2017-10833
MISC
JVN
nippon-antenna — scr02hd_firmware Directory traversal vulnerability in “Dokodemo eye Smart HD” SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. 2017-08-28 4.0 CVE-2017-10834
MISC
JVN
nippon-antenna — scr02hd_firmware “Dokodemo eye Smart HD” SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. 2017-08-28 6.5 CVE-2017-10835
MISC
JVN
onosproject — onos ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. 2017-08-29 4.3 CVE-2017-13762
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
onosproject — onos ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. 2017-08-29 5.0 CVE-2017-13763
CONFIRM
CONFIRM
openjpeg — openjpeg Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. 2017-08-30 4.3 CVE-2016-10504
BID
CONFIRM
CONFIRM
openjpeg — openjpeg NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. 2017-08-30 4.3 CVE-2016-10505
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openjpeg — openjpeg Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. 2017-08-30 4.3 CVE-2016-10506
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openjpeg — openjpeg Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. 2017-08-30 4.3 CVE-2016-10507
BID
CONFIRM
CONFIRM
openjpeg — openjpeg A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. 2017-08-30 6.8 CVE-2017-14039
BID
MISC
MISC
MISC
openjpeg — openjpeg An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. 2017-08-30 6.8 CVE-2017-14040
BID
MISC
MISC
MISC
openjpeg — openjpeg A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. 2017-08-30 6.8 CVE-2017-14041
BID
MISC
MISC
MISC
osisoft — pi_data_archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. 2017-08-25 5.8 CVE-2017-7930
BID
MISC
osisoft — pi_data_archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. 2017-08-25 4.3 CVE-2017-7934
BID
MISC
osisoft — pi_web_api A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. 2017-08-25 6.8 CVE-2017-7926
BID
MISC
phpmybackuppro — phpmybackuppro Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. 2017-08-25 5.0 CVE-2015-4180
MLIST
phpmybackuppro — phpmybackuppro Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. 2017-08-25 5.0 CVE-2015-4181
MLIST
redhat — satellite Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. 2017-08-28 4.3 CVE-2014-0141
CONFIRM
riverbed — opnet_app_response_xpert Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. 2017-08-26 6.8 CVE-2017-7693
MISC
saltstack — salt Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. 2017-08-25 5.0 CVE-2015-4017
MLIST
CONFIRM
CONFIRM
CONFIRM
seopanel — seo_panel Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-08-28 4.3 CVE-2017-10838
JVN
seopanel — seo_panel SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2017-08-28 6.5 CVE-2017-10839
JVN
smartcms — smartcms Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. 2017-08-28 4.3 CVE-2014-9557
MISC
FULLDISC
spidercontrol — scada_web_server A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. 2017-08-25 5.0 CVE-2017-12694
BID
MISC
sqlite — sqlite The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. 2017-08-29 4.3 CVE-2017-13685
MISC
BID
synology — diskstation_manager Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. 2017-08-28 4.0 CVE-2017-12076
CONFIRM
synology — router_manager Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. 2017-08-28 4.0 CVE-2017-12077
CONFIRM
unshield_project — unshield Directory traversal vulnerability in unshield 1.0-1. 2017-08-28 5.0 CVE-2015-1386
MLIST
CONFIRM
vbulletin — vbulletin Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. 2017-08-28 4.3 CVE-2014-9469
MISC
FULLDISC
BID
w1.fi — wpa_supplicant wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. 2017-08-28 4.3 CVE-2015-0210
CONFIRM
CONFIRM
web-dorado — photo_gallery Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. 2017-08-28 6.5 CVE-2014-9312
MISC
MISC
BID
webcalendar_project — webcalendar Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-08-28 4.3 CVE-2017-10840
MISC
JVN
webcalendar_project — webcalendar Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. 2017-08-28 4.0 CVE-2017-10841
MISC
JVN
westermo — mrd-315-din_firmware A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. 2017-08-25 5.0 CVE-2016-5816
MISC
westermo — mrd-315-din_firmware A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. 2017-08-25 6.8 CVE-2017-12703
BID
MISC
wireshark — wireshark In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. 2017-08-30 5.0 CVE-2017-13764
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. 2017-08-30 5.0 CVE-2017-13765
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. 2017-08-30 5.0 CVE-2017-13766
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zend — diactoros Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. 2017-08-25 4.3 CVE-2015-3257
BID
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
blackcat-cms — blackcat_cms In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. 2017-08-31 3.5 CVE-2017-14049
MISC
cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via “Rich text” function of the application “Space”. 2017-08-28 3.5 CVE-2017-2255
JVN
CONFIRM
cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via “Rich text” function of the application “Memo”. 2017-08-28 3.5 CVE-2017-2256
JVN
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. 2017-08-29 3.5 CVE-2017-1485
CONFIRM
MISC
ibm — cognos_analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677. 2017-08-29 3.5 CVE-2017-1535
CONFIRM
MISC
ibm — curam_social_program_management IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761. 2017-08-28 3.5 CVE-2016-9732
CONFIRM
MISC
ibm — emptoris_services_procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106. 2017-08-30 2.1 CVE-2017-1441
CONFIRM
BID
MISC
ibm — sametime IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848. 2017-08-29 3.5 CVE-2016-2967
CONFIRM
BID
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. 2017-08-29 2.1 CVE-2016-2972
CONFIRM
SECTRACK
MISC
ibm — sametime IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934. 2017-08-29 2.1 CVE-2016-2974
CONFIRM
BID
MISC
ibm — sametime IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935. 2017-08-29 3.5 CVE-2016-2975
CONFIRM
BID
MISC
ibm — sametime IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938. 2017-08-29 2.1 CVE-2016-2978
CONFIRM
BID
MISC
ibm — sametime IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945. 2017-08-29 3.5 CVE-2016-2979
CONFIRM
SECTRACK
MISC
linx — linux_kernel The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 2.1 CVE-2017-13694
BID
MISC
MISC
linx — linux_kernel The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 2.1 CVE-2017-13695
BID
MISC
MISC
sleuthkit — the_sleuth_kit In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. 2017-08-29 2.1 CVE-2017-13755
MISC
sleuthkit — the_sleuth_kit In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. 2017-08-29 2.1 CVE-2017-13756
MISC
sleuthkit — the_sleuth_kit In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. 2017-08-29 2.1 CVE-2017-13760
MISC
westermo — mrd-315-din_firmware A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. 2017-08-25 2.1 CVE-2017-12709
BID
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
389_administration_server — 389_administration_server
 
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. 2017-08-28 not yet calculated CVE-2015-0233
FEDORA
CONFIRM
advantech — webaccess
 
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. 2017-08-30 not yet calculated CVE-2017-12708
BID
MISC
advantech — webaccess
 
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. 2017-08-30 not yet calculated CVE-2017-12706
BID
MISC
advantech — webaccess
 
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. 2017-08-30 not yet calculated CVE-2017-12710
BID
MISC
advantech — webaccess
 
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. 2017-08-30 not yet calculated CVE-2017-12711
BID
MISC
advantech — webaccess
 
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. 2017-08-30 not yet calculated CVE-2017-12713
BID
MISC
advantech — webaccess
 
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. 2017-08-30 not yet calculated CVE-2017-12702
BID
MISC
advantech — webaccess
 
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. 2017-08-30 not yet calculated CVE-2017-12717
BID
MISC
advantech — webaccess
 
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. 2017-08-30 not yet calculated CVE-2017-12698
BID
MISC
apache — hadoop
 
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. 2017-08-30 not yet calculated CVE-2016-5001
MLIST
BID
apache — ofbiz
 
The default configuration of the OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01. 2017-08-30 not yet calculated CVE-2016-6800
MLIST
apache — ofbiz
 
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01 2017-08-30 not yet calculated CVE-2016-4462
MLIST
apache — solr
 
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. 2017-08-30 not yet calculated CVE-2017-3163
MLIST
apache — struts
 
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. 2017-08-29 not yet calculated CVE-2015-5209
BID
SECTRACK
CONFIRM

arm_mbed_tls — arm_mbed_tls

 

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. 2017-08-30 not yet calculated CVE-2017-14032
CONFIRM
CONFIRM
CONFIRM
CONFIRM
asterisk — asterisk
 
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an “externnotify” program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. 2017-09-02 not yet calculated CVE-2017-14100
CONFIRM
SECTRACK
CONFIRM
CONFIRM
asterisk — asterisk
 
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The “strictrtp” option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The “nat” and “rtp_symmetric” options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. 2017-09-02 not yet calculated CVE-2017-14099
CONFIRM
SECTRACK
CONFIRM
CONFIRM
MISC
asterisk — asterisk
 
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. 2017-09-02 not yet calculated CVE-2017-14098
CONFIRM
SECTRACK
CONFIRM
CONFIRM
async-http-client — async-http-client
 
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a ‘?’ character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL. 2017-08-31 not yet calculated CVE-2017-14063
MISC
MISC

atutor — atutor

 

Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. 2017-08-31 not yet calculated CVE-2015-7711
MISC
MISC
FULLDISC
BUGTRAQ
automated_logic_corporation — liebert_sitescan_web
 
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. 2017-08-31 not yet calculated CVE-2016-5795
BID
MISC

avm — fritz!box

 

Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. 2017-08-28 not yet calculated CVE-2014-8872
MISC
FULLDISC
BUGTRAQ
bash — bash
 
The expansion of ‘\h’ in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in ‘hostname’ of a machine. 2017-08-28 not yet calculated CVE-2016-0634
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
BID
CONFIRM
GENTOO
bitdefender — total_security
 
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776. 2017-08-29 not yet calculated CVE-2017-10950
BID
MISC
cit-e-net — cit-e-access
 
Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. 2017-08-28 not yet calculated CVE-2014-8753
MISC
FULLDISC
BID

cloud_foundry — gorouter

 

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. 2017-08-31 not yet calculated CVE-2016-0713
CONFIRM
MLIST
connman — connman
 
Stack-based buffer overflow in “dnsproxy.c” in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the “name” variable. 2017-08-29 not yet calculated CVE-2017-12865
DEBIAN
BID
MISC
CONFIRM
corel — multiple_products
 
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. 2017-08-28 not yet calculated CVE-2014-8393
MISC
FULLDISC
SECUNIA
MISC
BUGTRAQ
BID
SECTRACK
d-link — d-link
 
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session’s cookie to username=admin. 2017-08-25 not yet calculated CVE-2014-7857
MISC
FULLDISC
CONFIRM
BUGTRAQ
BID
deslock+ — deslock+
 
A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the kernel driver failing to allocate sufficient memory on the kernel heap to contain a user supplied string as such the string is copied into a buffer of constant size (0x1000-bytes) and thus an overflow condition results. Access to the kernel driver is permitted through an obfuscated interface whereby bytes of user supplied message are “authenticated” via an obfuscation routine employing a linear equation. 2017-08-28 not yet calculated CVE-2017-12840
MISC
elantech — touchpad_driver
 
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. 2017-08-28 not yet calculated CVE-2017-3757
CONFIRM
es_file_explorer — es_file_explorer
 
Directory traversal vulnerability in ES File Explorer 3.2.4.1. 2017-08-28 not yet calculated CVE-2015-1876
MISC
eyesofnetwork — web_interface The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. 2017-08-30 not yet calculated CVE-2017-13780
MISC
ffmpeg — ffmpeg
 
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large “len” field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. 2017-08-31 not yet calculated CVE-2017-14054
CONFIRM
ffmpeg — ffmpeg
 
The ‘vp3_decode_frame’ function in FFmpeg 1.1.4 moves threads check out of header packet type check. 2017-08-28 not yet calculated CVE-2013-0870
CONFIRM
MLIST
CONFIRM
ffmpeg — ffmpeg
 
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large “nb_frames” field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-08-31 not yet calculated CVE-2017-14055
CONFIRM
ffmpeg — ffmpeg
 
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large “frame_count” field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. 2017-08-31 not yet calculated CVE-2017-14056
CONFIRM
ffmpeg — ffmpeg
 
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large “duration” field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-08-31 not yet calculated CVE-2017-14059
CONFIRM
ffmpeg — ffmpeg
 
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large “name_len” or “count” field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. 2017-08-31 not yet calculated CVE-2017-14057
CONFIRM
ffmpeg — ffmpeg
 
In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). 2017-08-31 not yet calculated CVE-2017-14058
CONFIRM
fli4l — fli4l
 
The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. 2017-08-28 not yet calculated CVE-2015-1443
MLIST
CONFIRM
MLIST
fli4l — fli4l
 
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. 2017-08-28 not yet calculated CVE-2015-1445
MLIST
CONFIRM
MLIST
flightgear — flightgear
 
In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. 2017-08-27 not yet calculated CVE-2017-13709
CONFIRM
CONFIRM
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724. 2017-08-29 not yet calculated CVE-2017-10951
BID
SECTRACK
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4518. 2017-08-29 not yet calculated CVE-2017-10952
BID
SECTRACK
MISC
MISC
freeipa — freeipa
 
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. 2017-08-28 not yet calculated CVE-2016-7030
MLIST
BID
CONFIRM
CONFIRM

fuji_xerox — multiple_products

Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 not yet calculated CVE-2017-10848
CONFIRM
JVN
fuji_xerox — multiple_products
 
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 not yet calculated CVE-2017-10850
CONFIRM
JVN
fuji_xerox — multiple_products
 
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 not yet calculated CVE-2017-10851
CONFIRM
JVN
fuji_xerox — multiple_products
 
Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 not yet calculated CVE-2017-10849
CONFIRM
JVN
ge_multilink — ge_multilink
 
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. 2017-08-28 not yet calculated CVE-2015-3976
MISC
graphicsmagick — graphicsmagick
 
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. 2017-09-01 not yet calculated CVE-2017-14103
MISC
MISC
ha — ha
 
Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. 2017-08-28 not yet calculated CVE-2015-1198
MLIST
BID
heimdal — heimdal
 
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. 2017-08-28 not yet calculated CVE-2017-6594
SUSE
CONFIRM
CONFIRM
CONFIRM
hikvision — ivms-4200_devices
 
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. 2017-08-30 not yet calculated CVE-2017-13774
MISC
hivemanager_classic — hivemanager_classic
 
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker – even restricted as a tenant – can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface). 2017-09-01 not yet calculated CVE-2017-14105
MISC

huawei  — vcn500

 

SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. 2017-08-29 not yet calculated CVE-2015-8334
CONFIRM

huawei  — video_content_management

 

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly “authenticate online user identities and privileges,” which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka “Horizontal Privilege Escalation Vulnerability.” 2017-08-28 not yet calculated CVE-2015-8332
CONFIRM
hybris — commerce_software_suite
 
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. 2017-08-28 not yet calculated CVE-2014-8871
MISC
FULLDISC
BUGTRAQ
BID

ibm — business_process_manager

 

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. 2017-08-28 not yet calculated CVE-2015-0101
CONFIRM
BID
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5 – 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110. 2017-08-31 not yet calculated CVE-2017-1444
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5 – 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. 2017-08-31 not yet calculated CVE-2017-1450
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5 – 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174. 2017-08-31 not yet calculated CVE-2017-1449
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5 – 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172. 2017-08-31 not yet calculated CVE-2017-1447
CONFIRM
MISC
ibm — emptoris_spend_analysis
 
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171. 2017-08-30 not yet calculated CVE-2017-1446
CONFIRM
BID
MISC
ibm — emptoris_spend_analysis
 
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170. 2017-08-30 not yet calculated CVE-2017-1445
CONFIRM
BID
MISC

ibm — i_access_for_windows

Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. 2017-08-28 not yet calculated CVE-2015-0114
CONFIRM
BID
ibm — j9_vm_class_verifier
 
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873. 2017-08-28 not yet calculated CVE-2017-1376
CONFIRM
MISC
ibm — sametime
 
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. 2017-08-29 not yet calculated CVE-2016-2971
CONFIRM
SECTRACK
MISC
ibm — sametime
 
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. 2017-08-28 not yet calculated CVE-2016-2970
CONFIRM
BID
SECTRACK
MISC
ibm — sametime
 
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899. 2017-08-29 not yet calculated CVE-2016-2973
CONFIRM
SECTRACK
MISC
ibm — security_access_manager
 
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. 2017-08-28 not yet calculated CVE-2017-1489
CONFIRM
SECTRACK
MISC
icewarp — icewarp_server
 
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the “language” parameter. 2017-08-31 not yet calculated CVE-2017-7855
MISC

imagemagick — imagemagick

The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. 2017-09-01 not yet calculated CVE-2017-12693
CONFIRM
imagemagick — imagemagick
 
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. 2017-08-31 not yet calculated CVE-2017-14060
CONFIRM

imagemagick — imagemagick

 

The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-09-01 not yet calculated CVE-2017-12691
CONFIRM

imagemagick — imagemagick

 

The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. 2017-09-01 not yet calculated CVE-2017-12692
CONFIRM
kgb-bot — kgb-bot
 
kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). 2017-08-28 not yet calculated CVE-2015-1554
MLIST
CONFIRM

knx_ets — knx_ets

 

Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. 2017-08-29 not yet calculated CVE-2015-8299
MISC
kohana — kohana
 
Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php. 2017-08-31 not yet calculated CVE-2016-10510
CONFIRM
CONFIRM
libgcrypt — libgcrypt
 
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. 2017-08-29 not yet calculated CVE-2017-0379
BID
MISC
MISC
MISC
MISC
MISC
MISC
libidn2 — libidn2
 
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. 2017-08-31 not yet calculated CVE-2017-14062
CONFIRM
CONFIRM
libidn2 — libidn2
 
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. 2017-08-31 not yet calculated CVE-2017-14061
CONFIRM
CONFIRM
libzip — libzip
 
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. 2017-09-01 not yet calculated CVE-2017-14107
MISC
MISC
linux — linux_kernel
 
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. 2017-09-01 not yet calculated CVE-2017-14106
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. 2017-08-28 not yet calculated CVE-2017-13715
CONFIRM
CONFIRM
BID
CONFIRM
manageengine — multiple_products
 
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code. 2017-08-28 not yet calculated CVE-2014-5302
MISC
FULLDISC
FULLDISC
SECUNIA
SECUNIA
BUGTRAQ
XF
manageengine — multiple_products
 
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. 2017-08-28 not yet calculated CVE-2014-5301
MISC
MISC
FULLDISC
SECUNIA
BUGTRAQ
XF
EXPLOIT-DB
mcafee — live_safe
 
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. 2017-09-01 not yet calculated CVE-2017-3898
CONFIRM
mcafee — live_safe
 
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. 2017-09-01 not yet calculated CVE-2017-3897
CONFIRM
BID
mimedefang — mimedefang
 
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command, as demonstrated by the init-script.in and mimedefang-init.in scripts. 2017-09-01 not yet calculated CVE-2017-14102
MISC
MISC
mpg123 — mpg123
 
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. 2017-08-29 not yet calculated CVE-2017-12797
CONFIRM
CONFIRM
multiple_vendors —

home_routers_and_ip_cameras_and_voip_phones_and_others

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. 2017-08-29 not yet calculated CVE-2015-7255
CERT-VN
MISC
MISC

netapp — clustered_data_ontap

 

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. 2017-09-01 not yet calculated CVE-2017-12423
CONFIRM

netapp — clustered_data_ontap

 

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. 2017-09-01 not yet calculated CVE-2017-12421
CONFIRM
netapp — data_ontap
 
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. 2017-09-01 not yet calculated CVE-2016-1895
CONFIRM

netapp — data_ontap

 

NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. 2017-09-01 not yet calculated CVE-2015-7746
CONFIRM
netapp — oncommand_unified_manager_for_clustered_data_ontap
 
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. 2017-09-01 not yet calculated CVE-2017-14053
CONFIRM

netapp — storagegrid_webscale

 

NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. 2017-08-29 not yet calculated CVE-2017-12422
BID
CONFIRM
netatmo — netatmo_indoor_module
 
Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. 2017-08-28 not yet calculated CVE-2015-1600
MISC
BUGTRAQ
BID
MISC
nexusphp — nexusphp
 
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. 2017-08-31 not yet calculated CVE-2017-14069
MISC
nexusphp — nexusphp
 
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. 2017-08-31 not yet calculated CVE-2017-14070
MISC
nexusphp — nexusphp
 
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. 2017-08-31 not yet calculated CVE-2017-14076
MISC
nippon_telegraph_and_telephone — remote_support_tool
 
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 not yet calculated CVE-2017-10829
CONFIRM
MISC
JVN
nomachine — nomachine
 
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. 2017-08-29 not yet calculated CVE-2017-12763
CONFIRM
CONFIRM

opc_foundation — opc_ua_.net_sample_code

 

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. 2017-08-30 not yet calculated CVE-2017-12069
BID
CONFIRM
CONFIRM
opencart — opencart
 
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php. 2017-08-31 not yet calculated CVE-2016-10509
CONFIRM
CONFIRM
openssl — openssl
 
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. 2017-08-28 not yet calculated CVE-2017-3735
BID
CONFIRM
openstack — designate
 
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set. 2017-08-31 not yet calculated CVE-2015-5695
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
osnexus — quantastor_v4_virtual_appliance
 
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don’t exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames. 2017-08-28 not yet calculated CVE-2017-9978
MISC
FULLDISC
MISC
EXPLOIT-DB
osnexus — quantastor_v4_virtual_appliance
 
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn’t sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS. 2017-08-28 not yet calculated CVE-2017-9979
MISC
FULLDISC
MISC
EXPLOIT-DB
phpfilemanager — phpfilemanager
 
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. 2017-08-31 not yet calculated CVE-2015-5958
MISC

phpthumb() — phpthumb()

 

Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. 2017-08-31 not yet calculated CVE-2016-10508
CONFIRM
pki-core — pki-core
 
Multiple temporary file creation vulnerabilities in pki-core 10.2.0. 2017-08-28 not yet calculated CVE-2015-0234
CONFIRM
MISC
pngcrush — pngcrush
 
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. 2017-08-31 not yet calculated CVE-2015-7700
CONFIRM
CONFIRM

polycom — btoe_connector

 

Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for “Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe,” which allows local users to gain privileges via a Trojan horse file. 2017-08-28 not yet calculated CVE-2015-8300
MISC
FULLDISC
ppmd — ppmd
 
Directory traversal vulnerability in ppmd 10.1-5. 2017-08-28 not yet calculated CVE-2015-1199
MLIST
pulse_secure — pulse_connect_secure
 
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. 2017-08-29 not yet calculated CVE-2017-11455
BID
SECTRACK
CONFIRM
qpdf — qpdf
 
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc. 2017-08-27 not yet calculated CVE-2017-12595
CONFIRM
CONFIRM

question2answer — question2answer

 

qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. 2017-08-29 not yet calculated CVE-2017-12775
CONFIRM
CONFIRM
quick_emulator — quick_emulator
 
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. 2017-09-01 not yet calculated CVE-2017-13672
MLIST
BID
CONFIRM
MLIST
quick_emulator — quick_emulator
 
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. 2017-09-01 not yet calculated CVE-2017-13711
MLIST
BID
CONFIRM
MLIST
quick_emulator — quick_emulator
 
The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the “cpu_physical_memory_snapshot_get_dirty” function. 2017-08-29 not yet calculated CVE-2017-13673
BID
CONFIRM
quick_emulator — quick_emulator
 
Buffer overflow in the “megasas_mmio_write” function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. 2017-08-28 not yet calculated CVE-2017-8380
BID
CONFIRM
GENTOO
red_hat — satellite_5
 
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. 2017-08-28 not yet calculated CVE-2014-8163
CONFIRM
CONFIRM
red_hat — satellite_6
 
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. 2017-08-28 not yet calculated CVE-2014-8168
CONFIRM

replibit — backup_manager

 

Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd. 2017-08-27 not yet calculated CVE-2017-13707
MISC

rtpproxy — rtpproxy

 

RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets. 2017-09-02 not yet calculated CVE-2017-14114
MISC
ruby — ruby
 
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a ‘\0’ byte, returning a pointer to a string of length zero, which is not the length stored in space_len. 2017-08-31 not yet calculated CVE-2017-14064
MISC
MISC
MISC
rubygems — rubygems
 
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. 2017-08-31 not yet calculated CVE-2017-0901
MISC
BID
SECTRACK
MISC
MISC
rubygems — rubygems
 
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. 2017-08-31 not yet calculated CVE-2017-0902
MISC
SECTRACK
MISC
MISC
rubygems — rubygems
 
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. 2017-08-31 not yet calculated CVE-2017-0900
MISC
BID
SECTRACK
MISC
MISC
rubygems — rubygems
 
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. 2017-08-31 not yet calculated CVE-2017-0899
MISC
BID
SECTRACK
MISC
MISC
MISC
siemens — 7km_pac_switched_ethernet_profinet_expansion_module
 
In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover. 2017-08-30 not yet calculated CVE-2017-9945
BID
CONFIRM
siemens — logo!_devices
 
A vulnerability has been identified in Siemens LOGO! devices. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. 2017-08-30 not yet calculated CVE-2017-12735
BID
CONFIRM
siemens — logo!_devices
 
A vulnerability has been identified in Siemens LOGO! devices before V1.81.2. An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks. 2017-08-30 not yet calculated CVE-2017-12734
BID
CONFIRM
simplesamlphp — simplesamlphp
 
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. 2017-09-01 not yet calculated CVE-2017-12873
CONFIRM
CONFIRM
simplesamlphp — simplesamlphp
 
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. 2017-09-01 not yet calculated CVE-2017-12874
CONFIRM
simplesamlphp — simplesamlphp
 
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. 2017-09-01 not yet calculated CVE-2017-12869
CONFIRM
simplesamlphp — simplesamlphp
 
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). 2017-09-01 not yet calculated CVE-2017-12871
CONFIRM
CONFIRM
simplesamlphp — simplesamlphp
 
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. 2017-09-01 not yet calculated CVE-2017-12868
CONFIRM
CONFIRM
simplesamlphp — simplesamlphp
 
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. 2017-08-29 not yet calculated CVE-2017-12867
CONFIRM
simplesamlphp — simplesamlphp
 
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. 2017-09-01 not yet calculated CVE-2017-12870
CONFIRM
simplesamlphp — simplesamlphp
 
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. 2017-09-01 not yet calculated CVE-2017-12872
CONFIRM
soplanning — soplanning
 
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner’s password via a brute-force attack on the embedded password hash. 2017-08-31 not yet calculated CVE-2014-8675
MISC
FULLDISC
BID
EXPLOIT-DB
soplanning — soplanning
 
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter. 2017-08-31 not yet calculated CVE-2014-8676
MISC
FULLDISC
BID
EXPLOIT-DB
soplanning — soplanning
 
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. 2017-08-31 not yet calculated CVE-2014-8677
MISC
FULLDISC
BID
EXPLOIT-DB
symantec — proxyclient_3.4_for_windows
 
Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. 2017-09-01 not yet calculated CVE-2017-13674
CONFIRM

synology — cloud_station_backup

 

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. 2017-08-30 not yet calculated CVE-2017-11157
CONFIRM

synology — cloud_station_drive

 

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. 2017-08-31 not yet calculated CVE-2017-11158
CONFIRM
texlive — mktexlsr
 
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. 2017-08-25 not yet calculated CVE-2015-5700
MLIST
MISC
CONFIRM
CONFIRM
CONFIRM
thinkpad — usb_3.0_ethernet_adapter_driver
 
ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. 2017-08-28 not yet calculated CVE-2017-3746
BID
CONFIRM
typo3 — typo3
 
Improper Authentication vulnerability in the “LDAP / SSO Authentication” (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. 2017-08-28 not yet calculated CVE-2015-1401
MLIST
MLIST
BID
vx_search — vx_search_enterprise
 
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. 2017-08-31 not yet calculated CVE-2017-13708
MISC
wordpress — backupguard
 
Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-08-28 not yet calculated CVE-2017-10837
JVN
MISC
wordpress — double_opt-in_for_download
 
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. 2017-08-29 not yet calculated CVE-2015-7517
MISC
BID
MISC
MISC
xbindkeys-config — xbindkeys-config
 
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. 2017-08-28 not yet calculated CVE-2014-9513
MLIST
BID
XF
zte_datacard_mf19 — zte_datacard_mf19
 
Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the ‘Ucell Internet’ directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll. 2017-08-28 not yet calculated CVE-2015-0974
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Potential Hurricane Harvey Phishing Scams

Original release date: August 28, 2017

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

 


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-240: Vulnerability Summary for the Week of August 21, 2017

Original release date: August 28, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache2triad — apache2triad Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. 2017-08-23 7.5 CVE-2017-12965
MISC
MISC
BID
aptus — styra_porttelefonkort_4400_firmware Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. 2017-08-18 10.0 CVE-2017-7278
CONFIRM
buffalo — wcr-1166ds_firmware Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. 2017-08-18 7.7 CVE-2017-10811
CONFIRM
JVN
enecho.meti — shin_kikan_toukei_houkoku_data_nyuryokuyou_program Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10821
JVN
enecho.meti — shin_kinkyuji_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10823
JVN
enecho.meti — shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10822
JVN
enecho.meti — teikihoukokusho_sakuseishien_tool Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-2228
JVN
formcraft-wp — formcraft The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. 2017-08-23 7.5 CVE-2017-13137
MISC
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. 2017-08-18 10.0 CVE-2014-9411
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. 2017-08-18 10.0 CVE-2014-9968
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. 2017-08-18 10.0 CVE-2014-9969
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. 2017-08-18 10.0 CVE-2014-9971
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. 2017-08-18 10.0 CVE-2014-9972
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. 2017-08-18 10.0 CVE-2014-9973
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. 2017-08-18 10.0 CVE-2014-9974
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. 2017-08-18 10.0 CVE-2014-9975
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 CVE-2014-9976
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. 2017-08-18 10.0 CVE-2014-9977
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. 2017-08-18 10.0 CVE-2014-9978
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. 2017-08-18 10.0 CVE-2014-9979
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 CVE-2014-9980
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. 2017-08-18 10.0 CVE-2014-9981
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. 2017-08-18 10.0 CVE-2015-0574
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. 2017-08-18 10.0 CVE-2015-0575
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. 2017-08-18 7.6 CVE-2015-0576
MISC.
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. 2017-08-18 10.0 CVE-2015-8592
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 CVE-2015-8593
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. 2017-08-18 10.0 CVE-2015-8594
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. 2017-08-18 10.0 CVE-2015-8595
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. 2017-08-18 10.0 CVE-2015-8596
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. 2017-08-18 10.0 CVE-2015-9034
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. 2017-08-18 10.0 CVE-2015-9035
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. 2017-08-18 10.0 CVE-2015-9036
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. 2017-08-18 10.0 CVE-2015-9037
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. 2017-08-18 10.0 CVE-2015-9038
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. 2017-08-18 10.0 CVE-2015-9039
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. 2017-08-18 10.0 CVE-2015-9040
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. 2017-08-18 10.0 CVE-2015-9041
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. 2017-08-18 10.0 CVE-2015-9042
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. 2017-08-18 10.0 CVE-2015-9043
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 CVE-2015-9044
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. 2017-08-18 10.0 CVE-2015-9045
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 CVE-2015-9046
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. 2017-08-18 10.0 CVE-2015-9047
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. 2017-08-18 10.0 CVE-2015-9048
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 CVE-2015-9049
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. 2017-08-18 10.0 CVE-2015-9050
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. 2017-08-18 10.0 CVE-2015-9051
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. 2017-08-18 10.0 CVE-2015-9052
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 CVE-2015-9053
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. 2017-08-18 10.0 CVE-2015-9054
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. 2017-08-18 10.0 CVE-2015-9055
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. 2017-08-18 10.0 CVE-2015-9060
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 CVE-2015-9061
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. 2017-08-18 10.0 CVE-2015-9062
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. 2017-08-18 10.0 CVE-2015-9063
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. 2017-08-18 10.0 CVE-2015-9064
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. 2017-08-18 10.0 CVE-2015-9065
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. 2017-08-18 10.0 CVE-2015-9066
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. 2017-08-18 10.0 CVE-2015-9067
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. 2017-08-18 10.0 CVE-2015-9068
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. 2017-08-18 10.0 CVE-2015-9069
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9070
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9071
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9072
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9073
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. 2017-08-18 10.0 CVE-2016-10343
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. 2017-08-18 10.0 CVE-2016-10344
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. 2017-08-18 10.0 CVE-2016-10346
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. 2017-08-18 10.0 CVE-2016-10347
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 CVE-2016-10380
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 CVE-2016-10381
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. 2017-08-18 10.0 CVE-2016-10382
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. 2017-08-18 9.3 CVE-2016-10383
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. 2017-08-18 10.0 CVE-2016-10384
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. 2017-08-18 10.0 CVE-2016-10385
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. 2017-08-18 10.0 CVE-2016-10386
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. 2017-08-18 10.0 CVE-2016-10387
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. 2017-08-18 10.0 CVE-2016-10388
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. 2017-08-18 9.3 CVE-2016-10389
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. 2017-08-18 10.0 CVE-2016-10390
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. 2017-08-18 10.0 CVE-2016-10391
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. 2017-08-18 10.0 CVE-2016-10392
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. 2017-08-18 10.0 CVE-2016-5871
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. 2017-08-18 10.0 CVE-2016-5872
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701. 2017-08-23 9.3 CVE-2017-0805
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. 2017-08-18 10.0 CVE-2017-7364
SECTRACK
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. 2017-08-18 9.3 CVE-2017-8253
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. 2017-08-18 9.3 CVE-2017-8255
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. 2017-08-18 7.6 CVE-2017-8262
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. 2017-08-18 9.3 CVE-2017-8263
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. 2017-08-18 7.6 CVE-2017-8267
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. 2017-08-18 9.3 CVE-2017-8268
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). 2017-08-18 9.3 CVE-2017-9678
BID
CONFIRM
MISC.
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. 2017-08-18 7.6 CVE-2017-9684
BID
CONFIRM
MISC.
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. 2017-08-18 9.3 CVE-2017-9685
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. 2017-08-22 7.1 CVE-2017-13133
BID
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. 2017-08-23 7.5 CVE-2017-13139
CONFIRM
CONFIRM
kddi — qua_station_firmware Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-2289
JVN
libsass — libsass There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. 2017-08-18 7.8 CVE-2017-12964
MISC
linux — linux_kernel The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 CVE-2017-10662
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 CVE-2017-10663
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
nexusphp — nexusphp NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. 2017-08-21 7.5 CVE-2017-12981
MISC
nexusphp_project — nexusphp SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. 2017-08-18 7.5 CVE-2017-12776
MISC
nih — libzip Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. 2017-08-23 7.5 CVE-2017-12858
BID
CONFIRM
qnap — ts-212p_firmware Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. 2017-08-18 7.5 CVE-2017-12582
MISC
rarlab — unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. 2017-08-18 7.5 CVE-2017-12940
MISC
rarlab — unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. 2017-08-18 7.5 CVE-2017-12941
MISC
rarlab — unrar libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. 2017-08-18 7.5 CVE-2017-12942
MISC
teikoku_databank — type_a Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10824
JVN
wago — wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. 2017-08-22 10.0 CVE-2015-6473
MISC
FULLDISC
BID
x.org — libxfont A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. 2017-08-18 7.5 CVE-2007-5199
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
altools — alzip Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of “AUX” as the initial substring of a filename. 2017-08-19 6.8 CVE-2017-11323
MISC
MISC
apache2triad — apache2triad Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. 2017-08-23 6.8 CVE-2017-12970
MISC
MISC
BID
apache2triad — apache2triad Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. 2017-08-23 4.3 CVE-2017-12971
MISC
MISC
BID
asn1c_project — asn1c The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. 2017-08-20 4.3 CVE-2017-12966
MISC
asus — dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. 2017-08-18 6.5 CVE-2017-12592
MISC
asus — dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. 2017-08-18 6.8 CVE-2017-12593
MISC
attic_project — attic attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to “unencrypted / without key file”. 2017-08-18 4.0 CVE-2015-4082
MLIST
BID
CONFIRM
CONFIRM
broken_link_checker_project — broken_link_checker Cross-site scripting (XSS) vulnerability exists in the WordPress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. 2017-08-18 4.3 CVE-2015-5057
MLIST
BID
MISC
ccfile — cc_file_transfer In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many ‘|’ characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787. 2017-08-21 5.0 CVE-2017-12784
MISC
cyrusimap — cyrus_imap Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. 2017-08-22 4.0 CVE-2017-12843
CONFIRM
CONFIRM
FEDORA
CONFIRM
d-link — dir-600_b1_firmware D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. 2017-08-18 5.0 CVE-2017-12943
MISC
django-cms — django_cms Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. 2017-08-18 6.8 CVE-2015-5081
MLIST
CONFIRM
CONFIRM
dokuwiki — dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. 2017-08-21 4.3 CVE-2017-12979
CONFIRM
dokuwiki — dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. 2017-08-21 4.3 CVE-2017-12980
CONFIRM
easymodal_project — easy_modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 CVE-2017-12946
MISC
MISC
easymodal_project — easy_modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 CVE-2017-12947
MISC
MISC
exiv2 — exiv2 There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. 2017-08-18 6.8 CVE-2017-12955
MISC
exiv2 — exiv2 There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. 2017-08-18 4.3 CVE-2017-12956
MISC
exiv2 — exiv2 There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. 2017-08-18 4.3 CVE-2017-12957
MISC
fedoraproject — fedora Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. 2017-08-22 6.8 CVE-2015-5258
FEDORA
CONFIRM
gnome — librest The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. 2017-08-18 5.0 CVE-2015-2675
REDHAT
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gnu — binutils The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. 2017-08-19 4.3 CVE-2017-12967
BID
CONFIRM
gnu — pspp There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12958
MISC
gnu — pspp There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack. 2017-08-18 5.0 CVE-2017-12959
MISC
gnu — pspp There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12960
MISC
gnu — pspp There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12961
MISC
google — android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. 2017-08-18 4.3 CVE-2017-0687
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. 2017-08-18 4.3 CVE-2017-8254
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. 2017-08-18 6.8 CVE-2017-8256
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. 2017-08-18 6.8 CVE-2017-8257
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. 2017-08-18 6.8 CVE-2017-8260
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. 2017-08-18 6.8 CVE-2017-8261
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. 2017-08-18 5.1 CVE-2017-8265
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. 2017-08-18 5.1 CVE-2017-8266
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. 2017-08-18 5.1 CVE-2017-8270
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. 2017-08-18 6.8 CVE-2017-8272
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. 2017-08-18 5.0 CVE-2017-9679
BID
CONFIRM
MISC.
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. 2017-08-18 5.0 CVE-2017-9680
BID
CONFIRM
MISC.
graphicsmagick — graphicsmagick The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. 2017-08-18 6.8 CVE-2017-12935
MISC
MISC
graphicsmagick — graphicsmagick The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. 2017-08-18 6.8 CVE-2017-12936
MISC
MISC
graphicsmagick — graphicsmagick The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. 2017-08-18 6.8 CVE-2017-12937
MISC
BID
MISC
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. 2017-08-22 4.3 CVE-2017-13063
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. 2017-08-22 4.3 CVE-2017-13064
CONFIRM
BID
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. 2017-08-22 4.3 CVE-2017-13065
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. 2017-08-22 4.3 CVE-2017-13066
BID
CONFIRM
graphicsmagick — graphicsmagick In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. 2017-08-23 6.8 CVE-2017-13147
CONFIRM
graphicsmagick — graphicsmagick In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. 2017-08-23 4.3 CVE-2017-13648
CONFIRM
ibm — security_network_protection_4100_firmware Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-22 4.3 CVE-2014-6189
CONFIRM
BID
ibm — websphere_application_server IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. 2017-08-18 4.3 CVE-2017-1501
CONFIRM
BID
SECTRACK
MISC
igniterealtime — openfire OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. 2017-08-18 5.0 CVE-2014-3451
MISC
MLIST
BUGTRAQ
BID
MISC
imagemagick — imagemagick Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. 2017-08-21 6.8 CVE-2017-12983
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13058
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. 2017-08-22 4.3 CVE-2017-13059
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13060
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. 2017-08-22 4.3 CVE-2017-13061
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. 2017-08-22 4.3 CVE-2017-13062
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. 2017-08-22 4.3 CVE-2017-13131
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the “dump uncompressed PseudoColor packets” step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. 2017-08-22 4.3 CVE-2017-13132
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13134
BID
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. 2017-08-23 4.3 CVE-2017-13140
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. 2017-08-23 4.3 CVE-2017-13141
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. 2017-08-23 4.3 CVE-2017-13142
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. 2017-08-23 5.0 CVE-2017-13143
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.7-10, there is a crash (rather than a “width or height exceeds limit” error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. 2017-08-23 4.3 CVE-2017-13144
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. 2017-08-23 4.3 CVE-2017-13145
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. 2017-08-23 6.8 CVE-2017-13146
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. 2017-08-24 4.3 CVE-2017-13658
CONFIRM
CONFIRM
CONFIRM
libsass — libsass There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. 2017-08-18 5.0 CVE-2017-12962
MISC
libsass — libsass There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor’s CVE-2017-11555 fix (available from GitHub after 2017-07-24). 2017-08-18 5.0 CVE-2017-12963
MISC
libtiff — libtiff The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. 2017-08-18 5.0 CVE-2017-12944
CONFIRM
netapp — clustered_data_ontap Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. 2017-08-18 6.5 CVE-2017-12420
BID
CONFIRM
netapp — data_ontap NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. 2017-08-18 4.3 CVE-2017-12859
BID
CONFIRM
nexusphp_project — nexusphp Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. 2017-08-18 4.3 CVE-2017-12680
MISC
BID
nongnu — icoutils Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. 2017-08-22 6.8 CVE-2017-5208
MLIST
BID
CONFIRM
open-uri-cached_project — open-uri-cached The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing “openuri-” followed by a crafted UID, and putting Ruby code in said directory once a meta file is created. 2017-08-18 4.6 CVE-2015-3649
MISC
MLIST
BID
MISC
MISC
MISC
paessler — prtg_network_monitor Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-18 4.3 CVE-2017-9816
CONFIRM
phpmywind — phpmywind PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. 2017-08-21 4.3 CVE-2017-12984
MISC
podlove — podlove_podcast_publisher lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. 2017-08-18 6.5 CVE-2017-12949
MISC
pressforward — pressforward Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. 2017-08-18 4.3 CVE-2017-12948
MISC
pulp_project — pulp Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. 2017-08-18 6.5 CVE-2015-5153
CONFIRM
qodeinteractive — bridge DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. 2017-08-23 4.3 CVE-2017-13138
MISC
MISC
MISC
razerone — synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. 2017-08-18 4.6 CVE-2017-11652
MISC
razerone — synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. 2017-08-18 4.6 CVE-2017-11653
MISC
resiprocate — resiprocate Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. 2017-08-18 5.0 CVE-2017-9454
CONFIRM
MLIST
spring_batch_admin_project — spring_batch_admin Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. 2017-08-18 6.8 CVE-2017-12881
MLIST
BID
strongswan — strongswan The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. 2017-08-18 5.0 CVE-2017-11185
BID
CONFIRM
tomaxcom — r60g_firmware ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. 2017-08-18 6.8 CVE-2017-12589
BID
MISC
wago — wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. 2017-08-22 5.0 CVE-2015-6472
MISC
FULLDISC
BID

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
asus — dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. 2017-08-18 3.5 CVE-2017-12591
MISC
cacti — cacti lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. 2017-08-21 3.5 CVE-2017-12978
SECTRACK
CONFIRM
CONFIRM
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. 2017-08-18 2.6 CVE-2017-9682
BID
CONFIRM
MISC.
ibm — rational_requirements_composer IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. 2017-08-18 3.5 CVE-2017-1338
CONFIRM
BID
MISC
qemu — qemu QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. 2017-08-23 2.1 CVE-2017-12809
MLIST
BID
MLIST
spring_batch_admin_project — spring_batch_admin Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. 2017-08-18 3.5 CVE-2017-12882
MLIST
BID

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accellion — file_transfer_appliance
 
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. 2017-08-22 not yet calculated CVE-2015-2857
MISC
MISC
MISC
EXPLOIT-DB
apache — pony_mail
 
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. 2017-08-22 not yet calculated CVE-2016-4460
CONFIRM
BID
atlassian — crucible
 
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. 2017-08-24 not yet calculated CVE-2017-9509
MISC
MISC
atlassian — crucible
 
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. 2017-08-24 not yet calculated CVE-2017-9507
MISC
MISC
atlassian — fisheye_and_crucible
 
The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. 2017-08-24 not yet calculated CVE-2017-9512
MISC
MISC
MISC
atlassian — fisheye_and_crucible
 
The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system. 2017-08-24 not yet calculated CVE-2017-9511
MISC
MISC
MISC
atlassian — fisheye_and_crucible
 
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. 2017-08-24 not yet calculated CVE-2017-9508
MISC
MISC
MISC
atlassian — fisheye
 
The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. 2017-08-24 not yet calculated CVE-2017-9510
MISC
MISC
atlassian — oauth_plugin
 
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). 2017-08-23 not yet calculated CVE-2017-9506
MISC
MISC
automated_logic_corporation — alc_webctrl
 
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. 2017-08-25 not yet calculated CVE-2017-9640
BID
MISC
automated_logic_corporation — alc_webctrl
 
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. 2017-08-25 not yet calculated CVE-2017-9650
BID
MISC
EXPLOIT-DB
automated_logic_corporation — alc_webctrl
 
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. 2017-08-25 not yet calculated CVE-2017-9644
BID
MISC
EXPLOIT-DB
bitrix — bitrix
 
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) “by” parameter to admin/orion.extfeedbackform_efbf_forms.php. 2017-08-24 not yet calculated CVE-2015-8355
BUGTRAQ